Inactive Keyboard/mouse/wallpaper probs

Schlacko · 2008/11/07

[Inactive] Keyboard/mouse/wallpaper probs

My mouse (intellimouse explorer 3.0) started cutting out a while ago, its old so I figured it may be expiring. Unplugging it an plugging it back in worked a bit but then I tried getting updated software for it, and it seemed to fix it, but then the problem returned and also seems to have spread to the keyboard. I put the keyboard in a different usb and it works fine now, not sure why. While scanning an removing old junk I got a new problem, wallpaper isn't showing up, its just plain black, sometimes with that little icon in the upper left like when a picture isn't displaying on a webpage. While trying to fix things I found another problem, I can't go to regedit, it says its been disabled by the system administrator..and I'm the only one that uses this computer...it even said that in safe mode. I've done several scans, mcafee, panda, spybot, uniblue, adaware... The mouse dying I can see, its a few years old, but the keyboard and computer (USB port) are only about a year old.

Below is my HJT log, any help is appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:37 PM, on 11/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\DOCUME~1\Ray\LOCALS~1\Temp\winlogin.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\DOCUME~1\Ray\LOCALS~1\Temp\winlogin.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Ray\LOCALS~1\Temp\csrssc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071108
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071108
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: C:\WINDOWS\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Ray\LOCALS~1\Temp\winlogin.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe "
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Ray\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Ray\LOCALS~1\Temp\csrssc.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O17 - HKLM\System\CS2\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O17 - HKLM\System\CS3\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Ray/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 9681 bytes

Aaflac · 2008/11/08

As far as the malware showing in your log, please do the following:

Run HijackThis, Scan
Check box for:

O2 - BHO: C:\WINDOWS\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Ray\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Ray\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Ray\LOCALS~1\Temp\csrssc.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll

O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll

Select: Fix checked

~~~~
Next, download SDFix
Save it to the Desktop

Now, reboot to Safe Mode

Restart your computer.

When the machine reboots, tap the F8 key before Windows starts

You are presented with a Windows XP Advanced Options menu.

Select the option for Safe Mode using the arrow keys.

Press Enter to boot into Safe Mode.

In Safe Mode, double-click SDFix.exe icon on the Desktop

Allow the program to extract to it's own folder (C:\SDFix)

Double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

The process removes any Trojan Services or Registry Entries found, and then prompts you to press any key to Reboot.

Press any key to restart the PC.

When the PC restarts the SDFix will run again and complete the removal process

It then displays Finished

Press any key to end the script and load the Desktop icons.

Once the Desktop icons load, the SDFix report opens on screen and saves itself in the SDFix folder as Report.txt.

~~~~
Next, download Malwarebytes' Anti-Malware (MBAM)
Save the program to the Desktop
Close all Windows, including this one.

On the Desktop, double-click mbam-setup.exe to install the program, and follow the prompts

If an update is found, MBAM will download and install the latest.

Click OK

At the main program window

Make sure the following is checked: Perform Quick Scan

Click: Scan (The scan may take some time to finish, so please be patient.)

When the scan completes, a message box appears

Click OK

At the main Scanner screen:

Click on: Show Results

A screen displaying the malware found shows

Make sure everything found is checked, and click: Remove Selected

When the disinfection is complete, you may be prompted to Restart. Please do so.

When MBAM finishes removing the malware, a log opens in Notepad

The log is automatically saved and can be viewed by clicking the Logs tab.

~~~~
Download Random's System Information Tool (RSIT)

Save it to the Desktop

Double click on RSIT.exe to run the programRSIT

Click Continue at the disclaimer screen

Once the tool finishes, two logs open. Log.txt is maximized, and info.txt is minimized.(The logs are also contained in C:\rsit

~~~~
Please provide the following in your reply:
The contents of the SDFix Report.txt
The MBAM report
The RSIT: Log.txt and info.txt logs.

You may need to do consecutive posts (one after the other) if the logs are too long.

