Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumonde / Random Popups. Please Help!


  • This topic is locked This topic is locked
20 replies to this topic

#1 mcap

mcap

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 28 September 2008 - 02:11 PM

Discovered Virtumonde while doing my weekly spybot scans. Spybot claimed it was successfully removed and suggested to run scan at boot-up. Virtumonde discovered again and removed again but still infected.

Also, ever since infected was discovered normal startup and shutdown are very slow.

UPDATE: Just got the BSOD while opening a PDF file.
Error caused by win32k.sys. I get an error saying:
"Could not start the Automatic Updates service on Local Computer
Error 1058: the secive cannot be started, either because it is disabled ot because it has no enabled devices associated with it."

After the restart my automatic updates is switched off and I cannot turn it on from control panel or from the Services Administrative Tool.

Followed all instructions and here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\EPoX\USDM\USDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Softex\OmniPass\Help.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinFast\WFDTV\DVBTAP.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Program Files\proeWildfire 2.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {54EABC7D-40DC-4667-8517-F42D00540342} (DRMActiveXControl Class) - http://www.dlpe-tegrity2.gatech.edu/tegrit.../DRMActiveX.CAB
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1222627588390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187551437451
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://civl3104acam1.ecn.purdue.edu/active...sCamControl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.merasnap.com/activex/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: izwjcm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Analysis Server - Unknown owner - C:\Program Files\Phoenix Integration\Analysis Server 5.1\aserver.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11963 bytes

Edited by mcap, 28 September 2008 - 05:11 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:33 PM

Posted 02 October 2008 - 09:17 PM

Hello mcap,

Is this a business or work computer?

Edited by SifuMike, 02 October 2008 - 09:43 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 mcap

mcap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 October 2008 - 11:14 AM

No, its a home computer. Why do you ask?

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:33 PM

Posted 03 October 2008 - 12:17 PM

Hi mcap,
I see you have McAfee VirusScan Enterprise installed. It is for servers and computers and not generally used for home computers.

A business or work computer require a vastly different approach.
Companies have policies in place for this kind of thing, and I won't be responsible for possibly going against policy.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 03 October 2008 - 12:29 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 mcap

mcap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 October 2008 - 12:43 PM

Thanks for your reply.

I did not know there would be vast difference between antivirus platforms. This one was provided for student use through my university. What is your recommendation for a good personal use antivirus program?

Below is the MBAM and HJT log:

MBAM lOG:

Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 2

10/03/2008 13:20:40
mbam-log-2008-10-03 (13-20-39).txt

Scan type: Quick Scan
Objects scanned: 59532
Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 19
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\rqRJywvW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iiipki.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnmmKCt.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnmmkct (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95057d2-1792-46a4-bbe4-13877963d93c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c95057d2-1792-46a4-bbe4-13877963d93c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1fd69cc-2472-4e57-a278-3a0726339e20} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d1fd69cc-2472-4e57-a278-3a0726339e20} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bfxp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ec4e8224 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmef7db1b8 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrjywvw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrjywvw -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\opnmmKCt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rqRJywvW.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\WvwyJRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WvwyJRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iiipki.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lxrtotdw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdtotrxl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugcdhpjv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mohit Kapur\Local Settings\Temporary Internet Files\Content.IE5\QATVJ239\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mohit Kapur\Local Settings\Temporary Internet Files\Content.IE5\TOIWEIZY\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jtcqsrtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMef7db1b8.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMef7db1b8.txt (Trojan.Vundo) -> Quarantined and deleted successfully.




HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36, on 10/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\EPoX\USDM\USDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softex\OmniPass\Help.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\MOHITK~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Program Files\proeWildfire 2.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {54EABC7D-40DC-4667-8517-F42D00540342} (DRMActiveXControl Class) - http://www.dlpe-tegrity2.gatech.edu/tegrit.../DRMActiveX.CAB
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222703195546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187551437451
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://civl3104acam1.ecn.purdue.edu/active...sCamControl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.merasnap.com/activex/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: iiipki.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Analysis Server - Unknown owner - C:\Program Files\Phoenix Integration\Analysis Server 5.1\aserver.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13207 bytes

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:33 PM

Posted 03 October 2008 - 12:54 PM

What is your recommendation for a good personal use antivirus program?


McAfee and Symantec tends to slow the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

AVAST Home Edition User Guide
http://www.avast.com/eng/download-avast-home.html

Alvira AntiVir User Manual
http://www.free-av.com/en/documentation/index.html

AVG antivirus User Manual
http://free.avg.com/ww.download?prd=afe#tba3

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 mcap

mcap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 October 2008 - 01:38 PM

Here is the RSIT log and info.txt


INFO.TXT

info.txt logfile of random's system information tool 1.04 2008-10-03 13:58:50

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
-->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}\Setup.exe" -l0x9
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AMD Dual-Core Optimizer-->MsiExec.exe /X{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Analysis Server 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ADDAF44-F900-47A5-B54C-809F48FDD3DB}\Setup.exe" -l0x9
AOL Instant Messenger-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Application Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{416AA65D-BA9E-413E-8D01-75064A2A21A7}\Setup.exe" -l0x9
Application Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B028EFB8-E669-400C-97A6-01EDAD99D73E}\Setup.exe" -l0x9
Application Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDB99602-B589-450F-9910-34A57385C4CB}\Setup.exe" -l0x9
Armadillo Run 1.0.3-->"C:\Program Files\Armadillo Run\unins000.exe"
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
BlueSoleil-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Call of Duty® 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Call of Duty® 4 - Modern Warfare™ Demo-->C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP210 series User Registration-->C:\Program Files\Canon\IJEREG\MP210 series\UNINST.EXE
Canon MP210 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crysis® Tournament Map Pack-->MsiExec.exe /X{63DAD698-7FB0-4094-BDD5-342AB1763D11}
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Data Visualizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9DD33EE-DD2A-4F46-BE9C-448B2E8AB983}\Setup.exe" -l0x9
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Deutz Engine-->C:\WINDOWS\system32\Deutz Engine.scr u
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DWGeditor-->MsiExec.exe /X{AC7190A0-EEA1-423C-A531-FCEB4E0EBBB1}
Dymola-->C:\PROGRA~1\Dymola\UNWISE.EXE C:\PROGRA~1\Dymola\INSTALL.LOG
eDrawings 2006-->MsiExec.exe /I{8C47092F-B249-43CB-A780-40274329043D}
EES - Engineering Equation Solver-->C:\PROGRA~1\EES32\UNWISE.EXE C:\PROGRA~1\EES32\INSTALL.LOG
EPoX Magic BIOS-->"C:\Program files\EPoX\Magic BIOS\SETUP.EXE" "-UNINSTALL"
EPoX Thunder Flash (EPTF)-->"C:\Program Files\EPoX\EPTF\Setup.EXE" "-UNINSTALL"
EPoX Unified System Diagnostic Manager (USDM)-->"C:\Program Files\EPoX\USDM\SETUP.EXE" "-UNINSTALL"
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Excel PlugIn-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AEF0BEF-243C-4C8C-81A6-8DF5AAADF356}\Setup.exe" -l0x9
Fraps-->"C:\Program Files\Fraps\uninstall.exe"
Futuremark Measurement Services Client-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
Garmin City Navigator North America NT 2009 Update-->MsiExec.exe /X{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IE7Pro-->C:\Program Files\IEPro\uninst.exe
iolo technologies' System Mechanic 5 Professional-->C:\PROGRA~1\SYSTEM~1\UninstallSMPro.exe
iriver plus 3 (remove only)-->"C:\Program Files\iriver\iriver plus 3\uninstall.exe"
iriverter 0.16-->C:\Program Files\iriverter\uninst.exe
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 2.53 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Linksys Dual-Band Wireless-N USB Network Adapter-->C:\Program Files\InstallShield Installation Information\{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}\setup.exe -runfromtemp -l0x0409
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Machine Check Analysis Tool-->MsiExec.exe /X{ADC2809F-E3E7-487D-9684-D71452186FD3}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic Screen-->C:\WINDOWS\uninst.exe -f"C:\Program Files\EPoX\Magic Screen\DeIsL1.isu" -c"C:\Program Files\EPoX\Magic Screen\_ISREG32.DLL"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mathcad PlugIn-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EED21DE7-0DCB-4683-89FE-BE1D5A91E1F7}\Setup.exe" -l0x9
MathType 5-->"C:\Program Files\MathType\Setup.exe" -R
Matlab PlugIn-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCE3C2E8-1874-48CF-91C8-131C7293C617}\Setup.exe" -l0x9
MATLAB R2007a-->C:\Program Files\MATLAB\R2007a\uninstall\uninstall.exe C:\Program Files\MATLAB\R2007a\
Matrix-ks-->"C:\Program Files\KellySoftware\Matrix-ks\Uninstall.exe" "C:\Program Files\KellySoftware\Matrix-ks\install.log"
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft English TTS Engine-->MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Streets & Trips 2008-->MsiExec.exe /I{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
ModelCenter 7.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{941BFACE-E4F4-46F5-AA7F-9761D1B9C904}\setup.exe" -l0x9 -removeonly
MortSaver-->C:\Program Files\Microsoft ActiveSync\MortSaver\Uninstall.exe MortSaver
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag V.2.32a-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Need for Speed Underground 2-->F:\NFSU2\EAUninstall.exe
Need for Speed Carbon Demo-->F:\NFSCarbon\EAUninstall.exe
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Notes Explorer-->C:\Program Files\Microsoft ActiveSync\Notes Explorer\Uninstall.exe Notes Explorer
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x9
Optimization Package 2.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{066FC207-3165-4174-98E6-9DE252302015}\Setup.exe" -l0x9
PhotoFrame-->C:\Program Files\InstallShield Installation Information\{55248120-7F22-4EB1-AC00-560DBA88F5D2}\setup.exe -runfromtemp -l0x0009 -removeonly
Photohands 1.0E-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\Setup.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.4.2-->MsiExec.exe /I{B191E49C-EA23-43B2-B28A-14E0784069B8}
QSuite 2.0-->"C:\Program Files\QSuite\unins000.exe"
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RC Helicopter-->F:\RCHELI~1\UNWISE.EXE F:\RCHELI~1\INSTALL.LOG
RealFlight G3 R/C Simulator-->C:\Program Files\Common Files\KnifeEdge\Launcher.exe REALFLIGHT3
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Richard Burns Rally-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92C7D009-A464-4948-A980-7A3E28CB2F49}\setup.exe" -l0x9
RSMToolkit 1.2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E87CF561-F145-407A-A0C7-81571FCF7980}\Setup.exe" -l0x9
SAPI Wrapper-->MsiExec.exe /I{96172E04-BB14-45F6-A77B-8EE7A421B903}
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SolidWorks 2006 SP0-->MsiExec.exe /I{7745E24A-84A9-4754-9FFD-8FBE12CA0200}
Sony Ericsson PC Suite for Smartphones-->MsiExec.exe /I{BDF01220-453E-4003-B7DA-957D140257F1}
Sony Ericsson Symbian 9 Drivers-->C:\Program Files\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Steam-->H:\Steam\UNWISE.EXE H:\Steam\INSTALL.LOG
StrokeIt (remove only)-->"C:\Program Files\Strokeit\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}\setup.exe" -l0x9
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
TTS Wrapper-->MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\WidgetEngine\UnixUtils\uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Weblink-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast Entertainment Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE4AA694-815A-4045-BD49-C94F2BED7458}\setup.exe"
WinFast PVR2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\setup.exe" -l0x9 -removeonly
WinLauncherXP 2.0.5 beta-->"C:\Program Files\WinLauncherXP\unins000.exe"
WinRAR 3.42-->C:\Program Files\WinRAR\Uninstal.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\WIDGET~1\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: VirusScan Enterprise + AntiSpyware Enterprise

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\program files\microsoft sql server\80\tools\binn;c:\program files\common files\adobe\agl;c:\program files\quicktime\qtsystem;c:\program files\amd\mcat;c:\program files\common files\teleca shared;c:\program files\intuwave\shared\mrouterruntime;C:\Program Files\MATLAB\R2007a\bin;C:\Program Files\MATLAB\R2007a\bin\win32;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"PRO_COMM_MSG_EXE"=C:\Program Files\proeWildfire 2.0\i486_nt\obj\pro_comm_msg.exe
"PROE_START_CMD"=C:\Program Files\proeWildfire 2.0\bin\proe1.bat
"AWP_ROOT100"=C:\Program Files\ANSYS Inc\v100
"AWP_LOCALE100"=en-us
"ANSYS_SYSDIR"=Intel
"ANSYS_SYSDIR32"=Intel
"CADOE_LIBDIR100"=C:\Program Files\ANSYS Inc\v100\CommonFiles\Language\en-us
"DEFAULT_CA_NR"=CA8
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

-----------------EOF-----------------


LOG.TXT

Logfile of random's system information tool 1.04 (written by random/random)
Run by Mohit Kapur at 2008-10-03 13:58:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (14%) free of 51 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58, on 10/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\EPoX\USDM\USDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softex\OmniPass\Help.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Strokeit\strokeit.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\MOHITK~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mohit Kapur\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mohit Kapur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPoX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Program Files\proeWildfire 2.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {54EABC7D-40DC-4667-8517-F42D00540342} (DRMActiveXControl Class) - http://www.dlpe-tegrity2.gatech.edu/tegrit.../DRMActiveX.CAB
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222703195546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187551437451
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://civl3104acam1.ecn.purdue.edu/active...sCamControl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.merasnap.com/activex/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: iiipki.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Analysis Server - Unknown owner - C:\Program Files\Phoenix Integration\Analysis Server 5.1\aserver.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13299 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2008-04-13 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-04-13 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2008-04-13 2554944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"OmniPass"=C:\Program Files\Softex\OmniPass\scureapp.exe [2004-02-02 1744896]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]
"EPoXUSDM"=C:\Program Files\EPoX\USDM\USDM.EXE [2005-06-17 1297408]
"amd_dc_opt"=C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe [2006-06-28 106496]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2008-04-13 110592]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2007-07-27 409600]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"=C:\Program Files\Strokeit\strokeit.exe [2005-02-17 21504]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear []
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ktlijlyv]
C:\Program Files\Common Files\??pPatch\csrss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-03-08 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="iiipki.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2004-02-02 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\Steam\Steam.exe"="F:\Steam\Steam.exe:*:Enabled:Steam"
"F:\Steam\SteamApps\superman27884@yahoo.com\counter-strike\hl.exe"="F:\Steam\SteamApps\superman27884@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"F:\Steam\SteamApps\superman27884@yahoo.com\day of defeat\hl.exe"="F:\Steam\SteamApps\superman27884@yahoo.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"F:\Red Storm Entertainment\RavenShield\system\UCC.exe"="F:\Red Storm Entertainment\RavenShield\system\UCC.exe:*:Enabled:UCC"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\System Mechanic 5 Professional\Search and Recover\SearchandRecover.exe"="C:\Program Files\System Mechanic 5 Professional\Search and Recover\SearchandRecover.exe:*:Disabled:Search and Recover 2"
"C:\Program Files\System Mechanic 5 Professional\System Shield\SystemShield.exe"="C:\Program Files\System Mechanic 5 Professional\System Shield\SystemShield.exe:*:Disabled:Start System Shield"
"C:\Program Files\System Mechanic 5 Professional\SysMech5.exe"="C:\Program Files\System Mechanic 5 Professional\SysMech5.exe:LocalSubNet:Disabled:Start System Mechanic 5 Professional"
"C:\Program Files\System Mechanic 5 Professional\SMUtilityBar.exe"="C:\Program Files\System Mechanic 5 Professional\SMUtilityBar.exe:LocalSubNet:Disabled:System Mechanic 5 Utility Bar"
"C:\Program Files\System Mechanic 5 Professional\StartupGuard.exe"="C:\Program Files\System Mechanic 5 Professional\StartupGuard.exe:*:Disabled:System Mechanic 5 Startup Guard"
"C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe"="C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe:*:Disabled:Task_Agent.exe"
"C:\Program Files\System Mechanic 5 Professional\Search and Recover\DiskImageService.exe"="C:\Program Files\System Mechanic 5 Professional\Search and Recover\DiskImageService.exe:*:Disabled:DiskImageService.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe"="C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe:LocalSubNet:Disabled:Adobe Photoshop CS2"
"F:\Call of Duty 2\cod2mp_s.exe"="F:\Call of Duty 2\cod2mp_s.exe:*:Disabled:Call of Duty® 2 Multiplayer"
"F:\Call of Duty 2\cod2sp_s.exe"="F:\Call of Duty 2\cod2sp_s.exe:*:Disabled:Call of Duty® 2 Single Player"
"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe:LocalSubNet:Disabled:Acrobat.exe"
"C:\Program Files\Adobe\Adobe Bridge\Bridge.exe"="C:\Program Files\Adobe\Adobe Bridge\Bridge.exe:LocalSubNet:Disabled:Adobe Bridge"
"C:\Program Files\Adobe\Adobe Help Center\ahc.exe"="C:\Program Files\Adobe\Adobe Help Center\ahc.exe:LocalSubNet:Disabled:Adobe Help Center"
"C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe:LocalSubNet:Disabled:AdobeUpdateManager.exe"
"F:\Steam\SteamApps\superman27884@yahoo.com\team fortress classic\hl.exe"="F:\Steam\SteamApps\superman27884@yahoo.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"F:\NFSU2\SPEED2.EXE"="F:\NFSU2\SPEED2.EXE:*:Disabled:Need for Speed Underground 2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"F:\Steam\SteamApps\superman27884@yahoo.com\deathmatch classic\hl.exe"="F:\Steam\SteamApps\superman27884@yahoo.com\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"F:\Red Storm Entertainment\RavenShield\system\RavenShield.exe"="F:\Red Storm Entertainment\RavenShield\system\RavenShield.exe:*:Enabled:RavenShield"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Steam\SteamApps\quest_counter\condition zero\hl.exe"="F:\Steam\SteamApps\quest_counter\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"F:\Steam\SteamApps\quest_counter\counter-strike\hl.exe"="F:\Steam\SteamApps\quest_counter\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"F:\Steam\SteamApps\superman27884@yahoo.com\half-life\hl.exe"="F:\Steam\SteamApps\superman27884@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe"="C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe:*:Enabled:DXP SyncML Module"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Phoenix Integration\Analysis Server 5.1\aserver.exe"="C:\Program Files\Phoenix Integration\Analysis Server 5.1\aserver.exe:*:Enabled:aserver"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\Crysis\Bin32\Crysis.exe"="F:\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"F:\Crysis\Bin32\CrysisDedicatedServer.exe"="F:\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe"="C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe"
"C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe"="C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe:*:Enabled:AWP ANSYS.exe"
"C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe"="C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe"
"C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe"="C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe"
"C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe"="C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe:*:Enabled:CEExeServerU.exe"
"C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe"="C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe:*:Enabled:JMServiceU.exe"
"C:\Program Files\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\tclsh.exe"="C:\Program Files\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe"
"C:\Program Files\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\wish.exe"="C:\Program Files\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe"
"C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe"="C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{797114b8-3fae-11db-85a4-000461942e0a}]
shell\AutoRun\command - L:\LaunchU3.exe