Schlacko · 2008/11/09

thanks for your help. I may not have been as patient as I should have. The safemode SDfix scan took about 20 minutes like it said it would, but the regular mode was at about 4 hours when I killed it, it said it would be 'several minutes' not several hours so I figured something might have been wrong. I'll try that one again overnight. My keyboard is working again in its native usb, the mouse is good for now, but its been good for a bit then gone real shady before. I can edit my registry again, but the desktop background is still plain black with the little 'no image' icon in the corner.

MBam said no malware detected so I'll omit that log, I'm not even sure where it went.. heres longass rsit info.txt

info.txt logfile of random's system information tool 1.04 2008-11-09 17:50:30

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent--> "C:\Program Files\uTorrent\uninstall.exe "
ACD/Labs Software in C:\Program Files\ACDFREE11\-->C:\Program Files\ACDFREE11\setup\setup.exe -uninstall
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
BPS Audio Converter Pro 4.3.0.5--> "C:\Program Files\BPS\AudioConverterPro\unins000.exe "
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Capitalism II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF581945-BBE9-11D5-A7FE-50275FC10000}\Setup.exe" -uninst
CDisplay 1.8--> "C:\Program Files\CDisplay\unins000.exe "
CDRWIN-->C:\PROGRA~1\CDRWIN\UNWISE.EXE C:\PROGRA~1\CDRWIN\INSTALL.LOG
Command & Conquerâ„¢ Red Alertâ„¢ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Crystal10-->MsiExec.exe /I{91FD3E1D-FE00-4ECB-8379-204704812A9D}
CyberLink PowerDVD 8--> "C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
Dell DataSafe Online-->MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center-->MsiExec.exe /X{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
Ease Audio Converter 4.80--> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe "
Easy CD Clone-->C:\PROGRA~1\EASYCD~1\UNWISE.EXE C:\PROGRA~1\EASYCD~1\INSTALL.LOG
FileASSASSIN-->C:\Program Files\FileASSASSIN\uninst.exe
FinePixViewer Ver.4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
gBurner--> "C:\Program Files\gBurner\uninstall.exe "
GhostMouse 2.0-->C:\WINDOWS\uninst.exe -fC:\GMouse20\DeIsL1.isu -cC:\GMouse20\_ISREG32.DLL
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll "
Google Updater--> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GraphCalc v4.0.1--> "C:\Program Files\GraphCalc\unins000.exe "
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hospital Tycoon-->C:\Program Files\Codemasters\Hospital Tycoon\uninstall.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=" "
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
ImageConverter Plus 7.1--> "C:\Program Files\ImageConverter Plus\unins000.exe "
ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel(R) Network Connections 13.0.42.0-->MsiExec.exe /i{2223FC2F-B862-4F83-BC9E-DDF2DADF2859} ARPREMOVE=1
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.14.10--> "C:\Program Files\LimeWire\uninstall.exe "
LiveUpdate 3.1 (Symantec Corporation)--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LucasArts' Star Wars Rebellion-->C:\WINDOWS\uninst.exe -f "C:\Program Files\LucasArts\Star Wars Rebellion\DeIsL1.isu "
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MicroStaff WINASPI NT-->C:\MWASPINT\uninst.exe
mIRC--> "C:\Program Files\mIRC\mirc.exe" -uninstall
Modem Diagnostic Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mp3-2-wav converter 1.14-->C:\WINDOWS\iun506.exe C:\Program Files\Mp3 File Editor\plugins\\irunin_mp32wav.ini
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NOMAD MuVo^2 Driver-->C:\Program Files\Creative\NOMAD MuVo2 Drivers\DrvUnins.exe /s
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OrCAD 10.5 Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C250969-BFBA-469D-896F-7A02450BB98C}\SETUP.EXE" -l0x9 Uninstall
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
PowerISO--> "C:\Program Files\PowerISO\uninstall.exe "
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords-->C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Smart MP3 Renamer 1.4--> "C:\Program Files\Smart MP3 Renamer\unins000.exe "
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Stronghold Crusader Extreme--> "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" -runfromtemp -l0x0009 -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Uniblue DriverScanner 2009--> "C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Uniblue RegistryBooster 2--> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe "
Uniblue SpeedUpMyPC 2009--> "C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WAV MP3 Converter 2.9 build 889-->C:\Program Files\HooTech\WAV_MP3\uninst.exe
Winamp--> "C:\Program Files\Winamp\UninstWA.exe "
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zortam Mp3 Media Studio 8.45--> "C:\Program Files\Zortam Mp3 Media Studio\unins000.exe "

=====HijackThis Backups=====

O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Ray\LOCALS~1\Temp\winlogin.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Ray\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Ray\LOCALS~1\Temp\csrssc.exe
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O2 - BHO: C:\WINDOWS\system32\jsne87fidgf.dll - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ImageConverter Plus;;C:\OrCAD\OrCAD_10.5_Demo\tools\specctra\bin;C:\OrCAD\OrCAD_10.5_Demo\tools\PSpice\Library;C:\OrCAD\OrCAD_10.5_Demo\tools\Capture;C:\OrCAD\OrCAD_10.5_Demo\tools\bin;C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin;C:\Program Files\Intel\DMIX
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION "=0f02
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"RoxioCentral "=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CDSROOT "=C:\OrCAD\OrCAD_10.5_Demo

-----------------EOF-----------------

Aaflac · 2008/11/09

Please post the RSIT: Log.txt. You only posted the info.txt

The Log.txt will give a better idea of the system's current status.

Also, post the SDFix results if you get it to run this evening.

Schlacko · 2008/11/09

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ray at 2008-11-09 18:13:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (5%) free of 235 GB
Total RAM: 1022 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:22 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Documents and Settings\Ray\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071108
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071108
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe "
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O17 - HKLM\System\CS2\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O17 - HKLM\System\CS3\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Ray/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 8869 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-09-17 8491008]
"dscactivate "=c:\dell\dsca.exe [2007-07-30 16384]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2007-09-17 81920]
"mcagent_exe "=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"LVCOMS "=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"REGSHAVE "=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"IntelliPoint "=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-01-09 16859648]
"Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SDFix "=C:\SDFix\RunThis.bat [2008-11-06 964661]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware "=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools Pro Agent "=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"Uniblue RegistryBooster 2009 "=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"Uniblue RegistryBooster 2 "=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2008-05-05 1923352]
"msiexec.exe "=msiconf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@RegRunOnSecure]
C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater]
WinUpdater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3MediaStudio]
C:\Program Files\Zortam Mp3 Media Studio\zmmspro.exe [2008-09-08 2834432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ray^Start Menu^Programs^Startup^ipoint.exe]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoFolderOptions "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe "= "C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Warcraft III\Warcraft III.exe "= "C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update "
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe "= "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsdoc.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsdoc.exe:*:Enabled:cdsdoc (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsinfo.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsinfo.exe:*:Enabled:cdsinfo (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsmps.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsmps.exe:*:Enabled:cdsmps (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsMsgServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsMsgServer.exe:*:Enabled:cdsMsgServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsNameServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsNameServer.exe:*:Enabled:cdsNameServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRemshClient.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRemshClient.exe:*:Enabled:cdsRemshClient (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRunHidden.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRunHidden.exe:*:Enabled:cdsRunHidden (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsUnzip.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsUnzip.exe:*:Enabled:cdsUnzip (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdswhich.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdswhich.exe:*:Enabled:cdswhich (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsZip.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsZip.exe:*:Enabled:cdsZip (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cds_root.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cds_root.exe:*:Enabled:cds_root (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsAdminTool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsAdminTool.exe:*:Enabled:clsAdminTool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsbd.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsbd.exe:*:Enabled:clsbd (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clu.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clu.exe:*:Enabled:clu (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\dregprint.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\dregprint.exe:*:Enabled:dregprint (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\mpsinfo.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\mpsinfo.exe:*:Enabled:mpsinfo (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmp.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmp.exe:*:Enabled:nmp (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmppath.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmppath.exe:*:Enabled:nmppath (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\van.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\van.exe:*:Enabled:van (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\versionviewer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\versionviewer.exe:*:Enabled:versionviewer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\capture.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\capture.exe:*:Enabled:capture (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\comp16.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\comp16.exe:*:Enabled:comp16 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pcadi.