======List of files/folders created in the last 3 months======

2008-10-03 13:58:38 ----D---- C:\rsit
2008-10-03 13:28:54 ----D---- C:\WINDOWS\LastGood
2008-10-02 18:54:13 ----D---- C:\WINDOWS\Prefetch
2008-10-02 18:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-02 18:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-02 18:50:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-02 18:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-02 18:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-02 18:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-02 18:49:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-02 18:49:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-02 18:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-02 18:48:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-02 18:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-02 18:48:13 ----D---- C:\WINDOWS\LastGood.Tmp
2008-10-02 18:43:51 ----D---- C:\WINDOWS\system32\scripting
2008-10-02 18:43:51 ----D---- C:\WINDOWS\l2schemas
2008-10-02 18:43:50 ----D---- C:\WINDOWS\system32\en
2008-09-29 18:23:33 ----A---- C:\WINDOWS\system32\Dvbpws.dll
2008-09-29 14:34:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-29 14:34:30 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-29 14:34:28 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-29 14:34:28 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-29 14:34:18 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-29 14:34:00 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-29 14:33:51 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-29 14:33:50 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-29 14:33:49 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-29 14:33:49 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-29 14:33:49 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-29 14:33:47 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-29 14:33:41 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-29 14:33:30 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-29 14:33:30 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-29 14:33:30 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-29 14:33:29 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-29 14:33:29 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-29 14:33:24 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-29 14:33:24 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-29 14:33:09 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-29 14:33:09 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-29 14:33:09 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-29 14:33:08 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-29 14:32:41 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-29 14:32:39 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-29 14:32:36 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-29 14:32:36 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-29 14:32:35 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-29 14:32:34 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-29 14:31:57 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-29 14:31:56 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-29 14:31:07 ----A---- C:\WINDOWS\006111_.tmp
2008-09-29 14:31:01 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-29 14:31:01 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-29 14:31:01 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-29 14:31:01 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-29 14:31:01 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-29 14:31:01 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-29 14:31:00 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-29 14:31:00 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-29 14:30:49 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-29 14:30:49 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-29 14:30:49 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-29 14:30:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-29 14:30:49 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-29 14:30:49 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-29 14:30:49 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-29 14:30:44 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-29 14:30:44 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-29 14:30:42 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-29 14:30:34 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-29 14:30:14 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-29 14:30:13 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-29 13:52:22 ----D---- C:\Documents and Settings\Mohit Kapur\Application Data\Malwarebytes
2008-09-29 13:52:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-29 13:52:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-29 13:33:33 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-29 13:33:33 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-29 13:33:33 ----A---- C:\WINDOWS\system32\java.exe
2008-09-29 13:32:48 ----D---- C:\Program Files\Common Files\Java
2008-09-28 15:26:28 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-28 14:50:11 ----D---- C:\Program Files\Trend Micro
2008-09-28 13:49:49 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-28 13:45:42 ----D---- C:\WINDOWS\nview
2008-09-28 13:45:42 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-09-28 13:33:05 ----D---- C:\Documents and Settings\Mohit Kapur\Application Data\SystemRequirementsLab
2008-09-28 03:27:48 ----SHD---- C:\RECYCLER
2008-09-28 02:35:35 ----SH---- C:\WINDOWS\system32\lvdheasp.ini
2008-09-28 02:19:47 ----A---- C:\ComboFix.txt
2008-09-28 02:19:17 ----SH---- C:\WINDOWS\system32\bpsijqpe.ini
2008-09-28 01:52:06 ----A---- C:\Boot.bak
2008-09-28 01:51:52 ----D---- C:\cmdcons
2008-09-28 01:50:26 ----D---- C:\QooBox
2008-09-28 01:50:25 ----A---- C:\WINDOWS\swreg.exe
2008-09-28 01:50:25 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-28 01:50:24 ----A---- C:\WINDOWS\zip.exe
2008-09-28 01:50:24 ----A---- C:\WINDOWS\VFind.exe
2008-09-28 01:50:24 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-28 01:50:24 ----A---- C:\WINDOWS\SWSC.exe
2008-09-28 01:50:24 ----A---- C:\WINDOWS\sed.exe
2008-09-28 01:50:24 ----A---- C:\WINDOWS\grep.exe
2008-09-28 01:50:24 ----A---- C:\WINDOWS\fdsv.exe
2008-09-27 14:33:50 ----SH---- C:\WINDOWS\system32\gibwfdcy.ini
2008-09-17 13:01:42 ----D---- C:\WINDOWS\erdnt
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\keystone.exe
2008-09-16 23:54:10 ----A---- C:\WINDOWS\system32\e76d465a-.txt
2008-09-16 23:44:39 ----D---- C:\Documents and Settings\Mohit Kapur\Application Data\TmpRecentIcons
2008-09-11 21:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-11 21:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 19:15:17 ----D---- C:\Documents and Settings\All Users\Application Data\tslifejc
2008-09-05 21:04:14 ----D---- C:\Program Files\SystemRequirementsLab
2008-09-05 21:02:02 ----D---- C:\Program Files\NVIDIA nTune Performance Application
2008-08-24 13:59:37 ----D---- C:\Documents and Settings\Mohit Kapur\Application Data\IEPro
2008-08-24 13:59:09 ----D---- C:\Program Files\IEPro
2008-08-15 16:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-15 16:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-15 16:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 16:10:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-15 16:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 16:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-15 16:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-15 12:28:22 ----D---- C:\WINDOWS\Cache
2008-08-15 12:28:20 ----D---- C:\Program Files\Coupons
2008-08-08 23:42:47 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-07 23:37:04 ----D---- C:\Program Files\Lavasoft
2008-08-07 23:37:04 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-07 22:42:25 ----A---- C:\WINDOWS\wininit.ini
2008-07-28 14:24:43 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-07-28 14:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-28 00:53:05 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-07-28 00:12:34 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-07-28 00:12:34 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-07-28 00:12:33 ----A---- C:\WINDOWS\system32\pbsvc.exe
2008-07-24 13:07:19 ----D---- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$

======List of files/folders modified in the last 3 months======

2008-10-03 13:29:05 ----HD---- C:\WINDOWS\inf
2008-10-03 13:28:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-03 13:28:54 ----D---- C:\WINDOWS
2008-10-03 12:07:12 ----D---- C:\Program Files\Mozilla Firefox
2008-10-03 12:06:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-03 12:06:24 ----D---- C:\WINDOWS\Temp
2008-10-02 23:05:21 ----D---- C:\quarantine
2008-10-02 21:50:31 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-02 20:30:52 ----D---- C:\WINDOWS\system32
2008-10-02 18:58:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-02 18:57:14 ----SD---- C:\WINDOWS\Tasks
2008-10-02 18:56:53 ----A---- C:\WINDOWS\iTouch.ini
2008-10-02 18:56:38 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-02 18:55:03 ----A---- C:\WINDOWS\setuplog.txt
2008-10-02 18:54:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-02 18:53:08 ----RSD---- C:\WINDOWS\Fonts
2008-10-02 18:53:08 ----D---- C:\WINDOWS\system32\wbem
2008-10-02 18:53:08 ----D---- C:\WINDOWS\system32\Setup
2008-10-02 18:53:08 ----D---- C:\WINDOWS\AppPatch
2008-10-02 18:53:06 ----D---- C:\WINDOWS\system32\drivers
2008-10-02 18:52:21 ----D---- C:\WINDOWS\security
2008-10-02 18:52:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 18:51:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-02 18:51:45 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-02 18:48:51 ----D---- C:\Program Files\Messenger
2008-10-02 18:44:08 ----D---- C:\WINDOWS\WinSxS
2008-10-02 18:44:04 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-02 18:44:00 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-02 18:44:00 ----D---- C:\WINDOWS\network diagnostic
2008-10-02 18:44:00 ----D---- C:\WINDOWS\ime
2008-10-02 18:44:00 ----D---- C:\WINDOWS\Help
2008-10-02 18:43:52 ----D---- C:\WINDOWS\system32\usmt
2008-10-02 18:43:52 ----D---- C:\WINDOWS\system32\en-US
2008-10-02 18:43:50 ----D---- C:\WINDOWS\system32\bits
2008-10-02 18:43:50 ----D---- C:\WINDOWS\peernet
2008-10-02 18:43:50 ----D---- C:\Program Files\Movie Maker
2008-10-02 18:41:18 ----D---- C:\WINDOWS\system32\Restore
2008-10-02 18:41:17 ----D---- C:\WINDOWS\system32\npp
2008-10-02 18:41:16 ----D---- C:\WINDOWS\msagent
2008-10-02 18:41:15 ----D---- C:\WINDOWS\srchasst
2008-10-02 18:41:14 ----D---- C:\Program Files\NetMeeting
2008-10-02 18:41:12 ----D---- C:\WINDOWS\system32\Com
2008-10-02 18:41:10 ----D---- C:\Program Files\Windows NT
2008-10-02 18:41:10 ----D---- C:\Program Files\Windows Media Player
2008-10-02 18:41:09 ----D---- C:\Program Files\Outlook Express
2008-10-02 18:41:08 ----D---- C:\Program Files\Common Files\System
2008-10-02 18:40:54 ----D---- C:\WINDOWS\system32\oobe
2008-10-02 18:40:53 ----D---- C:\WINDOWS\system
2008-10-02 18:38:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-02 18:38:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-02 18:36:12 ----D---- C:\WINDOWS\EHome
2008-09-29 13:54:15 ----D---- C:\Documents and Settings\Mohit Kapur\Application Data\Mozilla
2008-09-29 13:52:18 ----RD---- C:\Program Files
2008-09-29 13:33:46 ----SHD---- C:\WINDOWS\Installer
2008-09-29 13:33:34 ----D---- C:\Config.Msi
2008-09-29 13:33:32 ----D---- C:\Program Files\Java
2008-09-29 13:32:48 ----D---- C:\Program Files\Common Files
2008-09-29 11:46:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-28 17:45:19 ----D---- C:\WINDOWS\Minidump
2008-09-28 13:22:52 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-28 13:19:11 ----RASH---- C:\boot.ini
2008-09-28 13:19:11 ----A---- C:\WINDOWS\win.ini
2008-09-28 13:19:11 ----A---- C:\WINDOWS\system.ini
2008-09-28 12:53:48 ----SHD---- C:\System Volume Information
2008-09-28 01:57:22 ----D---- C:\WINDOWS\system32\config
2008-09-24 19:09:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-23 23:28:19 ----D---- C:\WINDOWS\Debug
2008-09-19 20:20:25 ----D---- C:\temp
2008-09-17 09:55:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-16 23:44:01 ----D---- C:\Documents and Settings\Mohit Kapur\Application Data\dvdcss
2008-09-16 21:27:12 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-06 17:56:19 ----D---- C:\Documents and Settings\All Users\Application Data\ModelCenter
2008-09-06 17:56:19 ----A---- C:\WINDOWS\ModelCenter.INI
2008-09-05 21:03:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-03 12:25:52 ----D---- C:\Documents and Settings\Mohit Kapur\Application Data\TrueCrypt
2008-08-26 16:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-15 17:56:42 ----D---- C:\Program Files\Internet Explorer
2008-08-07 23:36:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-07 23:00:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-07 23:00:30 ----D---- C:\Documents and Settings\Mohit Kapur\Application Data\Lavasoft
2008-07-28 00:12:32 ----D---- C:\WINDOWS\system32\LogFiles
2008-07-28 00:12:28 ----D---- C:\WINDOWS\system32\DirectX
2008-07-27 23:42:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:08:04 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-07 16:26:58 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2004-05-29 9728]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-05-18 223424]
R2 CX23880;WinFast CX2388x WDM Video Capture.; C:\WINDOWS\system32\drivers\cx88vid.sys [2006-10-18 162944]
R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.; C:\WINDOWS\system32\drivers\cxavxbar.sys [2006-10-18 9728]
R2 CXTUNE;WinFast CX2388x WDM TVTuner.; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2006-10-18 50816]
R2 EPoXUSDM;EPoXUSDM; C:\WINDOWS\system32\drivers\EPoXUSDM.sys [2005-06-16 6656]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 27072]
R3 amdtools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\amdtools.sys [2006-06-27 31744]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000); C:\WINDOWS\System32\Drivers\FLMckUSB.sys [2004-03-17 67159]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-12-17 14095]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-17 37887]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\Drivers\LMouFlt2.sys [2003-12-17 70801]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360]
R3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-10-05 18167]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM); C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-07-25 53408]
S1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys []
S2 hwmdr;hwmdr; C:\WINDOWS\system32\drivers\hwmdr.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-04 3797632]
S3 AMDPCI;AMDPCI; \??\C:\DOCUME~1\MOHITK~1\LOCALS~1\Temp\AMDPCI.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CA561;ICatch VI PC CAMERA; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2004-11-29 122928]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CSRBC01;CSRBC01.Sys CSR test driver; C:\WINDOWS\System32\Drivers\CSRBC01.sys [2006-09-15 86902]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys []
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EPScanMemory;EPScanMemory; \??\C:\Program Files\EPoX\EPTP\ScanMemory32.sys []
S3 FTDIBUS;SEMC DSS SyncStation Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys []
S3 FTLUND;Lundinova Filter Driver; C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 6828]
S3 FTSER2K;SEMC DSS SyncStation Driver; C:\WINDOWS\system32\drivers\ftser2k.sys []
S3 hcdriver;EHCI; C:\WINDOWS\System32\Drivers\hcdriver.sys [2003-04-25 46080]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\Drivers\itchfltr.sys [2004-03-10 12953]
S3 L8042PR2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\Drivers\l8042pr2.sys [2003-12-17 51729]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32\Drivers\LMouKE.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-07-20 9728]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-12-14 551680]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SoC PC-Camera Service;Mini-Cam USB Camera (SC-120); C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-03-24 138396]
S3 SQTECH913D;Photo Frame; C:\WINDOWS\System32\Drivers\Capt8080.sys [2007-03-24 16640]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-10-05 47104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WINFLASH;WINFLASH; \??\C:\Program Files\EPOX\Magic BIOS\WinFlash.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-07 611664]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2007-02-22 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2007-02-22 54872]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-05-25 9154560]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2004-02-02 68704]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-28 66872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-01-22 72704]
S3 Analysis Server;Analysis Server; C:\Program Files\Phoenix Integration\Analysis Server 5.1\aserver.exe [2006-06-15 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-13 138680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE []

-----------------EOF-----------------

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:33 PM

Posted 03 October 2008 - 05:22 PM

I see that you ran ComboFix on your own. :thumbsup:
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

Post the C:\ComboFix.txt log
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 mcap

mcap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 October 2008 - 05:37 PM

Thanks for the reply.

Yea, unfortunately a buddy of mine (who claims to have experience with malware) looked over my comp and tried to fix it over the weekend. I believe he uninstalled it after using it. However there is still a Combofix folder in the C: drive with 2 files CF13784.exe and nirmcd.com. Can you tell if its use has affected/harmed my system in any way?

Btw, after using MBAM earlier today, Windows Automatic Updates started working correctly. And I havent noticed popups since then. Do you think my system is clean now?

I am waiting for the all clear before I uninstall my existing antivirus and try one the 3 you mentioned earlier.

The Combofix.txt log file is also still there in C: and I have pasted it below:

ComboFix 08-09-27.01 - Mohit Kapur 2008-09-28 1:52:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1419 [GMT -4:00]
Running from: C:\Documents and Settings\Mohit Kapur\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mohit Kapur\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mohit Kapur\Application Data\TSKS~1
C:\Documents and Settings\Mohit Kapur\Application Data\TSKS~1\regedit.exe
C:\Documents and Settings\Mohit Kapur\Application Data\TSKS~1\T?sks\
C:\Program Files\Common Files\ppatch~1
C:\WINDOWS\BMef7db1b8.txt
C:\WINDOWS\BMef7db1b8.xml
C:\WINDOWS\faceback.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-27 14:33 . 2008-09-27 14:33 986,883 ---hs---- C:\WINDOWS\system32\gibwfdcy.ini
2008-09-27 14:33 . 2008-09-27 14:33 128,000 --a------ C:\WINDOWS\system32\ohvdzf.dll
2008-09-27 14:33 . 2008-09-27 14:33 128,000 --a------ C:\WINDOWS\system32\bfsrcnjw.dll
2008-09-27 14:32 . 2008-09-27 14:32 317,440 --a------ C:\WINDOWS\system32\rqRJywvW.dll
2008-09-27 14:32 . 2008-09-28 01:52 15,809 --ahs---- C:\WINDOWS\system32\WvwyJRqr.ini2
2008-09-27 14:32 . 2008-09-28 01:52 15,809 --ahs---- C:\WINDOWS\system32\WvwyJRqr.ini
2008-09-27 14:27 . 2008-09-27 14:27 29,184 --------- C:\WINDOWS\system32\opnmmKCt.dll
2008-09-23 23:28 . 2008-09-23 23:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-16 23:44 . 2008-09-16 23:44 <DIR> d-------- C:\Documents and Settings\Mohit Kapur\Application Data\TmpRecentIcons
2008-09-10 12:22 . 2008-09-10 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\American Express Online Assistant
2008-09-09 19:15 . 2008-09-14 06:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\tslifejc
2008-09-08 21:23 . 2008-09-27 14:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-08 21:23 . 2008-09-08 21:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-05 21:04 . 2008-09-05 21:04 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-09-05 21:02 . 2008-09-05 21:02 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 21:48 --------- d-----w C:\Program Files\Java
2008-09-26 02:21 --------- d-----w C:\Program Files\IEPro
2008-09-24 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-24 23:03 --------- d-----w C:\Documents and Settings\Mohit Kapur\Application Data\IEPro
2008-09-17 03:44 --------- d-----w C:\Documents and Settings\Mohit Kapur\Application Data\dvdcss
2008-09-07 16:23 5,700 ----a-w C:\Documents and Settings\Mohit Kapur\FMCodec.dat
2008-09-06 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ModelCenter
2008-09-06 01:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 16:25 --------- d-----w C:\Documents and Settings\Mohit Kapur\Application Data\TrueCrypt
2008-08-30 18:03 --------- d-----w C:\Program Files\Coupons
2008-08-30 05:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-19 23:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-09 03:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-08 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-08 03:37 --------- d-----w C:\Program Files\Lavasoft
2008-08-08 03:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-08 03:00 --------- d-----w C:\Documents and Settings\Mohit Kapur\Application Data\Lavasoft
2008-07-28 04:13 22,328 ----a-w C:\Documents and Settings\Mohit Kapur\Application Data\PnkBstrK.sys
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2007-11-01 04:33 23 --sha-w C:\WINDOWS\system32\ecdadbe4_g.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A35A8A7-A083-4120-9931-CE69F0C2AEEF}]
2008-09-27 14:32 317440 --a------ C:\WINDOWS\system32\rqRJywvW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{453F51E8-FEF5-4C54-B136-944BF434360C}]
2008-09-27 14:27 29184 --------- C:\WINDOWS\system32\opnmmKCt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C81369F-D8C9-4386-9559-ED594A4E12E4}]
2008-09-28 02:06 317440 --a------ C:\WINDOWS\system32\xxyayASk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ee517891-6c6a-4258-b58c-20452d77dc36}]
2008-09-27 14:33 128000 --a------ C:\WINDOWS\system32\ohvdzf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"="C:\Program Files\Strokeit\strokeit.exe" [2005-02-17 21504]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2004-02-02 1744896]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"EPoXUSDM"="C:\Program Files\EPoX\USDM\USDM.EXE" [2005-06-17 1297408]
"amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-07-27 409600]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 8491008]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"BMef7db1b8"="C:\WINDOWS\system32\wgrfsrec.dll" [2008-09-28 105984]
"ec4e8224"="C:\WINDOWS\system32\epqjispb.dll" [2008-09-28 71168]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-09-17 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-09-17 C:\WINDOWS\system32\nvmctray.dll]

C:\Documents and Settings\Mohit Kapur\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe [2007-07-20 2913584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{453F51E8-FEF5-4C54-B136-944BF434360C}"= "C:\WINDOWS\system32\opnmmKCt.dll" [2008-09-27 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2004-02-02 13:19 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmmKCt]
2008-09-27 14:27 29184 C:\WINDOWS\system32\opnmmKCt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ohvdzf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= mcmjpg32.dll
"vidc.dmb1"= mcmjpg32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\xxyayASk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ktlijlyv]
C:\Program Files\Common Files\??pPatch\csrss.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-03-08 13:02 155648 C:\Program Files\QuickTime\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"mW[ˆ־`=˜v%S8’>grl>\†=Ÿ۱"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"F:\\Steam\\Steam.exe"=
"F:\\Steam\\SteamApps\\superman27884@yahoo.com\\counter-strike\\hl.exe"=
"F:\\Steam\\SteamApps\\superman27884@yahoo.com\\day of defeat\\hl.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Red Storm Entertainment\\RavenShield\\system\\UCC.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\System Mechanic 5 Professional\\Search and Recover\\SearchandRecover.exe"=
"C:\\Program Files\\System Mechanic 5 Professional\\System Shield\\SystemShield.exe"=
"C:\\Program Files\\System Mechanic 5 Professional\\StartupGuard.exe"=
"C:\\Program Files\\iolo\\Common\\Task Agent\\Task_Agent.exe"=
"C:\\Program Files\\System Mechanic 5 Professional\\Search and Recover\\DiskImageService.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"F:\\Call of Duty 2\\cod2mp_s.exe"=
"F:\\Call of Duty 2\\cod2sp_s.exe"=
"F:\\Steam\\SteamApps\\superman27884@yahoo.com\\team fortress classic\\hl.exe"=
"F:\\NFSU2\\SPEED2.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\Steam\\SteamApps\\superman27884@yahoo.com\\deathmatch classic\\hl.exe"=
"F:\\Red Storm Entertainment\\RavenShield\\system\\RavenShield.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Steam\\SteamApps\\quest_counter\\condition zero\\hl.exe"=
"F:\\Steam\\SteamApps\\quest_counter\\counter-strike\\hl.exe"=
"F:\\Steam\\SteamApps\\superman27884@yahoo.com\\half-life\\hl.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Phoenix Integration\\Analysis Server 5.1\\aserver.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"F:\\Crysis\\Bin32\\Crysis.exe"=
"F:\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"139:TCP"= 139:TCP:*:Disabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Disabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Disabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Disabled:@xpsp2res.dll,-22002
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3132r5.sys [2007-06-01 215856]
R2 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-11-28 27072]
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys [2006-06-27 31744]
R3 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);C:\WINDOWS\system32\Drivers\FLMckUSB.sys [2004-03-17 67159]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 14095]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-07-25 53408]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys [ ]
S3 Analysis Server;Analysis Server;C:\Program Files\Phoenix Integration\Analysis Server 5.1\aserver.exe [2006-06-15 73728]
S3 CSRBC01;CSRBC01.Sys CSR test driver;C:\WINDOWS\system32\Drivers\CSRBC01.sys [2006-09-15 86902]
S3 EPScanMemory;EPScanMemory;C:\Program Files\EPoX\EPTP\ScanMemory32.sys [ ]
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2004-01-19 6828]
S3 hcdriver;EHCI;C:\WINDOWS\system32\Drivers\hcdriver.sys [2003-04-25 46080]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-12-14 551680]
S3 SQTECH913D;Photo Frame;C:\WINDOWS\system32\Drivers\Capt8080.sys [2007-03-24 16640]
S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [ ]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{797114b8-3fae-11db-85a4-000461942e0a}]
\Shell\AutoRun\command - L:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics.dll
HKLM-Run-NVIDIA nTune - C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe
MSConfigStartUp-GetModule23 - C:\Program Files\GetModule\GetModule23.exe
MSConfigStartUp-VnrBlock21 - C:\Program Files\VnrBlock\VnrBlock21.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mohit Kapur\Application Data\Mozilla\Firefox\Profiles\kscmhn5a.default\
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvlc.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 02:00:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\xxyayASk.dll 317440 bytes executable
C:\WINDOWS\system32\kSAyayxx.ini 346 bytes
C:\WINDOWS\system32\kSAyayxx.ini2

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
-> C:\WINDOWS\system32\opnmmKCt.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\epqjispb.dll
-> C:\WINDOWS\system32\wgrfsrec.dll
-> ?:\WINDOWS\system32\urlmon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\omniServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softex\OmniPass\Help.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 2:19:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 06:19:42
ComboFix2.txt 2008-09-17 17:29:29

Pre-Run: 10,464,030,720 bytes free
Post-Run: 10,594,025,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

278 --- E O F --- 2008-09-23 22:21:48

Edited by mcap, 03 October 2008 - 05:39 PM.


#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:33 PM

Posted 04 October 2008 - 11:41 AM

Yea, unfortunately a buddy of mine (who claims to have experience with malware) looked over my comp and tried to fix it over the weekend. I believe he uninstalled it after using it.


Tell your "buddy" not to use a tool he knows nothing about. It is not a toy and is NOT to be used by the general public.



Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck

      File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post.

If the file is too big to post, then you can upload it to me here.
Let me know when you post it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 mcap

mcap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 04 October 2008 - 01:29 PM

Thanks a lot once again. Yeas safe to say that *@#$&* guy is not getting close to my comp again.

I have pasted the entire OTscanit log report below:


OTScanIt logfile created on: 10/4/2008 14:15:06
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Mohit Kapur\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.30% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;F:\pagefile.sys 1024 2092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 11.33 Gb Free Space | 22.65% Space Free | Partition Type: NTFS
Drive D: | 91.44 Gb Total Space | 0.46 Gb Free Space | 0.51% Space Free | Partition Type: NTFS
Drive E: | 91.43 Gb Total Space | 3.58 Gb Free Space | 3.92% Space Free | Partition Type: NTFS
Drive F: | 50.00 Gb Total Space | 2.44 Gb Free Space | 4.88% Space Free | Partition Type: NTFS
Drive G: | 91.44 Gb Total Space | 2.71 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive H: | 91.43 Gb Total Space | 1.37 Gb Free Space | 1.50% Space Free | Partition Type: NTFS
Drive I: | 98.14 Gb Total Space | 1.02 Gb Free Space | 1.04% Space Free | Partition Type: NTFS
Drive J: | 87.16 Gb Total Space | 0.11 Gb Free Space | 0.12% Space Free | Partition Type: NTFS
Drive K: | 47.58 Gb Total Space | 0.55 Gb Free Space | 1.16% Space Free | Partition Type: NTFS
Drive M: | 5.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOHITCAP1
Current User Name: Mohit Kapur
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe ->  [Ver =  | Size = 110592 bytes | Modified Date = 4/6/2005 16:03:28 | Attr =	]
omniserv.exe -> %ProgramFiles%\Softex\OmniPass\omniServ.exe ->  [Ver =  | Size = 68704 bytes | Modified Date = 2/2/2004 16:33:40 | Attr =	]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 7/28/2008 00:12:34 | Attr =	]
opxpapp.exe -> %ProgramFiles%\Softex\OmniPass\OPXPApp.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 2/2/2004 13:19:28 | Attr =	]
itouch.exe -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 09:33:26 | Attr =	]
scureapp.exe -> %ProgramFiles%\Softex\OmniPass\scureapp.exe ->  [Ver = 1, 0, 0, 1 | Size = 1744896 bytes | Modified Date = 2/2/2004 16:25:56 | Attr =	]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 1/8/2004 09:50:00 | Attr =	]
usdm.exe -> %ProgramFiles%\EPoX\USDM\USDM.EXE -> EPoX COMPUTER CO.,LTD. [Ver = 3.0.11.28 | Size = 1297408 bytes | Modified Date = 6/17/2005 10:54:52 | Attr =	]
help.exe -> %ProgramFiles%\Softex\OmniPass\Help.exe ->  [Ver = 1, 0, 0, 1 | Size = 249856 bytes | Modified Date = 2/2/2004 13:52:50 | Attr =	]
wfwiz.exe -> %ProgramFiles%\WinFast\WFDTV\WFWIZ.exe -> Leadtek Research Inc. [Ver = 5.13.01.2007-0727 | Size = 409600 bytes | Modified Date = 7/27/2007 18:09:02 | Attr =	]
opwarese4.exe -> %ProgramFiles%\ScanSoft\OmniPageSE4\OpWareSE4.exe -> Nuance Communications, Inc. [Ver = 15.2.6606.1 | Size = 79400 bytes | Modified Date = 2/4/2007 12:02:14 | Attr =	]
strokeit.exe -> %ProgramFiles%\Strokeit\strokeit.exe ->  [Ver = .9.5 | Size = 21504 bytes | Modified Date = 2/17/2005 15:13:10 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 1/22/2006 02:43:17 | Attr =	]
(Analysis Server) Analysis Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Phoenix Integration\Analysis Server 5.1\aserver.exe ->  [Ver =  | Size = 73728 bytes | Modified Date = 6/15/2006 10:42:52 | Attr =	]
(BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe ->  [Ver =  | Size = 110592 bytes | Modified Date = 4/6/2005 16:03:28 | Attr =	]
(LBTServ) Logitech Bluetooth Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Logitech\Bluetooth\LBTSERV.EXE -> File not found
(omniserv) Softex OmniPass Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Softex\OmniPass\omniServ.exe ->  [Ver =  | Size = 68704 bytes | Modified Date = 2/2/2004 16:33:40 | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 7/28/2008 00:12:34 | Attr =	]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 12/13/2004 05:34:32 | Attr =	]