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pcadi.exe:*:Enabledcadi (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pspiceexplorersrvr.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pstswp.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pstswp.exe:*:Enabledstswp (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\regsvr32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\sch2cap.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\sch2cap.exe:*:Enabled:sch2cap (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\SETBROWS.EXE "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\SETBROWS.EXE:*:Enabled:SETBROWS (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\tutorial\CAPTUTOR.EXE "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\tutorial\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\cdsservipc.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\cdsservipc.exe:*:Enabled:cdsservipc (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill.exe:*:Enabled:skill (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill_g.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill_g.exe:*:Enabled:skill_g (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\mkdefcfg.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\mkdefcfg.exe:*:Enabled:mkdefcfg (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\versiontool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\versiontool.exe:*:Enabled:versiontool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\javaws-1_2_0_02-windows-i586-i.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\javaws-1_2_0_02-windows-i586-i.exe:*:Enabled:javaws-1_2_0_02-windows-i586-i (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\java.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\java.exe:*:Enabled:java (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\javaw.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\javaw.exe:*:Enabled:javaw (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\jpicpl32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\jpicpl32.exe:*:Enabled:jpicpl32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\keytool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\keytool.exe:*:Enabled:keytool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\kinit.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\kinit.exe:*:Enabled:kinit (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\klist.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\klist.exe:*:Enabled:klist (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\ktab.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\ktab.exe:*:Enabled:ktab (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\orbd.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\orbd.exe:*:Enabledrbd (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\policytool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\policytool.exe:*:Enabledolicytool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmid.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmid.exe:*:Enabled:rmid (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmiregistry.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmiregistry.exe:*:Enabled:rmiregistry (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\servertool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\servertool.exe:*:Enabled:servertool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\tnameserv.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\tnameserv.exe:*:Enabled:tnameserv (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\fvupdateutil.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\fvupdateutil.exe:*:Enabled:fvupdateutil (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\gcdin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\gcdin.exe:*:Enabled:gcdin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\idfin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\idfin.exe:*:Enabled:idfin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\layout.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\layout.exe:*:Enabled:layout (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\libcat.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\libcat.exe:*:Enabled:libcat (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\lsession.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\lsession.exe:*:Enabled:lsession (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxascx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxascx.exe:*:Enabled:maxascx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxdxf.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxdxf.exe:*:Enabled:maxdxf (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxeco.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxeco.exe:*:Enabled:maxeco (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxfnetx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxfnetx.exe:*:Enabled:maxfnetx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxminx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxminx.exe:*:Enabled:maxminx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxorcad.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxorcad.exe:*:Enabled:maxorcad (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxp99x.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxp99x.exe:*:Enabled:maxp99x (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpadx.exe:*:Enabled:maxpadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpcadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpcadx.exe:*:Enabled:maxpcadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxprotx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxprotx.exe:*:Enabled:maxprotx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxstrx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxstrx.exe:*:Enabled:maxstrx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxtangx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxtangx.exe:*:Enabled:maxtangx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\mfceco.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\mfceco.exe:*:Enabled:mfceco (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\padx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\padx.exe:*:Enabledadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcadx.exe:*:Enabledcadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcb2max.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcb2max.exe:*:Enabledcb2max (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\prcat.