[Driver Services - Non-Microsoft Only]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.5.3.0 [Kernel | Auto | Stopped] -> %SystemRoot%\System32\DRIVERS\AegisP.sys -> File not found
(AmdAcpi) AmdAcpi Bus Filter Driver [Kernel | Boot | Stopped] -> %SystemRoot%\system32\DRIVERS\AmdAcpi.sys -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.3.2 (dnsrv(wmbla).060701-2226) | Size = 36864 bytes | Modified Date = 7/1/2006 22:39:40 | Attr =	]
(AMDPCI) AMDPCI [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\MOHITK~1\LOCALS~1\Temp\AMDPCI.sys -> File not found
(AmdPPM) AMD HwPState Processor Driver [Kernel | System | Stopped] -> %SystemRoot%\System32\DRIVERS\AmdPPM.sys -> File not found
(amdtools) AMD Special Tools Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AmdTools.sys -> AMD, Inc. [Ver = 1.5.0.0 | Size = 31744 bytes | Modified Date = 6/27/2006 14:24:16 | Attr =	]
(BlueletAudio) Bluetooth Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\blueletaudio.sys -> IVT Corporation [Ver = 1.2 | Size = 20480 bytes | Modified Date = 5/31/2005 15:40:20 | Attr =	]
(BT) Bluetooth PAN Network Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BtNetDrv.sys -> IVT Corporation [Ver = 1.2.0 | Size = 10804 bytes | Modified Date = 4/30/2005 14:48:58 | Attr =	]
(btaudio) Bluetooth Audio Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\btaudio.sys -> File not found
(Btcsrusb) Bluetooth USB For Bluetooth Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\btcusb.sys -> IVT Corporation [Ver = 2.0.0 | Size = 23000 bytes | Modified Date = 5/31/2005 09:42:28 | Attr =	]
(BTDriver) Bluetooth Virtual Communications Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\btport.sys -> File not found
(BTHidEnum) Bluetooth HID Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vbtenum.sys ->  [Ver =  | Size = 11860 bytes | Modified Date = 4/30/2005 14:50:20 | Attr =	]
(BTHidMgr) Bluetooth HID Manager Service [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\BTHidMgr.sys -> IVT Corporation [Ver = 1.2.2.0 | Size = 28271 bytes | Modified Date = 4/30/2005 14:50:10 | Attr =	]
(BTNetFilter) Bluetooth Network Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BTNetFilter.sys ->  [Ver =  | Size = 13304 bytes | Modified Date = 12/16/2004 16:32:54 | Attr =	]
(BTWDNDIS) Bluetooth LAN Access Server [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\btwdndis.sys -> File not found
(btwhid) btwhid [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\btwhid.sys -> File not found
(BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\btwusb.sys -> File not found
(CA561) ICatch VI PC CAMERA [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SPCA561.SYS -> SP [Ver = 1.0.7.8 | Size = 122928 bytes | Modified Date = 11/29/2004 18:51:52 | Attr =	]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found
(CSRBC01) CSRBC01.Sys CSR test driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\csrbc01.sys -> CSR [Ver = 1.20a | Size = 86902 bytes | Modified Date = 9/15/2006 11:11:06 | Attr =	]
(CX23880) WinFast CX2388x WDM Video Capture. [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\cx88vid.sys -> Leadtek Research Inc. [Ver = 4.0.107.3210 built by: Leadtek | Size = 162944 bytes | Modified Date = 10/18/2006 11:37:26 | Attr =	]
(CXAVXBAR) WinFast CX2388x WDM Crossbar. [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\cxavxbar.sys -> Leadtek Research Inc. [Ver = 4.0.107.3210 built by: Leadtek | Size = 9728 bytes | Modified Date = 10/18/2006 11:38:38 | Attr =	]
(CXTUNE) WinFast CX2388x WDM TVTuner. [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\cx88tune.sys -> Leadtek Research Inc. [Ver = 4.0.107.3210 built by: Leadtek | Size = 50816 bytes | Modified Date = 10/18/2006 11:37:56 | Attr =	]
(d347bus) d347bus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\d347bus.sys ->   [Ver = 3.47.0.0 built by: WinDDK | Size = 155136 bytes | Modified Date = 8/22/2004 17:31:10 | Attr =	]
(d347prt) d347prt [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\d347prt.sys ->   [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 8/22/2004 17:31:48 | Attr =	]
(DFUBTUSB) WIDCOMM USB Bluetooth Driver in DFU State [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\frmupgr.sys -> File not found
(DSDrv4) DSDrv4 [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -> File not found
(EPoXUSDM) EPoXUSDM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\EPoXUSDM.SYS ->  [Ver =  | Size = 6656 bytes | Modified Date = 6/16/2005 19:40:10 | Attr =	]
(EPScanMemory) EPScanMemory [Kernel | On_Demand | Stopped] -> %ProgramFiles%\EPoX\EPTP\ScanMemory32.sys -> File not found
(FileDisk) FileDisk [Kernel | System | Running] -> %SystemRoot%\System32\drivers\filedisk.sys -> iolo technologies, LLC (based on original work by Bo Brantn) [Ver = 2.0 | Size = 9728 bytes | Modified Date = 5/29/2004 07:15:12 | Attr =	]
(FLMCKUSB) AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\FLMckUSB.sys -> AuthenTec, Inc. [Ver = 5.0.2033.3 | Size = 67159 bytes | Modified Date = 3/17/2004 12:59:44 | Attr =	]
(FTDIBUS) SEMC DSS SyncStation Serial Converter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\ftdibus.sys -> File not found
(FTLUND) Lundinova Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ftlund.sys -> FTDI Ltd. [Ver = 1.00.05.1 | Size = 6828 bytes | Modified Date = 1/19/2004 16:27:26 | Attr =	]
(FTSER2K) SEMC DSS SyncStation Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\ftser2k.sys -> File not found
(Hardlock) Hardlock [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\hardlock.sys -> Aladdin Knowledge Systems Ltd. [Ver = 3.33 | Size = 670208 bytes | Modified Date = 11/5/2004 11:08:06 | Attr =	]
(itchfltr) iTouch Keyboard Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\itchfltr.sys -> Logitech, Inc. [Ver = 2.20.200.0 | Size = 12953 bytes | Modified Date = 3/10/2004 14:42:24 | Attr =	]
(L8042PR2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042PR2.SYS -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 51729 bytes | Modified Date = 12/17/2003 10:50:00 | Attr =	]
(LCcfltr) Logitech USB Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LCcfltr.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 14095 bytes | Modified Date = 12/17/2003 09:50:00 | Attr =	]
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 25505 bytes | Modified Date = 12/17/2003 09:50:00 | Attr =	]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37887 bytes | Modified Date = 12/17/2003 09:50:00 | Attr =	]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 70801 bytes | Modified Date = 12/17/2003 09:50:00 | Attr =	]
(LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\LMouKE.sys -> File not found
(n558) N558 Bluetooth USB Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\n558.sys -> Waytech Development, Inc. [Ver = 1.00.02.0.0 built by: WinDDK | Size = 9728 bytes | Modified Date = 7/20/2007 06:20:46 | Attr =	]
(PCASp50) PCASp50 NDIS Protocol Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PCASp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.05 | Size = 27072 bytes | Modified Date = 11/28/2006 21:46:20 | Attr =	]
(rt2870) Linksys 802.11n USB Wireless LAN Card Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt2870.sys -> Ralink Technology, Corp. [Ver = 1.01.00.0000 | Size = 551680 bytes | Modified Date = 12/14/2007 18:04:24 | Attr =	]
(Si3132r5) SiI-3132 SoftRaid 5 Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Si3132r5.sys -> Silicon Image, Inc [Ver = 1, 5, 18, 0 | Size = 215856 bytes | Modified Date = 6/1/2007 18:28:54 | Attr =	]
(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> Silicon Image, Inc. [Ver = 1.0.0.11 | Size = 17328 bytes | Modified Date = 5/25/2007 17:41:00 | Attr =	]
(SiRemFil) SATALink External Device Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiRemFil.sys -> Silicon Image, Inc. [Ver = 1, 1, 7, 0 | Size = 12464 bytes | Modified Date = 5/25/2007 17:40:58 | Attr =	]
(SoC PC-Camera Service) Mini-Cam USB Camera (SC-120) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pfc027.sys ->  [Ver = 0.0.2.8 | Size = 138396 bytes | Modified Date = 3/24/2004 10:22:26 | Attr =	]
(SQTECH913D) Photo Frame [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Capt8080.sys -> Service & Quality Technology. [Ver = 0, 0, 0, 2 | Size = 16640 bytes | Modified Date = 3/24/2007 18:27:52 | Attr =	]
(truecrypt) truecrypt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\truecrypt.sys -> TrueCrypt Foundation [Ver = 5.1a | Size = 223424 bytes | Modified Date = 5/18/2008 01:13:06 | Attr =	]
(ULCDRHlp) ULCDRHlp [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ULCDRHlp.sys -> Ulead Systems, Inc. [Ver = 1, 0, 1, 10 | Size = 27392 bytes | Modified Date = 12/23/2004 17:27:56 | Attr =	]
(UltraMonMirror) UltraMonMirror [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\UltraMonMirror.sys -> File not found
(VComm) Virtual Serial port driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\VComm.sys -> IVT Corporation [Ver = 2.20 | Size = 61312 bytes | Modified Date = 10/19/2004 13:37:38 | Attr =	]
(VcommMgr) Bluetooth VComm Manager Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\VcommMgr.sys -> IVT Corporation [Ver = 2.20 | Size = 82148 bytes | Modified Date = 3/25/2005 17:18:48 | Attr =	]
(vsbus) Virtual Serial Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vsb.sys -> ELTIMA Software [Ver = 3.1.103 | Size = 18167 bytes | Modified Date = 10/5/2005 12:00:06 | Attr =	]
(vserial) ELTIMA Virtual Serial Ports Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vserial.sys -> ELTIMA Software [Ver = 3.1.103 | Size = 47104 bytes | Modified Date = 10/5/2005 12:00:06 | Attr =	]
(WFIOCTL) WFIOCTL [Kernel | On_Demand | Stopped] -> %ProgramFiles%\WinFast\WFTVFM\WFIOCTL.SYS -> File not found
(WINFLASH) WINFLASH [Kernel | On_Demand | Stopped] -> %ProgramFiles%\EPoX\Magic BIOS\WINFLASH.SYS ->  [Ver =  | Size = 3548 bytes | Modified Date = 9/17/2002 00:55:06 | Attr =	]
(zebrceb) Sony Ericsson Cable Emulation Bus (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\zebrceb.sys -> MCCI [Ver = V4.38 | Size = 53408 bytes | Modified Date = 7/25/2006 18:36:00 | Attr = R  ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
amd_dc_opt -> %ProgramFiles%\AMD\amd_dc_opt\amd_dc_opt.exe ["C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"] ->  [Ver = 1, 0, 0, 0 | Size = 106496 bytes | Modified Date = 6/28/2006 15:42:52 | Attr =	]
CanonMyPrinter -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> CANON INC. [Ver = 1, 5, 0, 0 | Size = 1603152 bytes | Modified Date = 4/3/2007 21:50:00 | Attr =	]
CanonSolutionMenu -> %ProgramFiles%\Canon\SolutionMenu\CNSLMAIN.EXE [C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon] -> CANON INC. [Ver = 1, 0, 1, 0 | Size = 644696 bytes | Modified Date = 5/14/2007 21:01:00 | Attr =	]
EPoXUSDM -> %ProgramFiles%\EPoX\USDM\USDM.EXE ["C:\Program Files\EPoX\USDM\USDM.EXE" "5000"] -> EPoX COMPUTER CO.,LTD. [Ver = 3.0.11.28 | Size = 1297408 bytes | Modified Date = 6/17/2005 10:54:52 | Attr =	]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe /autostart] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 17:22:02 | Attr =	]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE [Logi_MwX.Exe] -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 09:50:00 | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.7813 | Size = 13574144 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.7813 | Size = 86016 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
NVMixerTray -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NvMixerTray.exe ["C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"] -> NVIDIA Corporation [Ver = 1.0.451 | Size = 131072 bytes | Modified Date = 12/20/2004 17:12:36 | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1657376 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
OmniPass -> %ProgramFiles%\Softex\OmniPass\scureapp.exe [C:\Program Files\Softex\OmniPass\scureapp.exe] ->  [Ver = 1, 0, 0, 1 | Size = 1744896 bytes | Modified Date = 2/2/2004 16:25:56 | Attr =	]
OpwareSE4 -> %ProgramFiles%\ScanSoft\OmniPageSE4\OpWareSE4.exe ["C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"] -> Nuance Communications, Inc. [Ver = 15.2.6606.1 | Size = 79400 bytes | Modified Date = 2/4/2007 12:02:14 | Attr =	]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 20:50:00 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr =	]
UserFaultCheck ->  [%systemroot%\system32\dumprep 0 -u] -> File not found
WinFast Schedule -> %ProgramFiles%\WinFast\WFDTV\WFWIZ.exe [C:\Program Files\WinFast\WFDTV\WFWIZ.exe] -> Leadtek Research Inc. [Ver = 5.13.01.2007-0727 | Size = 409600 bytes | Modified Date = 7/27/2007 18:09:02 | Attr =	]
zBrowser Launcher -> %ProgramFiles%\Logitech\iTouch\iTouch.exe [C:\Program Files\Logitech\iTouch\iTouch.exe] -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 09:33:26 | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
NVIDIA nTune -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneCmd.exe ["C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear] -> File not found
StrokeIt -> %ProgramFiles%\Strokeit\strokeit.exe [C:\Program Files\Strokeit\strokeit.exe] ->  [Ver = .9.5 | Size = 21504 bytes | Modified Date = 2/17/2005 15:13:10 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Mohit Kapur Startup Folder > -> C:\Documents and Settings\Mohit Kapur\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
iiipki.dll ->  -> File not found
*MultiFile Done* -> -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 20:12:19 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 20:12:38 | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 20:12:24 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 20:12:05 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 20:12:41 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
OPXPGina -> %ProgramFiles%\Softex\OmniPass\OPXPGina.dll ->  [Ver =  | Size = 40960 bytes | Modified Date = 2/2/2004 13:19:30 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 227 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 14:40:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/24/2005 11:49:29 | Attr =	]
autorun [] -> %SystemRoot%\system32\autorun.exe [ CDFS ] ->  [Ver = 2.3.0.3 | Size = 778752 bytes | Modified Date = 1/18/2005 06:45:54 | Attr =	]
Autorun.inf [[autorun] | open=AutoRunCD.exe | icon=AutoRunCD.exe, 0 |  |  | ] -> M:\Autorun.inf [ CDFS ] ->  [Ver =  | Size = 58 bytes | Modified Date = 7/19/2007 10:53:44 | Attr = R  ]
AutoRunCD.exe [MZ | ] -> M:\AutoRunCD.exe [ CDFS ] -> Crytek [Ver = 1.0.1.2 | Size = 4318432 bytes | Modified Date = 10/24/2007 18:11:40 | Attr = R  ]
< HOSTS File > (264779 bytes and 9224 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4838 domain(s) found. -> 
46 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4839 domain(s) found. -> 
ithaca.ecn_purdue.edu [https] -> Trusted sites -> 
gatech-csm_symplicity.com [https] -> Trusted sites -> 
47 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{465E08E7-F005-4389-980F-1D8764B3486C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/13/2008 13:28:23 | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 4/13/2008 12:26:52 | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{6576EBAA-B570-4345-98E4-96153C77CF24} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/13/2008 13:28:23 | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/13/2008 13:28:23 | Attr = R  ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/13/2008 13:28:23 | Attr = R  ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
WebBrowser\\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{000002a3-84fe-43f1-b958-f2c3ca804f1a}:{CD275D4E-791A-4993-9D4D-6A071EDD2709} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Grab and Drag] -> IE7Pro.com [Ver = 2, 4, 0, 3 | Size = 756840 bytes | Modified Date = 9/24/2008 02:11:26 | Attr =	]
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}:{B119EB0C-C021-46CF-85B0-34A760E0D5FE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Preferences] -> IE7Pro.com [Ver = 2, 4, 0, 3 | Size = 756840 bytes | Modified Date = 9/24/2008 02:11:26 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 04:27:02 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr =	]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.1.3036 | Size = 61440 bytes | Modified Date = 11/13/2002 19:50:20 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.1.3036 | Size = 61440 bytes | Modified Date = 11/13/2002 19:50:20 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{04D026A4-FF8E-4414-8B68-905635F18AD1} ->	() -> 
{0B46BDA2-FE43-44D4-BD60-787033F74722} ->	(Windows Mobile-based Device) -> 
{15E68139-574D-4C42-8DFD-F5970E823DE7} ->	() -> 
{32DCB736-D70A-49AF-A449-ABF6F7FA2718} ->	(NVIDIA nForce Networking Controller) -> 
{4F086FB8-5308-40F8-86F2-1149B80EB11F} ->	() -> 
{7E3AB7EB-14C8-4E0C-8F3B-4B800DB64BA1} ->	(Windows Mobile-based Internet Sharing Device) -> 
{BE7E07B4-4199-4499-9506-735FDB160575} ->	(Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter) -> 
{F1768ADB-53CE-4F86-9AFE-748372C0A4ED} ->	(1394 Net Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000055-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{106E49CF-797A-11D2-81A2-00E02C015623}[HKEY_LOCAL_MACHINE] -> http://www.alternatiff.com/install/00/alttiff.cab[AlternaTIFF ActiveX] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{1E54D648-B804-468d-BC78-4AFFED8E262E}[HKEY_LOCAL_MACHINE] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab[System Requirements Lab Class] -> 
{1ED48504-8834-11D5-AC75-0008C73FD642}[HKEY_LOCAL_MACHINE] -> file://C:\Program Files\proeWildfire 2.0\i486_nt\obj\pvx_install.exe[Reg Error: Key does not exist or could not be opened.] -> 
{27527D31-447B-11D5-A46E-0001023B4289}[HKEY_LOCAL_MACHINE] -> http://gamingzone.ubisoft.com/dev/packages/GSManager.cab[CoGSManager Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> 
{4B48D5DF-9021-45F7-A240-60304302A215}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab[Malicious Software Removal Tool] -> 
{54EABC7D-40DC-4667-8517-F42D00540342}[HKEY_LOCAL_MACHINE] -> http://www.dlpe-tegrity2.gatech.edu/tegrity/_Player/1.0/Code/DRMActiveX.CAB[DRMActiveXControl Class] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> 
{5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD}[HKEY_LOCAL_MACHINE] -> http://usfulfillment.puretracks.com/onager.cab[OnagerCtrl Class] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222703195546[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187551437451[MUWebControl Class] -> 
{74DBCB52-F298-4110-951D-AD2FF67BC8AB}[HKEY_LOCAL_MACHINE] -> http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab[NVIDIA Smart Scan] -> 
{86A88967-7A20-11D2-8EDA-00600818EDB1}[HKEY_LOCAL_MACHINE] -> http://www.parallelgraphics.com/l2/bin/cortvrml.cab[ParallelGraphics Cortona Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}[HKEY_LOCAL_MACHINE] -> http://civl3104acam1.ecn.purdue.edu/activex/AxisCamControl.cab[CamImage Class] -> 
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}[HKEY_LOCAL_MACHINE] -> http://www.merasnap.com/activex/ImageUploader3.cab[Aurigma Image Uploader 3.5 Control] -> 
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}[HKEY_LOCAL_MACHINE] -> http://gameadvisor.futuremark.com/global/msc37.cab[Measurement Services Client v.3.7] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}[HKEY_LOCAL_MACHINE] -> http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab[IWinAmpActiveX Class] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file:///C:/WINDOWS/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Intuwave/Shared/mRouterRuntime/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Intuwave/Shared/mRouterRuntime/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Intuwave/Shared/mRouterRuntime/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Intuwave/Shared/mRouterRuntime/unicows.dll\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx\\.Owner -> {106E49CF-797A-11D2-81A2-00E02C015623} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx\\{106E49CF-797A-11D2-81A2-00E02C015623} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/chameleon.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/chameleon.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/chameleon.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortmime.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortmime.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortmime.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_control.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_control.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_control.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_dxs.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_dxs.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_dxs.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_imagers.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_imagers.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_imagers.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_js2.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_js2.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_js2.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_native.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_native.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_native.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_res.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_res.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_res.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_support.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_support.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_support.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_transport.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_transport.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_transport.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DRMActiveX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DRMActiveX.dll\\.Owner -> {54EABC7D-40DC-4667-8517-F42D00540342} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DRMActiveX.dll\\{54EABC7D-40DC-4667-8517-F42D00540342} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dsound_renderer.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dsound_renderer.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dsound_renderer.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DXSelector.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DXSelector.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DXSelector.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/engine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/engine.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/engine.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GSManager.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GSManager.dll\\.Owner -> {27527D31-447B-11D5-A46E-0001023B4289} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GSManager.dll\\{27527D31-447B-11D5-A46E-0001023B4289} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\\.Owner -> {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/movieimager.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/movieimager.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/movieimager.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\.Owner -> {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NvidiaSmartScan.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NvidiaSmartScan.ocx\\.Owner -> {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NvidiaSmartScan.ocx\\{74DBCB52-F298-4110-951D-AD2FF67BC8AB} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/onager.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/onager.dll\\.Owner -> {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/onager.dll\\{5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX5.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX5.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX5.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX7.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX7.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX7.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX9.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX9.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX9.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheOGL.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheOGL.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheOGL.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rob.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rob.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rob.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RSoft32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RSoft32.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RSoft32.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/shelley3.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/shelley3.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/shelley3.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab3.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab3.dll\\.Owner -> {1E54D648-B804-468d-BC78-4AFFED8E262E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab3.dll\\{1E54D648-B804-468d-BC78-4AFFED8E262E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebCleaner.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebCleaner.dll\\.Owner -> {4B48D5DF-9021-45F7-A240-60304302A215} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebCleaner.dll\\{4B48D5DF-9021-45F7-A240-60304302A215} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 20:12:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 20:11:56 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 20:12:00 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 20:12:05 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 20:12:08 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 888 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 20:12:05 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 20:12:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 7D 55 89 26 F6 9D 3E 75 F4 1B A6 1E 58 41 AF B5 61 64 31 32 63 35 64 31 00 68 07 00 01 00 00 00 DC 00 00 00 E0 00 00 00 48 FA 06 00 97 55 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 4D FE 54 71  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> D5 C9 41 22 75 B1 FF 42 4E  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> BB E3 A7 09 F5 0F  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 08:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> F5 A8 82 51 B2 51 BD 52 44 FF FA 7C 16 1C 13 74  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> B8 5F 43 BF E1 24 C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 20:12:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11541 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 20:11:55 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 20:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe -> %ProgramFiles%\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe -> %ProgramFiles%\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe:*:Enabled:AWP ANSYS.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe -> %ProgramFiles%\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe -> %ProgramFiles%\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe -> %ProgramFiles%\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe:*:Enabled:CEExeServerU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe -> %ProgramFiles%\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe:*:Enabled:JMServiceU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\tclsh.exe -> %ProgramFiles%\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\tclsh.exe [C:\Program Files\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\wish.exe -> %ProgramFiles%\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\wish.exe [C:\Program Files\ANSYS Inc\v100\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe -> %ProgramFiles%\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe [C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 14:53:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> %ProgramFiles%\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 199464 bytes | Modified Date = 11/13/2006 13:39:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 1289000 bytes | Modified Date = 11/13/2006 13:39:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 4270888 bytes | Modified Date = 11/13/2006 13:39:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 16:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1723:TCP -> 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1701:UDP -> 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\500:UDP -> 500:UDP:*:Enabled:@xpsp2res.dll,-22017 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\mW[־`=v%S8>grl>\=۱ ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Steam\Steam.exe -> F:\Steam\Steam.exe [F:\Steam\Steam.exe:*:Enabled:Steam] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 12/13/2007 16:22:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Steam\SteamApps\superman27884@yahoo.com\counter-strike\hl.exe -> F:\Steam\SteamApps\superman27884@yahoo.com\counter-strike\hl.exe [F:\Steam\SteamApps\superman27884@yahoo.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 1/24/2008 22:55:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Steam\SteamApps\superman27884@yahoo.com\day of defeat\hl.exe -> F:\Steam\SteamApps\superman27884@yahoo.com\day of defeat\hl.exe [F:\Steam\SteamApps\superman27884@yahoo.com\day of defeat\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 1/24/2008 22:38:19 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpnsvr.exe -> %SystemRoot%\system32\dpnsvr.exe [C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server] -> Microsoft Corporation [Ver = 5.03.2600.5512 (xpsp.080413-0845) | Size = 17920 bytes | Modified Date = 4/13/2008 20:12:17 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitLord\BitLord.exe -> %ProgramFiles%\BitLord\BitLord.exe [C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord] -> www.BitLord.com [Ver = 1.1. | Size = 2224128 bytes | Modified Date = 5/6/2005 20:47:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\aim.exe -> %ProgramFiles%\AIM95\aim.exe [C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.1.3036 | Size = 61440 bytes | Modified Date = 11/13/2002 19:50:20 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] ->  [Ver =  | Size = 3096576 bytes | Modified Date = 12/8/2005 14:55:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 0 | Size = 53248 bytes | Modified Date = 12/8/2005 14:55:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Red Storm Entertainment\RavenShield\system\UCC.exe -> F:\Red Storm Entertainment\RavenShield\system\UCC.exe [F:\Red Storm Entertainment\RavenShield\system\UCC.exe:*:Enabled:UCC] ->  [Ver =  | Size = 69632 bytes | Modified Date = 10/7/2004 14:17:28 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\VideoLAN\VLC\vlc.exe -> %ProgramFiles%\VideoLAN\VLC\vlc.exe [C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player] ->  [Ver =  | Size = 93184 bytes | Modified Date = 5/6/2006 12:42:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\System Mechanic 5 Professional\Search and Recover\SearchandRecover.exe -> %ProgramFiles%\System Mechanic 5 Professional\Search and Recover\SearchandRecover.exe [C:\Program Files\System Mechanic 5 Professional\Search and Recover\SearchandRecover.exe:*:Disabled:Search and Recover 2] -> iolo technologies, LLC [Ver = 2.0.0.0 | Size = 1946112 bytes | Modified Date = 7/19/2004 11:53:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\System Mechanic 5 Professional\System Shield\SystemShield.exe -> %ProgramFiles%\System Mechanic 5 Professional\System Shield\SystemShield.exe [C:\Program Files\System Mechanic 5 Professional\System Shield\SystemShield.exe:*:Disabled:Start System Shield] -> iolo technologies, LLC [Ver = 2.1.2.0 | Size = 505344 bytes | Modified Date = 9/1/2004 19:46:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\System Mechanic 5 Professional\SysMech5.exe -> %ProgramFiles%\System Mechanic 5 Professional\SysMech5.exe [C:\Program Files\System Mechanic 5 Professional\SysMech5.exe:LocalSubNet:Disabled:Start System Mechanic 5 Professional] ->  [Ver =  | Size = 2859008 bytes | Modified Date = 9/20/2004 16:42:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\System Mechanic 5 Professional\SMUtilityBar.exe -> %ProgramFiles%\System Mechanic 5 Professional\SMUtilityBar.exe [C:\Program Files\System Mechanic 5 Professional\SMUtilityBar.exe:LocalSubNet:Disabled:System Mechanic 5 Utility Bar] -> iolo technologies, LLC [Ver = 5.5.1.0 | Size = 734720 bytes | Modified Date = 2/17/2005 10:35:44 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\System Mechanic 5 Professional\StartupGuard.exe -> %ProgramFiles%\System Mechanic 5 Professional\StartupGuard.exe [C:\Program Files\System Mechanic 5 Professional\StartupGuard.exe:*:Disabled:System Mechanic 5 Startup Guard] -> iolo technologies, LLC [Ver = 5.5.1.0 | Size = 761344 bytes | Modified Date = 2/17/2005 10:35:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe -> %ProgramFiles%\iolo\Common\Task Agent\Task_Agent.exe [C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe:*:Disabled:Task_Agent.exe] -> iolo technologies, LLC [Ver = 3.6.0.0 | Size = 41984 bytes | Modified Date = 10/25/2001 15:20:22 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\System Mechanic 5 Professional\Search and Recover\DiskImageService.exe -> %ProgramFiles%\System Mechanic 5 Professional\Search and Recover\DiskImageService.exe [C:\Program Files\System Mechanic 5 Professional\Search and Recover\DiskImageService.exe:*:Disabled:DiskImageService.exe] -> iolo technologies, LLC [Ver = 2.0.0.0 | Size = 258048 bytes | Modified Date = 7/7/2004 11:04:20 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 14144000 bytes | Modified Date = 2/23/2006 16:31:58 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> %SystemRoot%\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.5512 (xpsp.080413-0845) | Size = 83456 bytes | Modified Date = 4/13/2008 20:12:18 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 20:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE -> %ProgramFiles%\Microsoft Office\OFFICE11\WINWORD.EXE [C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word] -> Microsoft Corporation [Ver = 11.0.8227 | Size = 12313096 bytes | Modified Date = 7/3/2008 18:36:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe -> %ProgramFiles%\Adobe\Adobe Photoshop CS2\Photoshop.exe [C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe:LocalSubNet:Disabled:Adobe Photoshop CS2] -> Adobe Systems, Incorporated [Ver = 9.0 (9.0x196) | Size = 19533824 bytes | Modified Date = 3/22/2005 05:29:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Call of Duty 2\cod2mp_s.exe -> F:\Call of Duty 2\CoD2MP_s.exe [F:\Call of Duty 2\cod2mp_s.exe:*:Disabled:Call of Duty(R) 2 Multiplayer] ->  [Ver =  | Size = 1974272 bytes | Modified Date = 5/1/2006 17:09:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Call of Duty 2\cod2sp_s.exe -> F:\Call of Duty 2\CoD2SP_s.exe [F:\Call of Duty 2\cod2sp_s.exe:*:Disabled:Call of Duty(R) 2 Single Player] ->  [Ver =  | Size = 1761280 bytes | Modified Date = 6/9/2006 14:37:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe:LocalSubNet:Disabled:Acrobat.exe] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 69632 bytes | Modified Date = 12/14/2004 04:44:40 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Adobe Bridge\Bridge.exe -> %ProgramFiles%\Adobe\Adobe Bridge\Bridge.exe [C:\Program Files\Adobe\Adobe Bridge\Bridge.exe:LocalSubNet:Disabled:Adobe Bridge] -> Adobe Systems, Inc. [Ver = 1.0 | Size = 8339456 bytes | Modified Date = 3/24/2005 16:39:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Adobe Help Center\ahc.exe -> %ProgramFiles%\Adobe\Adobe Help Center\ahc.exe [C:\Program Files\Adobe\Adobe Help Center\ahc.exe:LocalSubNet:Disabled:Adobe Help Center] -> Adobe Systems Incorporated [Ver = 1.0.0.793 | Size = 4460544 bytes | Modified Date = 3/15/2005 21:46:48 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe:LocalSubNet:Disabled:AdobeUpdateManager.exe] -> Adobe Systems Incorporated [Ver = 3.0.0.40 | Size = 307200 bytes | Modified Date = 11/22/2004 08:18:02 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Steam\SteamApps\superman27884@yahoo.com\team fortress classic\hl.exe -> F:\Steam\SteamApps\superman27884@yahoo.com\team fortress classic\hl.exe [F:\Steam\SteamApps\superman27884@yahoo.com\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 11/19/2007 23:10:21 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\NFSU2\SPEED2.EXE -> F:\NFSU2\SPEED2.EXE [F:\NFSU2\SPEED2.EXE:*:Disabled:Need for Speed Underground 2] ->  [Ver =  | Size = 4788224 bytes | Modified Date = 11/10/2004 08:37:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox] -> Mozilla Corporation [Ver = 1.9.0.3 | Size = 307712 bytes | Modified Date = 9/25/2008 09:51:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Steam\SteamApps\superman27884@yahoo.com\deathmatch classic\hl.exe -> F:\Steam\SteamApps\superman27884@yahoo.com\deathmatch classic\hl.exe [F:\Steam\SteamApps\superman27884@yahoo.com\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 10/23/2006 18:21:12 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Red Storm Entertainment\RavenShield\system\RavenShield.exe -> F:\Red Storm Entertainment\RavenShield\system\ravenshield.exe [F:\Red Storm Entertainment\RavenShield\system\RavenShield.exe:*:Enabled:RavenShield] ->  [Ver =  | Size = 135168 bytes | Modified Date = 11/7/2004 16:13:22 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 14:53:32 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Steam\SteamApps\quest_counter\condition zero\hl.exe -> F:\Steam\SteamApps\quest_counter\condition zero\hl.exe [F:\Steam\SteamApps\quest_counter\condition zero\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 12/12/2006 00:25:31 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Steam\SteamApps\quest_counter\counter-strike\hl.exe -> F:\Steam\SteamApps\quest_counter\counter-strike\hl.exe [F:\Steam\SteamApps\quest_counter\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 12/12/2006 01:33:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Steam\SteamApps\superman27884@yahoo.com\half-life\hl.exe -> F:\Steam\SteamApps\superman27884@yahoo.com\half-life\hl.exe [F:\Steam\SteamApps\superman27884@yahoo.com\half-life\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 1/26/2007 18:32:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil] -> IVT Corporation [Ver = 1, 6, 1, 4 | Size = 1183744 bytes | Modified Date = 6/6/2005 13:23:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe -> %ProgramFiles%\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe [C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module] -> Intuwave Ltd. [Ver = 3, 1, 0, 28 | Size = 634947 bytes | Modified Date = 3/2/2006 11:55:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe -> %ProgramFiles%\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe [C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\DXP SyncML.exe:*:Enabled:DXP SyncML Module] -> Popwire AB [Ver = 1, 0, 0, 162 | Size = 933888 bytes | Modified Date = 7/25/2006 15:44:42 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 17:22:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> %ProgramFiles%\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 199464 bytes | Modified Date = 11/13/2006 13:39:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 1289000 bytes | Modified Date = 11/13/2006 13:39:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 4270888 bytes | Modified Date = 11/13/2006 13:39:54 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\Common Framework\FrameworkService.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe [C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe -> %SystemRoot%\PCHEALTH\HELPCTR\Binaries\helpctr.exe [C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 769024 bytes | Modified Date = 4/13/2008 20:12:21 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Phoenix Integration\Analysis Server 5.1\aserver.exe -> %ProgramFiles%\Phoenix Integration\Analysis Server 5.1\aserver.exe [C:\Program Files\Phoenix Integration\Analysis Server 5.1\aserver.exe:*:Enabled:aserver] ->  [Ver =  | Size = 73728 bytes | Modified Date = 6/15/2006 10:42:52 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 16:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Crysis\Bin32\Crysis.exe -> F:\Crysis\Bin32\Crysis.exe [F:\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32] -> Crytek GmbH [Ver = 1, 1, 1, 6156 | Size = 5022944 bytes | Modified Date = 3/13/2008 12:23:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Crysis\Bin32\CrysisDedicatedServer.exe -> F:\Crysis\Bin32\CrysisDedicatedServer.exe [F:\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32] -> Crytek GmbH [Ver = 1, 1, 1, 6156 | Size = 17120 bytes | Modified Date = 3/13/2008 12:23:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrA.exe -> %SystemRoot%\system32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] ->  [Ver =  | Size = 66872 bytes | Modified Date = 7/28/2008 00:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrB.exe -> %SystemRoot%\system32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] ->  [Ver =  | Size = 107832 bytes | Modified Date = 8/19/2008 19:35:39 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IEPro\MiniDM.exe -> %ProgramFiles%\IEPro\MiniDM.exe [C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM] -> IE7Pro.com [Ver = 1, 3, 0, 2 | Size = 715912 bytes | Modified Date = 9/24/2008 02:11:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 20:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1723:TCP -> 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1701:UDP -> 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\500:UDP -> 500:UDP:*:Enabled:@xpsp2res.dll,-22017 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E23B8360-9348-4185-806D-D6160BF66E6C} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4F086FB8-5308-40F8-86F2-1149B80EB11F} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{74B3102C-1BEE-43D2-A019-0CFCA7065085} -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 20:12:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 20:12:11 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 20:12:04 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 20:12:36 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/13/2008 20:12:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/13/2008 20:12:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 20:12:04 | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 223 bytes | Created Date = 9/28/2008 01:52:06 | Attr =	]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 9/28/2008 01:51:52 | Attr =	]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 9/28/2008 01:52:02 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 10/3/2008 18:19:40 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2147012608 bytes | Created Date = 9/28/2008 13:47:45 | Attr =  HS]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 9/28/2008 03:27:48 | Attr =  HS]
rsit -> %SystemDrive%\rsit ->  [Folder | Created Date = 10/3/2008 13:58:38 | Attr =	]
bpsijqpe.ini -> %SystemRoot%\System32\bpsijqpe.ini ->  [Ver =  | Size = 986892 bytes | Created Date = 9/28/2008 02:19:17 | Attr =  HS]
Dvbpws.dll -> %SystemRoot%\System32\Dvbpws.dll ->  [Ver =  | Size = 2 bytes | Created Date = 9/29/2008 18:23:33 | Attr =	]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 10/2/2008 18:43:50 | Attr =	]
10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
gibwfdcy.ini -> %SystemRoot%\System32\gibwfdcy.ini ->  [Ver =  | Size = 986883 bytes | Created Date = 9/27/2008 14:33:50 | Attr =  HS]
keystone.exe -> %SystemRoot%\System32\keystone.exe ->  [Ver =  | Size = 436768 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
lvdheasp.ini -> %SystemRoot%\System32\lvdheasp.ini ->  [Ver =  | Size = 986892 bytes | Created Date = 9/28/2008 02:35:35 | Attr =  HS]
nvappbar.exe -> %SystemRoot%\System32\nvappbar.exe ->  [Ver =  | Size = 449056 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 200712 bytes | Created Date = 9/28/2008 13:45:43 | Attr =	]
nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu ->  [Ver =  | Size = 18394 bytes | Created Date = 9/28/2008 13:45:42 | Attr =	]
nvdspsch.exe -> %SystemRoot%\System32\nvdspsch.exe ->  [Ver =  | Size = 1346080 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nview.dll -> %SystemRoot%\System32\nview.dll ->  [Ver =  | Size = 1503232 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvnt4cpl.dll -> %SystemRoot%\System32\nvnt4cpl.dll ->  [Ver =  | Size = 286720 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvshell.dll -> %SystemRoot%\System32\nvshell.dll ->  [Ver =  | Size = 466944 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvtuicpl.cpl -> %SystemRoot%\System32\nvtuicpl.cpl ->  [Ver =  | Size = 73728 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll ->  [Ver =  | Size = 1724416 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll ->  [Ver =  | Size = 1101824 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nwiz.exe -> %SystemRoot%\System32\nwiz.exe ->  [Ver =  | Size = 1657376 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
pid.inf -> %SystemRoot%\System32\pid.inf ->  [Ver =  | Size = 974 bytes | Created Date = 9/29/2008 14:31:55 | Attr =	]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 10/2/2008 18:43:51 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 9/17/2008 13:01:42 | Attr =	]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 10/2/2008 18:43:51 | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 10/3/2008 13:28:54 | Attr =	]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Created Date = 10/2/2008 18:48:13 | Attr =	]
nview -> %SystemRoot%\nview ->  [Folder | Created Date = 9/28/2008 13:45:42 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 10/2/2008 18:54:13 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 9/8/2008 21:23:07 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 9/8/2008 21:23:07 | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
American Express Online Assistant -> %AllUsersProfile%\Application Data\American Express Online Assistant ->  [Folder | Created Date = 9/10/2008 12:22:12 | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 9/29/2008 13:52:19 | Attr =	]
nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles ->  [Folder | Created Date = 9/28/2008 13:49:49 | Attr =	]
Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage ->  [Folder | Created Date = 9/28/2008 15:26:28 | Attr =	]
tslifejc -> %AllUsersProfile%\Application Data\tslifejc ->  [Folder | Created Date = 9/9/2008 19:15:17 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 9/29/2008 13:52:22 | Attr =	]
SystemRequirementsLab -> %AppData%\SystemRequirementsLab ->  [Folder | Created Date = 9/28/2008 13:33:05 | Attr =	]
TmpRecentIcons -> %AppData%\TmpRecentIcons ->  [Folder | Created Date = 9/16/2008 23:44:39 | Attr =	]
Information Session Start Date.doc -> G:\My Documents\Information Session Start Date.doc ->  [Ver =  | Size = 98816 bytes | Created Date = 9/16/2008 23:45:14 | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 707 bytes | Created Date = 9/29/2008 13:52:20 | Attr =	]
2008_09_25 -> %UserProfile%\Desktop\2008_09_25 ->  [Folder | Created Date = 9/25/2008 10:05:59 | Attr =	]
ALAVs_Proposal.pdf -> %UserProfile%\Desktop\ALAVs_Proposal.pdf ->  [Ver =  | Size = 5277295 bytes | Created Date = 9/18/2008 16:09:29 | Attr =	]
antivir_workstation_winu_en_h.exe -> %UserProfile%\Desktop\antivir_workstation_winu_en_h.exe ->  [Ver =  | Size = 25085704 bytes | Created Date = 10/3/2008 15:05:06 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Created Date = 9/28/2008 14:50:12 | Attr =	]
katiegray -> %UserProfile%\Desktop\katiegray ->  [Folder | Created Date = 9/26/2008 00:16:59 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 10/4/2008 14:05:18 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 10/4/2008 14:03:46 | Attr =	]
Resume_Mohit_Kapur.pdf -> %UserProfile%\Desktop\Resume_Mohit_Kapur.pdf ->  [Ver =  | Size = 25814 bytes | Created Date = 9/10/2008 17:16:50 | Attr =	]
Resume_Mohit_Kapur_in.doc -> %UserProfile%\Desktop\Resume_Mohit_Kapur_in.doc ->  [Ver =  | Size = 51712 bytes | Created Date = 9/22/2008 21:55:05 | Attr =	]
Robot in action - arm view.wmv -> %UserProfile%\Desktop\Robot in action - arm view.wmv ->  [Ver =  | Size = 2014497 bytes | Created Date = 9/29/2008 23:45:07 | Attr =	]
Robot in action - gripper view.wmv -> %UserProfile%\Desktop\Robot in action - gripper view.wmv ->  [Ver =  | Size = 2119909 bytes | Created Date = 9/29/2008 23:50:41 | Attr =	]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe ->  [Ver = 3, 2, 12, 1 | Size = 305705 bytes | Created Date = 10/3/2008 13:57:31 | Attr =	]
setupeng.exe -> %UserProfile%\Desktop\setupeng.exe ->  [Ver = 4.8.1229.0 | Size = 27462344 bytes | Created Date = 10/3/2008 15:19:09 | Attr =	]
Statement_Aug_2008.pdf -> %UserProfile%\Desktop\Statement_Aug_2008.pdf ->  [Ver =  | Size = 173844 bytes | Created Date = 9/5/2008 23:30:46 | Attr =	]
Statement_Sep 2008.pdf -> %UserProfile%\Desktop\Statement_Sep 2008.pdf ->  [Ver =  | Size = 235104 bytes | Created Date = 10/3/2008 14:48:48 | Attr =	]
stmt_2008-07-31.pdf -> %UserProfile%\Desktop\stmt_2008-07-31.pdf ->  [Ver =  | Size = 42735 bytes | Created Date = 9/5/2008 23:02:16 | Attr =	]
stmt_2008-08-31(2).pdf -> %UserProfile%\Desktop\stmt_2008-08-31(2).pdf ->  [Ver =  | Size = 42546 bytes | Created Date = 10/3/2008 14:41:17 | Attr =	]
stmt_2008-08-31.pdf -> %UserProfile%\Desktop\stmt_2008-08-31.pdf ->  [Ver =  | Size = 42546 bytes | Created Date = 9/5/2008 22:40:46 | Attr =	]
Toot-tone2.wmv -> %UserProfile%\Desktop\Toot-tone2.wmv ->  [Ver =  | Size = 3968610 bytes | Created Date = 10/3/2008 16:28:54 | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 9/29/2008 13:32:48 | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 9/29/2008 13:52:18 | Attr =	]
NVIDIA nTune Performance Application -> %ProgramFiles%\NVIDIA nTune Performance Application ->  [Folder | Created Date = 9/5/2008 21:02:02 | Attr =	]
SystemRequirementsLab -> %ProgramFiles%\SystemRequirementsLab ->  [Folder | Created Date = 9/5/2008 21:04:14 | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 9/28/2008 14:50:11 | Attr =	]

[Files/Folders - Modified Within 30 days]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 223 bytes | Modified Date = 9/27/2008 18:02:20 | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 293 bytes | Modified Date = 9/28/2008 13:19:11 | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2147012608 bytes | Modified Date = 10/2/2008 18:53:11 | Attr =  HS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 10/2/2008 18:39:35 | Attr = RHS]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 264779 bytes | Modified Date = 9/28/2008 02:46:59 | Attr = R  ]
hosts.20080924-191548.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080924-191548.backup ->  [Ver =  | Size = 27 bytes | Modified Date = 9/17/2008 13:11:38 | Attr =	]
hosts.20080928-024659.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080928-024659.backup ->  [Ver =  | Size = 27 bytes | Modified Date = 9/28/2008 02:00:16 | Attr =	]
hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn ->  [Ver =  | Size = 736 bytes | Modified Date = 9/10/2008 11:38:52 | Attr =	]
10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
bpsijqpe.ini -> %SystemRoot%\System32\bpsijqpe.ini ->  [Ver =  | Size = 986892 bytes | Modified Date = 9/28/2008 02:35:17 | Attr =  HS]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 1324 bytes | Modified Date = 9/28/2008 13:24:29 | Attr =	]
Dvbpws.dll -> %SystemRoot%\System32\Dvbpws.dll ->  [Ver =  | Size = 2 bytes | Modified Date = 10/4/2008 01:56:23 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 3535296 bytes | Modified Date = 10/2/2008 18:53:11 | Attr =	]
gibwfdcy.ini -> %SystemRoot%\System32\gibwfdcy.ini ->  [Ver =  | Size = 986883 bytes | Modified Date = 9/27/2008 14:33:57 | Attr =  HS]
keystone.exe -> %SystemRoot%\System32\keystone.exe ->  [Ver =  | Size = 436768 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
lvdheasp.ini -> %SystemRoot%\System32\lvdheasp.ini ->  [Ver =  | Size = 986892 bytes | Modified Date = 9/28/2008 02:42:28 | Attr =  HS]
nvappbar.exe -> %SystemRoot%\System32\nvappbar.exe ->  [Ver =  | Size = 449056 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 200712 bytes | Modified Date = 10/2/2008 18:57:07 | Attr =	]
nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu ->  [Ver =  | Size = 18394 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvdspsch.exe -> %SystemRoot%\System32\nvdspsch.exe ->  [Ver =  | Size = 1346080 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nview.dll -> %SystemRoot%\System32\nview.dll ->  [Ver =  | Size = 1503232 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvModes.dat -> %SystemRoot%\System32\nvModes.dat ->  [Ver =  | Size = 8 bytes | Modified Date = 9/28/2008 13:50:52 | Attr =	]
nvnt4cpl.dll -> %SystemRoot%\System32\nvnt4cpl.dll ->  [Ver =  | Size = 286720 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvshell.dll -> %SystemRoot%\System32\nvshell.dll ->  [Ver =  | Size = 466944 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvtuicpl.cpl -> %SystemRoot%\System32\nvtuicpl.cpl ->  [Ver =  | Size = 73728 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll ->  [Ver =  | Size = 1724416 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll ->  [Ver =  | Size = 1101824 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nwiz.exe -> %SystemRoot%\System32\nwiz.exe ->  [Ver =  | Size = 1657376 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 83260 bytes | Modified Date = 10/4/2008 01:44:05 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 452264 bytes | Modified Date = 10/4/2008 01:44:05 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 544768 bytes | Modified Date = 10/4/2008 01:44:05 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 12598 bytes | Modified Date = 10/2/2008 18:56:33 | Attr =	]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 10/2/2008 18:53:55 | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 2675 bytes | Modified Date = 10/2/2008 18:51:48 | Attr =	]
iTouch.ini -> %SystemRoot%\iTouch.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 10/2/2008 18:56:53 | Attr =	]
ModelCenter.INI -> %SystemRoot%\ModelCenter.INI ->  [Ver =  | Size = 363 bytes | Modified Date = 9/6/2008 17:56:19 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 10/4/2008 01:56:04 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 9/8/2008 21:23:07 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 9/27/2008 14:27:16 | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 9/28/2008 13:19:11 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 775 bytes | Modified Date = 9/28/2008 13:19:11 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 918 bytes | Modified Date = 9/28/2008 03:03:28 | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 10/4/2008 05:00:08 | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/2/2008 18:54:13 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 6/28/2005 01:31:42 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 10/3/2008 13:29:02 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 10/3/2008 13:29:02 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 8/26/2005 23:57:07 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11122 bytes | Modified Date = 8/27/2005 00:05:11 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing ->  [Folder | Modified Date = 6/18/2008 21:34:11 | Attr =	]
06ecd811-a014-c159-64de-7732c08685f3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\06ecd811-a014-c159-64de-7732c08685f3.dat ->  [Ver =  | Size = 16694 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
0dbd8e2f-1a45-e757-4201-7d4d4ad4fab2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\0dbd8e2f-1a45-e757-4201-7d4d4ad4fab2.dat ->  [Ver =  | Size = 11528 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
221f3969-cf04-1758-6184-2aee1370572a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\221f3969-cf04-1758-6184-2aee1370572a.dat ->  [Ver =  | Size = 3088 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
2313c645-a922-ea30-d1a1-80ed54083f1e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\2313c645-a922-ea30-d1a1-80ed54083f1e.dat ->  [Ver =  | Size = 5105 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
26131447-e7fc-a812-c64b-0b9b98a773cc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\26131447-e7fc-a812-c64b-0b9b98a773cc.dat ->  [Ver =  | Size = 3060 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
27f153ed-9aae-3dbc-a796-876c7ab9f7e0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\27f153ed-9aae-3dbc-a796-876c7ab9f7e0.dat ->  [Ver =  | Size = 3050 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
45455ee2-8204-b66b-dee3-fca32f117708.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\45455ee2-8204-b66b-dee3-fca32f117708.dat ->  [Ver =  | Size = 11468 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
52095443-dd1e-03eb-c554-ff744aaa0f76.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\52095443-dd1e-03eb-c554-ff744aaa0f76.dat ->  [Ver =  | Size = 6043 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
587ef5b5-61c8-3b70-4548-3c041575defe.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\587ef5b5-61c8-3b70-4548-3c041575defe.dat ->  [Ver =  | Size = 11466 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
5ec4651e-9b6d-c320-9d64-4b91513f2389.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5ec4651e-9b6d-c320-9d64-4b91513f2389.dat ->  [Ver =  | Size = 13366 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
60034caa-95a1-d172-fb2e-0aca5701bda4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\60034caa-95a1-d172-fb2e-0aca5701bda4.dat ->  [Ver =  | Size = 13362 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
675e4531-3bbc-212f-bc58-698595a74b47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\675e4531-3bbc-212f-bc58-698595a74b47.dat ->  [Ver =  | Size = 4190 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
752039a7-5da9-3cdf-763c-2528ebe202ce.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\752039a7-5da9-3cdf-763c-2528ebe202ce.dat ->  [Ver =  | Size = 4324 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
78f5e5ce-6a98-abc1-c451-8b5b8a07b333.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\78f5e5ce-6a98-abc1-c451-8b5b8a07b333.dat ->  [Ver =  | Size = 3033 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
79f5fead-ed9e-56da-65c1-aeb96fdbfe1e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\79f5fead-ed9e-56da-65c1-aeb96fdbfe1e.dat ->  [Ver =  | Size = 16750 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
81af57ac-992a-9f91-66fa-71f8c05d9c8d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\81af57ac-992a-9f91-66fa-71f8c05d9c8d.dat ->  [Ver =  | Size = 3338 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
8364fb4c-154f-9cef-21f9-1b05b9758773.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\8364fb4c-154f-9cef-21f9-1b05b9758773.dat ->  [Ver =  | Size = 3978 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
881e8eca-9d9e-a827-a5f6-737ceef8c581.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\881e8eca-9d9e-a827-a5f6-737ceef8c581.dat ->  [Ver =  | Size = 9218 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
88bc02c8-4c9e-6d02-2726-3ab1fb1ff157.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\88bc02c8-4c9e-6d02-2726-3ab1fb1ff157.dat ->  [Ver =  | Size = 3054 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
8941c683-bfbf-0630-cd49-b7cb3019116e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\8941c683-bfbf-0630-cd49-b7cb3019116e.dat ->  [Ver =  | Size = 4339 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
caaf3582-6767-976a-ae05-9556dc5b90c2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\caaf3582-6767-976a-ae05-9556dc5b90c2.dat ->  [Ver =  | Size = 13390 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
d8eb67a3-06b6-27c5-d2d4-9837d679185d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d8eb67a3-06b6-27c5-d2d4-9837d679185d.dat ->  [Ver =  | Size = 16687 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
ec2361be-a252-19dc-1162-29d73e8bbbfc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ec2361be-a252-19dc-1162-29d73e8bbbfc.dat ->  [Ver =  | Size = 7371 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
eebcbfc8-ab53-2dff-f399-86c959c8c9de.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\eebcbfc8-ab53-2dff-f399-86c959c8c9de.dat ->  [Ver =  | Size = 16690 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
f2146290-bcf1-6bb0-3b18-6836e46ddabc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f2146290-bcf1-6bb0-3b18-6836e46ddabc.dat ->  [Ver =  | Size = 13348 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
fad295ff-fa37-22dd-cf2a-8907e395fae5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fad295ff-fa37-22dd-cf2a-8907e395fae5.dat ->  [Ver =  | Size = 5259 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
fc103390-b680-9269-081c-6fff1a49adf5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fc103390-b680-9269-081c-6fff1a49adf5.dat ->  [Ver =  | Size = 11472 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting ->  [Folder | Modified Date = 9/16/2006 12:42:56 | Attr =	]
GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\GridLayout.dat ->  [Ver =  | Size = 101841 bytes | Modified Date = 4/5/2005 15:39:08 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp ->  [Folder | Modified Date = 10/4/2008 14:13:02 | Attr =	]
Perflib_Perfdata_fcc.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\Perflib_Perfdata_fcc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/2/2008 21:19:41 | Attr =	]
8 C:\Documents and Settings\Mohit Kapur\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 10/4/2008 14:14:45 | Attr =	]
Perflib_Perfdata_1fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1fc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/2/2008 18:54:29 | Attr =	]
Perflib_Perfdata_600.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_600.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/2/2008 19:06:50 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 49152 bytes | Modified Date = 10/4/2008 01:55:59 | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 2624656 bytes | Modified Date = 9/27/2008 17:37:08 | Attr =  H ]
Information Session Start Date.doc -> G:\My Documents\Information Session Start Date.doc ->  [Ver =  | Size = 98816 bytes | Modified Date = 9/16/2008 23:45:15 | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 707 bytes | Modified Date = 9/29/2008 13:52:20 | Attr =	]
ALAVs_Proposal.pdf -> %UserProfile%\Desktop\ALAVs_Proposal.pdf ->  [Ver =  | Size = 5277295 bytes | Modified Date = 9/18/2008 16:09:34 | Attr =	]
antivir_workstation_winu_en_h.exe -> %UserProfile%\Desktop\antivir_workstation_winu_en_h.exe ->  [Ver =  | Size = 25085704 bytes | Modified Date = 10/3/2008 15:05:36 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 9/28/2008 14:50:13 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 10/4/2008 14:03:46 | Attr =	]
Resume_Mohit_Kapur.pdf -> %UserProfile%\Desktop\Resume_Mohit_Kapur.pdf ->  [Ver =  | Size = 25814 bytes | Modified Date = 9/10/2008 17:16:50 | Attr =	]
Resume_Mohit_Kapur_in.doc -> %UserProfile%\Desktop\Resume_Mohit_Kapur_in.doc ->  [Ver =  | Size = 51712 bytes | Modified Date = 9/22/2008 21:57:58 | Attr =	]
Robot in action - arm view.wmv -> %UserProfile%\Desktop\Robot in action - arm view.wmv ->  [Ver =  | Size = 2014497 bytes | Modified Date = 9/30/2008 00:00:42 | Attr =	]
Robot in action - gripper view.wmv -> %UserProfile%\Desktop\Robot in action - gripper view.wmv ->  [Ver =  | Size = 2119909 bytes | Modified Date = 9/29/2008 23:51:51 | Attr =	]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe ->  [Ver = 3, 2, 12, 1 | Size = 305705 bytes | Modified Date = 10/3/2008 13:57:32 | Attr =	]
setupeng.exe -> %UserProfile%\Desktop\setupeng.exe ->  [Ver = 4.8.1229.0 | Size = 27462344 bytes | Modified Date = 10/3/2008 15:19:55 | Attr =	]
Statement_Aug_2008.pdf -> %UserProfile%\Desktop\Statement_Aug_2008.pdf ->  [Ver =  | Size = 173844 bytes | Modified Date = 9/5/2008 23:30:46 | Attr =	]
Statement_Sep 2008.pdf -> %UserProfile%\Desktop\Statement_Sep 2008.pdf ->  [Ver =  | Size = 235104 bytes | Modified Date = 10/3/2008 14:48:48 | Attr =	]
stmt_2008-07-31.pdf -> %UserProfile%\Desktop\stmt_2008-07-31.pdf ->  [Ver =  | Size = 42735 bytes | Modified Date = 9/5/2008 23:02:16 | Attr =	]
stmt_2008-08-31(2).pdf -> %UserProfile%\Desktop\stmt_2008-08-31(2).pdf ->  [Ver =  | Size = 42546 bytes | Modified Date = 10/3/2008 14:41:17 | Attr =	]
stmt_2008-08-31.pdf -> %UserProfile%\Desktop\stmt_2008-08-31.pdf ->  [Ver =  | Size = 42546 bytes | Modified Date = 9/5/2008 22:40:48 | Attr =	]
Toot-tone2.wmv -> %UserProfile%\Desktop\Toot-tone2.wmv ->  [Ver =  | Size = 3968610 bytes | Modified Date = 10/3/2008 16:28:57 | Attr =	]