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\prcat.exe:*:Enabledrcat (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\protx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\protx.exe:*:Enabledrotx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\searchTool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\searchTool.exe:*:Enabled:searchTool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\setbrows.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\setbrows.exe:*:Enabled:setbrows (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\specin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\specin.exe:*:Enabled:specin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\strx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\strx.exe:*:Enabled:strx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tangx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tangx.exe:*:Enabled:tangx (OrCAD 10.5 Demo) "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe "= "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsdoc.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsdoc.exe:*:Enabled:cdsdoc (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsinfo.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsinfo.exe:*:Enabled:cdsinfo (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsmps.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsmps.exe:*:Enabled:cdsmps (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsMsgServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsMsgServer.exe:*:Enabled:cdsMsgServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsNameServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsNameServer.exe:*:Enabled:cdsNameServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRemshClient.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRemshClient.exe:*:Enabled:cdsRemshClient (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRunHidden.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRunHidden.exe:*:Enabled:cdsRunHidden (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsUnzip.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsUnzip.exe:*:Enabled:cdsUnzip (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdswhich.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdswhich.exe:*:Enabled:cdswhich (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsZip.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsZip.exe:*:Enabled:cdsZip (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cds_root.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cds_root.exe:*:Enabled:cds_root (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsAdminTool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsAdminTool.exe:*:Enabled:clsAdminTool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsbd.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsbd.exe:*:Enabled:clsbd (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clu.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clu.exe:*:Enabled:clu (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\dregprint.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\dregprint.exe:*:Enabled:dregprint (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\mpsinfo.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\mpsinfo.exe:*:Enabled:mpsinfo (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmp.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmp.exe:*:Enabled:nmp (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmppath.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmppath.exe:*:Enabled:nmppath (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\van.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\van.exe:*:Enabled:van (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\versionviewer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\versionviewer.exe:*:Enabled:versionviewer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\capture.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\capture.exe:*:Enabled:capture (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\comp16.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\comp16.exe:*:Enabled:comp16 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pcadi.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pcadi.exe:*:Enabledcadi (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pspiceexplorersrvr.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pstswp.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pstswp.exe:*:Enabledstswp (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\regsvr32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\sch2cap.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\sch2cap.exe:*:Enabled:sch2cap (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\SETBROWS.EXE "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\SETBROWS.EXE:*:Enabled:SETBROWS (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\tutorial\CAPTUTOR.EXE "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\tutorial\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\cdsservipc.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\cdsservipc.exe:*:Enabled:cdsservipc (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill.exe:*:Enabled:skill (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill_g.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill_g.exe:*:Enabled:skill_g (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\mkdefcfg.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\mkdefcfg.exe:*:Enabled:mkdefcfg (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\versiontool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\versiontool.exe:*:Enabled:versiontool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\javaws-1_2_0_02-windows-i586-i.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\javaws-1_2_0_02-windows-i586-i.exe:*:Enabled:javaws-1_2_0_02-windows-i586-i (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\java.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\java.exe:*:Enabled:java (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\javaw.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\javaw.exe:*:Enabled:javaw (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\jpicpl32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\jpicpl32.exe:*:Enabled:jpicpl32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\keytool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\keytool.exe:*:Enabled:keytool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\kinit.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\kinit.exe:*:Enabled:kinit (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\klist.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\klist.exe:*:Enabled:klist (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\ktab.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\ktab.exe:*:Enabled:ktab (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\orbd.