< End of report >


#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:33 PM

Posted 04 October 2008 - 02:59 PM

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%systemroot%\system32\bpsijqpe.ini
%systemroot%\system32\gibwfdcy.ini
%systemroot%\system32\lvdheasp.ini

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> iiipki.dll -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {6576EBAA-B570-4345-98E4-96153C77CF24} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
[Files/Folders - Created Within 30 days]
NY -> bpsijqpe.ini -> %SystemRoot%\System32\bpsijqpe.ini
NY -> 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> gibwfdcy.ini -> %SystemRoot%\System32\gibwfdcy.ini
NY -> lvdheasp.ini -> %SystemRoot%\System32\lvdheasp.ini
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> bpsijqpe.ini -> %SystemRoot%\System32\bpsijqpe.ini
NY -> gibwfdcy.ini -> %SystemRoot%\System32\gibwfdcy.ini
NY -> lvdheasp.ini -> %SystemRoot%\System32\lvdheasp.ini
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new OTScanIt scan with the following options

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:


    • File - Additional Folder Scans

  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:
The Avenger report (c:\Avenger.txt). This will be a short report, so you will be able to post it.

The latest OTScanIt fix log (look in the OTScanIt folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) This will be a short log, so you will be able to post it.

The new OTScanIt scan log. This should be a short log, so you should be able to post it. If the file is too big to post, then you can upload it to me here.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 mcap

mcap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 04 October 2008 - 03:41 PM

While executing Avenger in step one, as soon I clicked yes for the two prompts, Mcafee prompted me with a message saying it deleted 2 viruses. Right after which my pc restarted and the avenger log didnt open nor was it created in C:\. Oh, and the PC restarted only once.

This was the log message from McAfee:

10/4/2008 4:26:44 PM Deleted MOHITCAP1\Mohit Kapur C:\Documents and Settings\Mohit Kapur\Desktop\avenger.exe C:\WINDOWS\SYSTEM32\DRIVERS\PELFPNXD.SYS Generic.dx (Trojan)
10/4/2008 4:26:45 PM Deleted MOHITCAP1\Mohit Kapur C:\Documents and Settings\Mohit Kapur\Desktop\avenger.exe C:\WINDOWS\system32\drivers\pelfpnxd.sys Generic.dx (Trojan)

Should I continue with the rest of the steps or do I need to redo step 1 (with McAfee turned off)?

Edited by mcap, 04 October 2008 - 03:42 PM.


#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:33 PM

Posted 04 October 2008 - 03:50 PM

Should I continue with the rest of the steps or do I need to redo step 1 (with McAfee turned off)?



turn off McAfee and redo step 1.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 mcap

mcap
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 04 October 2008 - 06:49 PM

Just finished all steps. No problems encountered during any of them. Logs from all the steps are pasted below:


STEP 1:


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\bpsijqpe.ini" deleted successfully.
File "C:\WINDOWS\system32\gibwfdcy.ini" deleted successfully.
File "C:\WINDOWS\system32\lvdheasp.ini" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



STEP 2:


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:iiipki.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{6576EBAA-B570-4345-98E4-96153C77CF24}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6576EBAA-B570-4345-98E4-96153C77CF24}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\bpsijqpe.ini not found!
File C:\WINDOWS\System32\gibwfdcy.ini not found!
File C:\WINDOWS\System32\lvdheasp.ini not found!
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\bpsijqpe.ini not found!
File C:\WINDOWS\System32\gibwfdcy.ini not found!
File C:\WINDOWS\System32\lvdheasp.ini not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Mohit Kapur\Local Settings\temp\etilqs_zhjmpKmBtgjwy18rY6no scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mohit Kapur\Local Settings\temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_138.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_160.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\E1A47BE8d01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 10042008_165744

Files moved on Reboot...
File C:\Documents and Settings\Mohit Kapur\Local Settings\temp\etilqs_zhjmpKmBtgjwy18rY6no not found!
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\WCESLog.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_138.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_160.dat not found!
C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\E1A47BE8d01 moved successfully.
C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mohit Kapur\Local Settings\Application Data\Mozilla\Firefox\Profiles\pcb71o1o.default\XUL.mfl moved successfully.




Step 3:


Scanning Report
Saturday, October 04, 2008 17:10:24 - 19:34:47

Computer name: MOHITCAP1
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\
Result: 1 malware found
Trojan-Dropper.Win32.Agent.xms (virus)

* C:\DOCUMENTS AND SETTINGS\MOHIT KAPUR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\D2VTVDSN\UPDATE[1].EXE (Renamed & Submitted)

Statistics
Scanned:

* Files: 102390
* System: 5189
* Not scanned: 11

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 0
* Submitted: 1

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\MOHIT KAPUR\LOCAL SETTINGS\TEMP\ETILQS_CFVWP5YW8OPKLC6ZYLBC
* C:\DOCUMENTS AND SETTINGS\MOHIT KAPUR\LOCAL SETTINGS\TEMP\ETILQS_DQCTZRTUMCR9THNLVHEC
* C:\DOCUMENTS AND SETTINGS\MOHIT KAPUR\LOCAL SETTINGS\TEMP\ETILQS_DQCTZRTUMCR9THNLVHEC-JOURNAL
* F:\PAGEFILE.SYS

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-10-04
* F-Secure AVP: 7.0.171, 2008-10-04
* F-Secure Pegasus: 1.20.0, 2008-09-01
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.