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\orbd.exe:*:Enabledrbd (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\policytool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\policytool.exe:*:Enabledolicytool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmid.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmid.exe:*:Enabled:rmid (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmiregistry.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmiregistry.exe:*:Enabled:rmiregistry (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\servertool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\servertool.exe:*:Enabled:servertool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\tnameserv.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\tnameserv.exe:*:Enabled:tnameserv (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\fvupdateutil.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\fvupdateutil.exe:*:Enabled:fvupdateutil (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\gcdin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\gcdin.exe:*:Enabled:gcdin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\idfin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\idfin.exe:*:Enabled:idfin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\layout.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\layout.exe:*:Enabled:layout (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\libcat.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\libcat.exe:*:Enabled:libcat (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\lsession.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\lsession.exe:*:Enabled:lsession (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxascx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxascx.exe:*:Enabled:maxascx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxdxf.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxdxf.exe:*:Enabled:maxdxf (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxeco.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxeco.exe:*:Enabled:maxeco (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxfnetx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxfnetx.exe:*:Enabled:maxfnetx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxminx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxminx.exe:*:Enabled:maxminx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxorcad.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxorcad.exe:*:Enabled:maxorcad (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxp99x.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxp99x.exe:*:Enabled:maxp99x (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpadx.exe:*:Enabled:maxpadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpcadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpcadx.exe:*:Enabled:maxpcadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxprotx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxprotx.exe:*:Enabled:maxprotx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxstrx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxstrx.exe:*:Enabled:maxstrx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxtangx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxtangx.exe:*:Enabled:maxtangx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\mfceco.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\mfceco.exe:*:Enabled:mfceco (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\padx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\padx.exe:*:Enabledadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcadx.exe:*:Enabledcadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcb2max.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcb2max.exe:*:Enabledcb2max (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\prcat.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\prcat.exe:*:Enabledrcat (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\protx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\protx.exe:*:Enabledrotx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\searchTool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\searchTool.exe:*:Enabled:searchTool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\setbrows.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\setbrows.exe:*:Enabled:setbrows (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\specin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\specin.exe:*:Enabled:specin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\strx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\strx.exe:*:Enabled:strx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tangx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tangx.exe:*:Enabled:tangx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tomax.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tomax.exe:*:Enabled:tomax (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tospec.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tospec.exe:*:Enabled:tospec (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\update90.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\update90.exe:*:Enabled:update90 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\sroute\batch32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\sroute\batch32.exe:*:Enabled:batch32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\sroute\sroute.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\sroute\sroute.exe:*:Enabled:sroute (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tutorial\laytutor.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tutorial\laytutor.exe:*:Enabled:laytutor (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pcb\bin\specctra.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pcb\bin\specctra.exe:*:Enabled:specctra (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\IndiceFileGeneration.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\IndiceFileGeneration.exe:*:Enabled:IndiceFileGeneration (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\Magneticdesigner.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\Magneticdesigner.exe:*:Enabled:Magneticdesigner (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\modeled.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\modeled.exe:*:Enabled:modeled (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\MrkSrvr.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\MrkSrvr.exe:*:Enabled:MrkSrvr (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\pspice.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\pspice.exe:*:Enabledspice (OrCAD 10.5 Demo) "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{527ecff9-90a9-11dc-8500-001aa09c7908}]
shell\AutoRun\command - G:\LaunchU3.exe -a