STEP 4:




OTScanIt logfile created on: 10/4/2008 19:38:57
OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\Mohit Kapur\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.47% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;F:\pagefile.sys 1024 2092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 11.16 Gb Free Space | 22.32% Space Free | Partition Type: NTFS
Drive D: | 91.44 Gb Total Space | 0.46 Gb Free Space | 0.51% Space Free | Partition Type: NTFS
Drive E: | 91.43 Gb Total Space | 3.58 Gb Free Space | 3.92% Space Free | Partition Type: NTFS
Drive F: | 50.00 Gb Total Space | 2.44 Gb Free Space | 4.88% Space Free | Partition Type: NTFS
Drive G: | 91.44 Gb Total Space | 2.71 Gb Free Space | 2.96% Space Free | Partition Type: NTFS
Drive H: | 91.43 Gb Total Space | 1.15 Gb Free Space | 1.26% Space Free | Partition Type: NTFS
Drive I: | 98.14 Gb Total Space | 1.02 Gb Free Space | 1.04% Space Free | Partition Type: NTFS
Drive J: | 87.16 Gb Total Space | 0.03 Gb Free Space | 0.04% Space Free | Partition Type: NTFS
Drive K: | 47.58 Gb Total Space | 0.55 Gb Free Space | 1.16% Space Free | Partition Type: NTFS
Drive M: | 5.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOHITCAP1
Current User Name: Mohit Kapur
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe ->  [Ver =  | Size = 110592 bytes | Modified Date = 4/6/2005 16:03:28 | Attr =	]
ntuneservice.exe -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 6.02.15 | Size = 155648 bytes | Modified Date = 8/18/2008 08:58:08 | Attr =	]
omniserv.exe -> %ProgramFiles%\Softex\OmniPass\omniServ.exe ->  [Ver =  | Size = 68704 bytes | Modified Date = 2/2/2004 16:33:40 | Attr =	]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 7/28/2008 00:12:34 | Attr =	]
updatecenterservice.exe -> %ProgramFiles%\NVIDIA Corporation\System Update\UpdateCenterService.exe -> NVIDIA [Ver = 6.02.04 | Size = 114688 bytes | Modified Date = 8/1/2008 11:11:10 | Attr =	]
opxpapp.exe -> %ProgramFiles%\Softex\OmniPass\OPXPApp.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 2/2/2004 13:19:28 | Attr =	]
itouch.exe -> %ProgramFiles%\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 09:33:26 | Attr =	]
scureapp.exe -> %ProgramFiles%\Softex\OmniPass\scureapp.exe ->  [Ver = 1, 0, 0, 1 | Size = 1744896 bytes | Modified Date = 2/2/2004 16:25:56 | Attr =	]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 1/8/2004 09:50:00 | Attr =	]
opwarese4.exe -> %ProgramFiles%\ScanSoft\OmniPageSE4\OpWareSE4.exe -> Nuance Communications, Inc. [Ver = 15.2.6606.1 | Size = 79400 bytes | Modified Date = 2/4/2007 12:02:14 | Attr =	]
help.exe -> %ProgramFiles%\Softex\OmniPass\Help.exe ->  [Ver = 1, 0, 0, 1 | Size = 249856 bytes | Modified Date = 2/2/2004 13:52:50 | Attr =	]
strokeit.exe -> %ProgramFiles%\Strokeit\strokeit.exe ->  [Ver = .9.5 | Size = 21504 bytes | Modified Date = 2/17/2005 15:13:10 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 1/22/2006 02:43:17 | Attr =	]
(Analysis Server) Analysis Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Phoenix Integration\Analysis Server 5.1\aserver.exe ->  [Ver =  | Size = 73728 bytes | Modified Date = 6/15/2006 10:42:52 | Attr =	]
(BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe ->  [Ver =  | Size = 110592 bytes | Modified Date = 4/6/2005 16:03:28 | Attr =	]
(LBTServ) Logitech Bluetooth Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Logitech\Bluetooth\LBTSERV.EXE -> File not found
(nTuneService) Performance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 6.02.15 | Size = 155648 bytes | Modified Date = 8/18/2008 08:58:08 | Attr =	]
(omniserv) Softex OmniPass Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Softex\OmniPass\omniServ.exe ->  [Ver =  | Size = 68704 bytes | Modified Date = 2/2/2004 16:33:40 | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 7/28/2008 00:12:34 | Attr =	]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 12/13/2004 05:34:32 | Attr =	]
(UpdateCenterService) Update Center Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\System Update\UpdateCenterService.exe -> NVIDIA [Ver = 6.02.04 | Size = 114688 bytes | Modified Date = 8/1/2008 11:11:10 | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
amd_dc_opt -> %ProgramFiles%\AMD\amd_dc_opt\amd_dc_opt.exe ["C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"] ->  [Ver = 1, 0, 0, 0 | Size = 106496 bytes | Modified Date = 6/28/2006 15:42:52 | Attr =	]
CanonMyPrinter -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> CANON INC. [Ver = 1, 5, 0, 0 | Size = 1603152 bytes | Modified Date = 4/3/2007 21:50:00 | Attr =	]
CanonSolutionMenu -> %ProgramFiles%\Canon\SolutionMenu\CNSLMAIN.EXE [C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon] -> CANON INC. [Ver = 1, 0, 1, 0 | Size = 644696 bytes | Modified Date = 5/14/2007 21:01:00 | Attr =	]
EPoXUSDM -> %ProgramFiles%\EPoX\USDM\USDM.EXE ["C:\Program Files\EPoX\USDM\USDM.EXE" "5000"] -> EPoX COMPUTER CO.,LTD. [Ver = 3.0.11.28 | Size = 1297408 bytes | Modified Date = 6/17/2005 10:54:52 | Attr =	]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe /autostart] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 17:22:02 | Attr =	]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE [Logi_MwX.Exe] -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 09:50:00 | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.7813 | Size = 13574144 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.7813 | Size = 86016 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
NVMixerTray -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NvMixerTray.exe ["C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"] -> NVIDIA Corporation [Ver = 1.0.451 | Size = 131072 bytes | Modified Date = 12/20/2004 17:12:36 | Attr =	]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1657376 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
OmniPass -> %ProgramFiles%\Softex\OmniPass\scureapp.exe [C:\Program Files\Softex\OmniPass\scureapp.exe] ->  [Ver = 1, 0, 0, 1 | Size = 1744896 bytes | Modified Date = 2/2/2004 16:25:56 | Attr =	]
OpwareSE4 -> %ProgramFiles%\ScanSoft\OmniPageSE4\OpWareSE4.exe ["C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"] -> Nuance Communications, Inc. [Ver = 15.2.6606.1 | Size = 79400 bytes | Modified Date = 2/4/2007 12:02:14 | Attr =	]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 20:50:00 | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 04:27:04 | Attr =	]
UserFaultCheck ->  [%systemroot%\system32\dumprep 0 -u] -> File not found
WinFast Schedule -> %ProgramFiles%\WinFast\WFDTV\WFWIZ.exe [C:\Program Files\WinFast\WFDTV\WFWIZ.exe] -> Leadtek Research Inc. [Ver = 5.13.01.2007-0727 | Size = 409600 bytes | Modified Date = 7/27/2007 18:09:02 | Attr =	]
zBrowser Launcher -> %ProgramFiles%\Logitech\iTouch\iTouch.exe [C:\Program Files\Logitech\iTouch\iTouch.exe] -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 09:33:26 | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
NVIDIA nTune -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneCmd.exe [C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile] -> NVIDIA [Ver = 6.02.15 | Size = 106496 bytes | Modified Date = 8/18/2008 08:58:00 | Attr =	]
StrokeIt -> %ProgramFiles%\Strokeit\strokeit.exe [C:\Program Files\Strokeit\strokeit.exe] ->  [Ver = .9.5 | Size = 21504 bytes | Modified Date = 2/17/2005 15:13:10 | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Mohit Kapur Startup Folder > -> C:\Documents and Settings\Mohit Kapur\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 20:12:19 | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 20:12:38 | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 20:12:24 | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 20:12:05 | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 20:12:41 | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
OPXPGina -> %ProgramFiles%\Softex\OmniPass\OPXPGina.dll ->  [Ver =  | Size = 40960 bytes | Modified Date = 2/2/2004 13:19:30 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 227 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 14:40:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/24/2005 11:49:29 | Attr =	]
autorun [] -> %SystemRoot%\system32\autorun.exe [ CDFS ] ->  [Ver = 2.3.0.3 | Size = 778752 bytes | Modified Date = 1/18/2005 06:45:54 | Attr =	]
Autorun.inf [[autorun] | open=AutoRunCD.exe | icon=AutoRunCD.exe, 0 |  |  | ] -> M:\Autorun.inf [ CDFS ] ->  [Ver =  | Size = 58 bytes | Modified Date = 7/19/2007 10:53:44 | Attr = R  ]
AutoRunCD.exe [MZ | ] -> M:\AutoRunCD.exe [ CDFS ] -> Crytek [Ver = 1.0.1.2 | Size = 4318432 bytes | Modified Date = 10/24/2007 18:11:40 | Attr = R  ]
< HOSTS File > (264779 bytes and 9224 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
First 25 entries...
127.0.0.1	   localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4838 domain(s) found. -> 
46 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4839 domain(s) found. -> 
ithaca.ecn_purdue.edu [https] -> Trusted sites -> 
gatech-csm_symplicity.com [https] -> Trusted sites -> 
47 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{465E08E7-F005-4389-980F-1D8764B3486C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr =	]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan Enterprise\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 67136 bytes | Modified Date = 11/30/2006 08:50:00 | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/13/2008 13:28:23 | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 4/13/2008 12:26:52 | Attr =	]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/13/2008 13:28:23 | Attr = R  ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/13/2008 13:28:23 | Attr = R  ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/13/2008 13:28:23 | Attr = R  ]
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{000002a3-84fe-43f1-b958-f2c3ca804f1a}:{CD275D4E-791A-4993-9D4D-6A071EDD2709} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Grab and Drag] -> IE7Pro.com [Ver = 2, 4, 0, 3 | Size = 756840 bytes | Modified Date = 9/24/2008 02:11:26 | Attr =	]
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}:{B119EB0C-C021-46CF-85B0-34A760E0D5FE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Preferences] -> IE7Pro.com [Ver = 2, 4, 0, 3 | Size = 756840 bytes | Modified Date = 9/24/2008 02:11:26 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 04:27:02 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 04:27:02 | Attr =	]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.1.3036 | Size = 61440 bytes | Modified Date = 11/13/2002 19:50:20 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.1.3036 | Size = 61440 bytes | Modified Date = 11/13/2002 19:50:20 | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 02:13:40 | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{04D026A4-FF8E-4414-8B68-905635F18AD1} ->	() -> 
{0B46BDA2-FE43-44D4-BD60-787033F74722} ->	(Windows Mobile-based Device) -> 
{15E68139-574D-4C42-8DFD-F5970E823DE7} ->	() -> 
{32DCB736-D70A-49AF-A449-ABF6F7FA2718} ->	(NVIDIA nForce Networking Controller) -> 
{4F086FB8-5308-40F8-86F2-1149B80EB11F} ->	() -> 
{7E3AB7EB-14C8-4E0C-8F3B-4B800DB64BA1} ->	(Windows Mobile-based Internet Sharing Device) -> 
{BE7E07B4-4199-4499-9506-735FDB160575} ->	(Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter) -> 
{F1768ADB-53CE-4F86-9AFE-748372C0A4ED} ->	(1394 Net Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000055-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[Office Genuine Advantage Validation Tool] -> 
{106E49CF-797A-11D2-81A2-00E02C015623}[HKEY_LOCAL_MACHINE] -> http://www.alternatiff.com/install/00/alttiff.cab[AlternaTIFF ActiveX] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{1E54D648-B804-468d-BC78-4AFFED8E262E}[HKEY_LOCAL_MACHINE] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab[System Requirements Lab Class] -> 
{1ED48504-8834-11D5-AC75-0008C73FD642}[HKEY_LOCAL_MACHINE] -> file://C:\Program Files\proeWildfire 2.0\i486_nt\obj\pvx_install.exe[Reg Error: Key does not exist or could not be opened.] -> 
{27527D31-447B-11D5-A46E-0001023B4289}[HKEY_LOCAL_MACHINE] -> http://gamingzone.ubisoft.com/dev/packages/GSManager.cab[CoGSManager Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> 
{4B48D5DF-9021-45F7-A240-60304302A215}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab[Malicious Software Removal Tool] -> 
{54EABC7D-40DC-4667-8517-F42D00540342}[HKEY_LOCAL_MACHINE] -> http://www.dlpe-tegrity2.gatech.edu/tegrity/_Player/1.0/Code/DRMActiveX.CAB[DRMActiveXControl Class] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> 
{5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD}[HKEY_LOCAL_MACHINE] -> http://usfulfillment.puretracks.com/onager.cab[OnagerCtrl Class] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222703195546[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187551437451[MUWebControl Class] -> 
{74DBCB52-F298-4110-951D-AD2FF67BC8AB}[HKEY_LOCAL_MACHINE] -> http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab[NVIDIA Smart Scan] -> 
{86A88967-7A20-11D2-8EDA-00600818EDB1}[HKEY_LOCAL_MACHINE] -> http://www.parallelgraphics.com/l2/bin/cortvrml.cab[ParallelGraphics Cortona Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}[HKEY_LOCAL_MACHINE] -> http://civl3104acam1.ecn.purdue.edu/activex/AxisCamControl.cab[CamImage Class] -> 
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}[HKEY_LOCAL_MACHINE] -> http://www.merasnap.com/activex/ImageUploader3.cab[Aurigma Image Uploader 3.5 Control] -> 
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}[HKEY_LOCAL_MACHINE] -> http://gameadvisor.futuremark.com/global/msc37.cab[Measurement Services Client v.3.7] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}[HKEY_LOCAL_MACHINE] -> http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab[IWinAmpActiveX Class] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file:///C:/WINDOWS/Java/classes/xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Intuwave/Shared/mRouterRuntime/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Intuwave/Shared/mRouterRuntime/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Intuwave/Shared/mRouterRuntime/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Intuwave/Shared/mRouterRuntime/unicows.dll\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx\\.Owner -> {106E49CF-797A-11D2-81A2-00E02C015623} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/alttiff.ocx\\{106E49CF-797A-11D2-81A2-00E02C015623} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/chameleon.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/chameleon.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/chameleon.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortmime.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortmime.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortmime.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_control.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_control.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_control.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_dxs.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_dxs.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_dxs.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_imagers.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_imagers.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_imagers.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_js2.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_js2.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_js2.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_native.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_native.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_native.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_res.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_res.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_res.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_support.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_support.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_support.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_transport.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_transport.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cortona_transport.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DRMActiveX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DRMActiveX.dll\\.Owner -> {54EABC7D-40DC-4667-8517-F42D00540342} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DRMActiveX.dll\\{54EABC7D-40DC-4667-8517-F42D00540342} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dsound_renderer.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dsound_renderer.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dsound_renderer.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DXSelector.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DXSelector.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DXSelector.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/engine.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/engine.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/engine.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GSManager.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GSManager.dll\\.Owner -> {27527D31-447B-11D5-A46E-0001023B4289} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GSManager.dll\\{27527D31-447B-11D5-A46E-0001023B4289} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\\.Owner -> {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader3.ocx\\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/movieimager.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/movieimager.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/movieimager.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\.Owner -> {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NvidiaSmartScan.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NvidiaSmartScan.ocx\\.Owner -> {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NvidiaSmartScan.ocx\\{74DBCB52-F298-4110-951D-AD2FF67BC8AB} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/onager.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/onager.dll\\.Owner -> {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/onager.dll\\{5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX5.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX5.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX5.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX7.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX7.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX7.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX9.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX9.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheDX9.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheOGL.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheOGL.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RevancheOGL.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rob.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rob.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rob.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RSoft32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RSoft32.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RSoft32.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/shelley3.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/shelley3.dll\\.Owner -> {86A88967-7A20-11D2-8EDA-00600818EDB1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/shelley3.dll\\{86A88967-7A20-11D2-8EDA-00600818EDB1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab3.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab3.dll\\.Owner -> {1E54D648-B804-468d-BC78-4AFFED8E262E} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab3.dll\\{1E54D648-B804-468d-BC78-4AFFED8E262E} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebCleaner.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebCleaner.dll\\.Owner -> {4B48D5DF-9021-45F7-A240-60304302A215} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WebCleaner.dll\\{4B48D5DF-9021-45F7-A240-60304302A215} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 10/4/2008 16:52:30 | Attr =	]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 223 bytes | Created Date = 9/28/2008 01:52:06 | Attr =	]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 9/28/2008 01:51:52 | Attr =	]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 9/28/2008 01:52:02 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 10/3/2008 18:19:40 | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 10/4/2008 17:06:58 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2147012608 bytes | Created Date = 9/28/2008 13:47:45 | Attr =  HS]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 9/28/2008 03:27:48 | Attr =  HS]
rsit -> %SystemDrive%\rsit ->  [Folder | Created Date = 10/3/2008 13:58:38 | Attr =	]
_OTScanIt -> %SystemDrive%\_OTScanIt ->  [Folder | Created Date = 10/4/2008 16:57:44 | Attr =	]
Dvbpws.dll -> %SystemRoot%\System32\Dvbpws.dll ->  [Ver =  | Size = 2 bytes | Created Date = 9/29/2008 18:23:33 | Attr =	]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 10/2/2008 18:43:50 | Attr =	]
keystone.exe -> %SystemRoot%\System32\keystone.exe ->  [Ver =  | Size = 436768 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvappbar.exe -> %SystemRoot%\System32\nvappbar.exe ->  [Ver =  | Size = 449056 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 200712 bytes | Created Date = 9/28/2008 13:45:43 | Attr =	]
nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu ->  [Ver =  | Size = 18394 bytes | Created Date = 9/28/2008 13:45:42 | Attr =	]
nvdspsch.exe -> %SystemRoot%\System32\nvdspsch.exe ->  [Ver =  | Size = 1346080 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nview.dll -> %SystemRoot%\System32\nview.dll ->  [Ver =  | Size = 1503232 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvnt4cpl.dll -> %SystemRoot%\System32\nvnt4cpl.dll ->  [Ver =  | Size = 286720 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvshell.dll -> %SystemRoot%\System32\nvshell.dll ->  [Ver =  | Size = 466944 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvtuicpl.cpl -> %SystemRoot%\System32\nvtuicpl.cpl ->  [Ver =  | Size = 73728 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll ->  [Ver =  | Size = 1724416 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll ->  [Ver =  | Size = 1101824 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
nwiz.exe -> %SystemRoot%\System32\nwiz.exe ->  [Ver =  | Size = 1657376 bytes | Created Date = 9/17/2008 09:55:00 | Attr =	]
pid.inf -> %SystemRoot%\System32\pid.inf ->  [Ver =  | Size = 974 bytes | Created Date = 9/29/2008 14:31:55 | Attr =	]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 10/2/2008 18:43:51 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 9/17/2008 13:01:42 | Attr =	]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 10/2/2008 18:43:51 | Attr =	]
nview -> %SystemRoot%\nview ->  [Folder | Created Date = 9/28/2008 13:45:42 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 10/2/2008 18:54:13 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 9/8/2008 21:23:07 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 9/8/2008 21:23:07 | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
American Express Online Assistant -> %AllUsersProfile%\Application Data\American Express Online Assistant ->  [Folder | Created Date = 9/10/2008 12:22:12 | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 9/29/2008 13:52:19 | Attr =	]
nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles ->  [Folder | Created Date = 9/28/2008 13:49:49 | Attr =	]
Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage ->  [Folder | Created Date = 9/28/2008 15:26:28 | Attr =	]
tslifejc -> %AllUsersProfile%\Application Data\tslifejc ->  [Folder | Created Date = 9/9/2008 19:15:17 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 9/29/2008 13:52:22 | Attr =	]
SystemRequirementsLab -> %AppData%\SystemRequirementsLab ->  [Folder | Created Date = 9/28/2008 13:33:05 | Attr =	]
TmpRecentIcons -> %AppData%\TmpRecentIcons ->  [Folder | Created Date = 9/16/2008 23:44:39 | Attr =	]
Information Session Start Date.doc -> G:\My Documents\Information Session Start Date.doc ->  [Ver =  | Size = 98816 bytes | Created Date = 9/16/2008 23:45:14 | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 707 bytes | Created Date = 9/29/2008 13:52:20 | Attr =	]
2008_09_25 -> %UserProfile%\Desktop\2008_09_25 ->  [Folder | Created Date = 9/25/2008 10:05:59 | Attr =	]
ALAVs_Proposal.pdf -> %UserProfile%\Desktop\ALAVs_Proposal.pdf ->  [Ver =  | Size = 5277295 bytes | Created Date = 9/18/2008 16:09:29 | Attr =	]
antivir_workstation_winu_en_h.exe -> %UserProfile%\Desktop\antivir_workstation_winu_en_h.exe ->  [Ver =  | Size = 25085704 bytes | Created Date = 10/3/2008 15:05:06 | Attr =	]
avenger.exe -> %UserProfile%\Desktop\avenger.exe ->  [Ver =  | Size = 731136 bytes | Created Date = 10/4/2008 16:22:54 | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Created Date = 10/4/2008 16:21:48 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Created Date = 9/28/2008 14:50:12 | Attr =	]
katiegray -> %UserProfile%\Desktop\katiegray ->  [Folder | Created Date = 9/26/2008 00:16:59 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 10/4/2008 14:05:18 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 10/4/2008 14:03:46 | Attr =	]
Resume_Mohit_Kapur.pdf -> %UserProfile%\Desktop\Resume_Mohit_Kapur.pdf ->  [Ver =  | Size = 25814 bytes | Created Date = 9/10/2008 17:16:50 | Attr =	]
Resume_Mohit_Kapur_in.doc -> %UserProfile%\Desktop\Resume_Mohit_Kapur_in.doc ->  [Ver =  | Size = 51712 bytes | Created Date = 9/22/2008 21:55:05 | Attr =	]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe ->  [Ver = 3, 2, 12, 1 | Size = 305705 bytes | Created Date = 10/3/2008 13:57:31 | Attr =	]
setupeng.exe -> %UserProfile%\Desktop\setupeng.exe ->  [Ver = 4.8.1229.0 | Size = 27462344 bytes | Created Date = 10/3/2008 15:19:09 | Attr =	]
Statement_Aug_2008.pdf -> %UserProfile%\Desktop\Statement_Aug_2008.pdf ->  [Ver =  | Size = 173844 bytes | Created Date = 9/5/2008 23:30:46 | Attr =	]
Statement_Sep 2008.pdf -> %UserProfile%\Desktop\Statement_Sep 2008.pdf ->  [Ver =  | Size = 235104 bytes | Created Date = 10/3/2008 14:48:48 | Attr =	]
stmt_2008-07-31.pdf -> %UserProfile%\Desktop\stmt_2008-07-31.pdf ->  [Ver =  | Size = 42735 bytes | Created Date = 9/5/2008 23:02:16 | Attr =	]
stmt_2008-08-31(2).pdf -> %UserProfile%\Desktop\stmt_2008-08-31(2).pdf ->  [Ver =  | Size = 42546 bytes | Created Date = 10/3/2008 14:41:17 | Attr =	]
stmt_2008-08-31.pdf -> %UserProfile%\Desktop\stmt_2008-08-31.pdf ->  [Ver =  | Size = 42546 bytes | Created Date = 9/5/2008 22:40:46 | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 9/29/2008 13:32:48 | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 9/29/2008 13:52:18 | Attr =	]
NVIDIA nTune Performance Application -> %ProgramFiles%\NVIDIA nTune Performance Application ->  [Folder | Created Date = 9/5/2008 21:02:02 | Attr =	]
SystemRequirementsLab -> %ProgramFiles%\SystemRequirementsLab ->  [Folder | Created Date = 9/5/2008 21:04:14 | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 9/28/2008 14:50:11 | Attr =	]

[Files/Folders - Modified Within 30 days]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 223 bytes | Modified Date = 9/27/2008 18:02:20 | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 293 bytes | Modified Date = 9/28/2008 13:19:11 | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2147012608 bytes | Modified Date = 10/4/2008 16:58:51 | Attr =  HS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 10/2/2008 18:39:35 | Attr = RHS]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 264779 bytes | Modified Date = 9/28/2008 02:46:59 | Attr = R  ]
hosts.20080924-191548.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080924-191548.backup ->  [Ver =  | Size = 27 bytes | Modified Date = 9/17/2008 13:11:38 | Attr =	]
hosts.20080928-024659.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080928-024659.backup ->  [Ver =  | Size = 27 bytes | Modified Date = 9/28/2008 02:00:16 | Attr =	]
hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn ->  [Ver =  | Size = 736 bytes | Modified Date = 9/10/2008 11:38:52 | Attr =	]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 1324 bytes | Modified Date = 9/28/2008 13:24:29 | Attr =	]
Dvbpws.dll -> %SystemRoot%\System32\Dvbpws.dll ->  [Ver =  | Size = 2 bytes | Modified Date = 10/4/2008 19:36:52 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 3535296 bytes | Modified Date = 10/2/2008 18:53:11 | Attr =	]
keystone.exe -> %SystemRoot%\System32\keystone.exe ->  [Ver =  | Size = 436768 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvappbar.exe -> %SystemRoot%\System32\nvappbar.exe ->  [Ver =  | Size = 449056 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 200712 bytes | Modified Date = 10/4/2008 17:00:00 | Attr =	]
nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu ->  [Ver =  | Size = 18394 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvdspsch.exe -> %SystemRoot%\System32\nvdspsch.exe ->  [Ver =  | Size = 1346080 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nview.dll -> %SystemRoot%\System32\nview.dll ->  [Ver =  | Size = 1503232 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvModes.dat -> %SystemRoot%\System32\nvModes.dat ->  [Ver =  | Size = 8 bytes | Modified Date = 9/28/2008 13:50:52 | Attr =	]
nvnt4cpl.dll -> %SystemRoot%\System32\nvnt4cpl.dll ->  [Ver =  | Size = 286720 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvshell.dll -> %SystemRoot%\System32\nvshell.dll ->  [Ver =  | Size = 466944 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvtuicpl.cpl -> %SystemRoot%\System32\nvtuicpl.cpl ->  [Ver =  | Size = 73728 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll ->  [Ver =  | Size = 1724416 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll ->  [Ver =  | Size = 1101824 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
nwiz.exe -> %SystemRoot%\System32\nwiz.exe ->  [Ver =  | Size = 1657376 bytes | Modified Date = 9/17/2008 09:55:00 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 83260 bytes | Modified Date = 10/4/2008 01:44:05 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 452264 bytes | Modified Date = 10/4/2008 01:44:05 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 544768 bytes | Modified Date = 10/4/2008 01:44:05 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 12598 bytes | Modified Date = 10/4/2008 16:59:44 | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 10/4/2008 16:58:53 | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 2675 bytes | Modified Date = 10/2/2008 18:51:48 | Attr =	]
iTouch.ini -> %SystemRoot%\iTouch.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 10/4/2008 16:59:56 | Attr =	]
ModelCenter.INI -> %SystemRoot%\ModelCenter.INI ->  [Ver =  | Size = 363 bytes | Modified Date = 9/6/2008 17:56:19 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 10/4/2008 18:04:22 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 9/8/2008 21:23:07 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 9/27/2008 14:27:16 | Attr =  H ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 9/28/2008 13:19:11 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 775 bytes | Modified Date = 9/28/2008 13:19:11 | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 918 bytes | Modified Date = 9/28/2008 03:03:28 | Attr =	]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 330 bytes | Modified Date = 10/4/2008 17:02:00 | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/4/2008 16:58:58 | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 6/28/2005 01:31:42 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4646 bytes | Modified Date = 10/3/2008 13:29:02 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 10/3/2008 13:29:02 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 8/26/2005 23:57:07 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11122 bytes | Modified Date = 8/27/2005 00:05:11 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing ->  [Folder | Modified Date = 6/18/2008 21:34:11 | Attr =	]
06ecd811-a014-c159-64de-7732c08685f3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\06ecd811-a014-c159-64de-7732c08685f3.dat ->  [Ver =  | Size = 16694 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
0dbd8e2f-1a45-e757-4201-7d4d4ad4fab2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\0dbd8e2f-1a45-e757-4201-7d4d4ad4fab2.dat ->  [Ver =  | Size = 11528 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
221f3969-cf04-1758-6184-2aee1370572a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\221f3969-cf04-1758-6184-2aee1370572a.dat ->  [Ver =  | Size = 3088 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
2313c645-a922-ea30-d1a1-80ed54083f1e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\2313c645-a922-ea30-d1a1-80ed54083f1e.dat ->  [Ver =  | Size = 5105 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
26131447-e7fc-a812-c64b-0b9b98a773cc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\26131447-e7fc-a812-c64b-0b9b98a773cc.dat ->  [Ver =  | Size = 3060 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
27f153ed-9aae-3dbc-a796-876c7ab9f7e0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\27f153ed-9aae-3dbc-a796-876c7ab9f7e0.dat ->  [Ver =  | Size = 3050 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
45455ee2-8204-b66b-dee3-fca32f117708.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\45455ee2-8204-b66b-dee3-fca32f117708.dat ->  [Ver =  | Size = 11468 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
52095443-dd1e-03eb-c554-ff744aaa0f76.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\52095443-dd1e-03eb-c554-ff744aaa0f76.dat ->  [Ver =  | Size = 6043 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
587ef5b5-61c8-3b70-4548-3c041575defe.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\587ef5b5-61c8-3b70-4548-3c041575defe.dat ->  [Ver =  | Size = 11466 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
5ec4651e-9b6d-c320-9d64-4b91513f2389.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\5ec4651e-9b6d-c320-9d64-4b91513f2389.dat ->  [Ver =  | Size = 13366 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
60034caa-95a1-d172-fb2e-0aca5701bda4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\60034caa-95a1-d172-fb2e-0aca5701bda4.dat ->  [Ver =  | Size = 13362 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
675e4531-3bbc-212f-bc58-698595a74b47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\675e4531-3bbc-212f-bc58-698595a74b47.dat ->  [Ver =  | Size = 4190 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
752039a7-5da9-3cdf-763c-2528ebe202ce.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\752039a7-5da9-3cdf-763c-2528ebe202ce.dat ->  [Ver =  | Size = 4324 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
78f5e5ce-6a98-abc1-c451-8b5b8a07b333.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\78f5e5ce-6a98-abc1-c451-8b5b8a07b333.dat ->  [Ver =  | Size = 3033 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
79f5fead-ed9e-56da-65c1-aeb96fdbfe1e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\79f5fead-ed9e-56da-65c1-aeb96fdbfe1e.dat ->  [Ver =  | Size = 16750 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
81af57ac-992a-9f91-66fa-71f8c05d9c8d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\81af57ac-992a-9f91-66fa-71f8c05d9c8d.dat ->  [Ver =  | Size = 3338 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
8364fb4c-154f-9cef-21f9-1b05b9758773.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\8364fb4c-154f-9cef-21f9-1b05b9758773.dat ->  [Ver =  | Size = 3978 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
881e8eca-9d9e-a827-a5f6-737ceef8c581.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\881e8eca-9d9e-a827-a5f6-737ceef8c581.dat ->  [Ver =  | Size = 9218 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
88bc02c8-4c9e-6d02-2726-3ab1fb1ff157.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\88bc02c8-4c9e-6d02-2726-3ab1fb1ff157.dat ->  [Ver =  | Size = 3054 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
8941c683-bfbf-0630-cd49-b7cb3019116e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\8941c683-bfbf-0630-cd49-b7cb3019116e.dat ->  [Ver =  | Size = 4339 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
caaf3582-6767-976a-ae05-9556dc5b90c2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\caaf3582-6767-976a-ae05-9556dc5b90c2.dat ->  [Ver =  | Size = 13390 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
d8eb67a3-06b6-27c5-d2d4-9837d679185d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\d8eb67a3-06b6-27c5-d2d4-9837d679185d.dat ->  [Ver =  | Size = 16687 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
ec2361be-a252-19dc-1162-29d73e8bbbfc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\ec2361be-a252-19dc-1162-29d73e8bbbfc.dat ->  [Ver =  | Size = 7371 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
eebcbfc8-ab53-2dff-f399-86c959c8c9de.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\eebcbfc8-ab53-2dff-f399-86c959c8c9de.dat ->  [Ver =  | Size = 16690 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
f2146290-bcf1-6bb0-3b18-6836e46ddabc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\f2146290-bcf1-6bb0-3b18-6836e46ddabc.dat ->  [Ver =  | Size = 13348 bytes | Modified Date = 6/18/2008 21:34:11 | Attr =	]
fad295ff-fa37-22dd-cf2a-8907e395fae5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fad295ff-fa37-22dd-cf2a-8907e395fae5.dat ->  [Ver =  | Size = 5259 bytes | Modified Date = 6/18/2008 21:34:09 | Attr =	]
fc103390-b680-9269-081c-6fff1a49adf5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SL\DL\SoftwareLicensing\fc103390-b680-9269-081c-6fff1a49adf5.dat ->  [Ver =  | Size = 11472 bytes | Modified Date = 6/18/2008 21:34:10 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting ->  [Folder | Modified Date = 9/16/2006 12:42:56 | Attr =	]
GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\GridLayout.dat ->  [Ver =  | Size = 101841 bytes | Modified Date = 4/5/2005 15:39:08 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 10/4/2008 17:24:04 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fssm32.exe -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fsgk32.exe -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fssm32.exe -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 10/4/2008 17:24:04 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 10/4/2008 17:10:13 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 10/4/2008 17:10:13 | Attr =	]
daas_s.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 15:59:28 | Attr =	]
fm4av.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fpinor.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fsbl.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fsbld.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 2, 3, 0, 68 | Size = 551544 bytes | Modified Date = 10/4/2008 17:10:02 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fsmart.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 10/4/2008 17:10:11 | Attr =	]
fspe32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 10/4/2008 17:10:04 | Attr =	]
fsup32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14271 | Size = 888832 bytes | Modified Date = 10/4/2008 17:10:11 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 10/4/2008 17:10:01 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 10/4/2008 17:10:14 | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 10/4/2008 17:10:13 | Attr =	]
avpproxy.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 10/4/2008 17:10:13 | Attr =	]
fm4av.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 514048 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fpinor.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fsbl.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsecr32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fspe32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 385024 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsup32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 577536 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 73728 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 86016 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 98304 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupux32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.4.420 | Size = 90112 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 10/4/2008 17:10:11 | Attr =	]
fsmart.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 29 | Size = 147456 bytes | Modified Date = 10/4/2008 17:10:11 | Attr =	]
fsusscr.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.30.14271 | Size = 888832 bytes | Modified Date = 10/4/2008 17:10:11 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 10/4/2008 17:10:01 | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> Norman ASA [Ver = 5,93,01 | Size = 588856 bytes | Modified Date = 10/4/2008 17:10:01 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 10/4/2008 17:10:04 | Attr =	]
fssubmit.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 10/4/2008 17:10:04 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 10/4/2008 17:10:02 | Attr =	]
fsblu.dll -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 2, 3, 0, 68 | Size = 551544 bytes | Modified Date = 10/4/2008 17:10:02 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp ->  [Folder | Modified Date = 10/4/2008 19:38:54 | Attr =	]
Perflib_Perfdata_b48.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\Perflib_Perfdata_b48.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/4/2008 17:33:42 | Attr =	]
1 C:\Documents and Settings\Mohit Kapur\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\*.tmp -> 
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 10/4/2008 17:24:04 | Attr =	]
ext.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 10/4/2008 17:09:56 | Attr =	]
fsedb.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 1566322 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]

fsupplgn.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
perf.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 10/4/2008 19:36:49 | Attr =	]
sae.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 10/4/2008 17:09:56 | Attr =	]
sai.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 10/4/2008 17:09:56 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 10/4/2008 17:09:58 | Attr =	]
ext.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 10/4/2008 17:09:56 | Attr =	]
sae.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 10/4/2008 17:09:56 | Attr =	]
sai.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 10/4/2008 17:09:56 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsedb.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 1566322 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5828 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus ->  [Folder | Modified Date = 10/4/2008 17:24:04 | Attr =	]
FS@av.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 10/4/2008 17:09:56 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 10/4/2008 17:09:54 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 10/4/2008 17:10:02 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 10/4/2008 17:10:11 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 10/4/2008 17:10:04 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 10/4/2008 17:10:01 | Attr =	]
verdicts.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 10/4/2008 17:09:54 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avmisc\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avmisc ->  [Folder | Modified Date = 10/4/2008 17:09:58 | Attr =	]
FS@av.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 10/4/2008 17:09:56 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avpe\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avpe ->  [Folder | Modified Date = 10/4/2008 17:09:55 | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 10/4/2008 17:09:54 | Attr =	]
verdicts.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 4181 bytes | Modified Date = 10/4/2008 17:09:54 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta ->  [Folder | Modified Date = 10/4/2008 17:10:14 | Attr =	]
FS@corp.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 10/4/2008 17:10:14 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin ->  [Folder | Modified Date = 10/4/2008 17:10:08 | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 10/4/2008 17:10:08 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\mlcwin\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\mlcwin ->  [Folder | Modified Date = 10/4/2008 17:10:11 | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 10/4/2008 17:10:11 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb ->  [Folder | Modified Date = 10/4/2008 17:10:01 | Attr =	]
FS@peg.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 10/4/2008 17:10:01 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_33_bin\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_33_bin ->  [Folder | Modified Date = 10/4/2008 17:10:04 | Attr =	]
FS@ols.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 10/4/2008 17:10:04 | Attr =	]
C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_bl\ -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_bl ->  [Folder | Modified Date = 10/4/2008 17:10:02 | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\Mohit Kapur\Local Settings\temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 10/4/2008 17:10:02 | Attr =	]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 10/4/2008 19:36:37 | Attr =	]
Perflib_Perfdata_17c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_17c.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 10/4/2008 16:59:12 | Attr =	]
Perflib_Perfdata_214.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_214.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/4/2008 16:59:15 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 62464 bytes | Modified Date = 10/4/2008 18:05:24 | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 2624656 bytes | Modified Date = 9/27/2008 17:37:08 | Attr =  H ]
Information Session Start Date.doc -> G:\My Documents\Information Session Start Date.doc ->  [Ver =  | Size = 98816 bytes | Modified Date = 9/16/2008 23:45:15 | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 707 bytes | Modified Date = 9/29/2008 13:52:20 | Attr =	]
ALAVs_Proposal.pdf -> %UserProfile%\Desktop\ALAVs_Proposal.pdf ->  [Ver =  | Size = 5277295 bytes | Modified Date = 9/18/2008 16:09:34 | Attr =	]
antivir_workstation_winu_en_h.exe -> %UserProfile%\Desktop\antivir_workstation_winu_en_h.exe ->  [Ver =  | Size = 25085704 bytes | Modified Date = 10/3/2008 15:05:36 | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 724952 bytes | Modified Date = 10/4/2008 16:21:51 | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 9/28/2008 14:50:13 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 10/4/2008 14:03:46 | Attr =	]
Resume_Mohit_Kapur.pdf -> %UserProfile%\Desktop\Resume_Mohit_Kapur.pdf ->  [Ver =  | Size = 25814 bytes | Modified Date = 9/10/2008 17:16:50 | Attr =	]
Resume_Mohit_Kapur_in.doc -> %UserProfile%\Desktop\Resume_Mohit_Kapur_in.doc ->  [Ver =  | Size = 51712 bytes | Modified Date = 9/22/2008 21:57:58 | Attr =	]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe ->  [Ver = 3, 2, 12, 1 | Size = 305705 bytes | Modified Date = 10/3/2008 13:57:32 | Attr =	]
setupeng.exe -> %UserProfile%\Desktop\setupeng.exe ->  [Ver = 4.8.1229.0 | Size = 27462344 bytes | Modified Date = 10/3/2008 15:19:55 | Attr =	]
Statement_Aug_2008.pdf -> %UserProfile%\Desktop\Statement_Aug_2008.pdf ->  [Ver =  | Size = 173844 bytes | Modified Date = 9/5/2008 23:30:46 | Attr =	]
Statement_Sep 2008.pdf -> %UserProfile%\Desktop\Statement_Sep 2008.pdf ->  [Ver =  | Size = 235104 bytes | Modified Date = 10/3/2008 14:48:48 | Attr =	]
stmt_2008-07-31.pdf -> %UserProfile%\Desktop\stmt_2008-07-31.pdf ->  [Ver =  | Size = 42735 bytes | Modified Date = 9/5/2008 23:02:16 | Attr =	]
stmt_2008-08-31(2).pdf -> %UserProfile%\Desktop\stmt_2008-08-31(2).pdf ->  [Ver =  | Size = 42546 bytes | Modified Date = 10/3/2008 14:41:17 | Attr =	]
stmt_2008-08-31.pdf -> %UserProfile%\Desktop\stmt_2008-08-31.pdf ->  [Ver =  | Size = 42546 bytes | Modified Date = 9/5/2008 22:40:48 | Attr =	]

< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users