Schlacko · 2008/11/09

2nd part, since it was too long. also I thought I posted them earlier but didn't realize it wasn't letting me since so much of the log would come out as smilies...

======List of files/folders created in the last 1 months======

2008-11-09 17:50:17 ----D---- C:\rsit
2008-11-09 17:27:16 ----D---- C:\Documents and Settings\Ray\Application Data\Malwarebytes
2008-11-09 17:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-09 17:27:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-09 11:17:41 ----D---- C:\WINDOWS\ERUNT
2008-11-09 11:16:53 ----D---- C:\SDFix
2008-11-08 11:28:19 ----RASHOT---- C:\WINDOWS\winstart.bat
2008-11-08 11:27:02 ----D---- C:\Program Files\Greatis
2008-11-08 10:52:21 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-11-08 00:34:12 ----A---- C:\WINDOWS\system32\ws29393.dll
2008-11-08 00:34:12 ----A---- C:\WINDOWS\system32\mws29393.dll
2008-11-08 00:34:06 ----D---- C:\Program Files\MSVideoPlugin
2008-11-07 23:25:47 ----D---- C:\Program Files\Exterminate It!
2008-11-07 22:13:20 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-11-07 21:14:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-07 21:12:44 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-07 21:12:39 ----D---- C:\Program Files\MSBuild
2008-11-07 21:12:29 ----D---- C:\Program Files\Reference Assemblies
2008-11-07 21:08:27 ----D---- C:\Documents and Settings\Ray\Application Data\WinBatch
2008-11-07 21:08:05 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-11-07 21:07:22 ----D---- C:\Program Files\Realtek
2008-11-07 21:07:20 ----A---- C:\WINDOWS\RtlExUpd.dll
2008-11-07 21:07:20 ----A---- C:\WINDOWS\HideWin.exe
2008-11-07 20:57:15 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2008-11-07 20:57:15 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2008-11-07 20:57:15 ----N---- C:\WINDOWS\system32\prntvpt.dll
2008-11-07 20:57:14 ----D---- C:\2751ec6fae986f5f6d894f9f7375a6ae
2008-11-07 20:56:41 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-07 20:48:03 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-11-07 20:47:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-07 20:45:53 ----D---- C:\5fed41e3604af86fcd346bd3e7e5605c
2008-11-07 20:45:47 ----RHD---- C:\AHCache
2008-11-07 20:45:39 ----D---- C:\eb06fbdb3574a816b6407323
2008-11-07 18:49:42 ----D---- C:\Program Files\Panda Security
2008-11-07 15:50:10 ----D---- C:\Program Files\Uniblue
2008-11-07 15:43:32 ----D---- C:\Documents and Settings\Ray\Application Data\Uniblue
2008-11-07 00:18:35 ----A---- C:\WINDOWS\system32\TDSSoiqh.dll
2008-11-07 00:18:34 ----A---- C:\qnurnd.exe
2008-11-07 00:18:18 ----A---- C:\WINDOWS\system32\jsne87fidgf.dll
2008-11-05 11:27:36 ----D---- C:\Documents and Settings\Ray\Application Data\Red Alert 3
2008-11-05 11:04:41 ----D---- C:\Program Files\Electronic Arts
2008-11-03 15:21:40 ----D---- C:\Documents and Settings\Ray\Application Data\PRODEGETOOLBAR641
2008-10-30 21:53:20 ----D---- C:\Program Files\Firaxis Games
2008-10-27 00:08:44 ----D---- C:\Capitalism II
2008-10-25 23:49:00 ----D---- C:\Documents and Settings\Ray\Application Data\My Games
2008-10-25 22:55:42 ----D---- C:\Program Files\gBurner
2008-10-25 19:23:35 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-25 19:23:35 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-25 19:23:35 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-25 19:23:34 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-25 19:23:34 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-25 19:23:34 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-25 19:23:33 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-25 19:23:33 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-25 19:23:33 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-25 19:23:32 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-25 19:23:32 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-25 19:23:32 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-25 19:23:31 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-25 19:23:31 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-25 19:23:31 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-25 19:23:29 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-25 19:23:28 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-25 19:23:28 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-25 19:23:27 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-25 19:22:41 ----D---- C:\WINDOWS\Logs
2008-10-25 19:20:36 ----D---- C:\WINDOWS\system32\AGEIA
2008-10-25 19:20:33 ----D---- C:\Program Files\AGEIA Technologies
2008-10-24 13:39:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 12:40:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-23 21:10:18 ----D---- C:\Program Files\Common Files\DirectX
2008-10-23 09:49:45 ----D---- C:\Program Files\Codemasters
2008-10-15 16:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 16:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 16:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 16:48:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 16:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-09 18:13:18 ----D---- C:\WINDOWS\Temp
2008-11-09 18:07:46 ----D---- C:\Program Files\Mozilla Firefox
2008-11-09 17:51:52 ----D---- C:\WINDOWS\Prefetch
2008-11-09 17:27:08 ----D---- C:\WINDOWS\system32\drivers
2008-11-09 17:27:01 ----D---- C:\Program Files
2008-11-09 17:26:21 ----D---- C:\WINDOWS
2008-11-09 16:46:32 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-09 16:34:44 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-09 16:26:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-09 11:28:07 ----D---- C:\WINDOWS\system32
2008-11-09 11:22:36 ----SHD---- C:\WINDOWS\system32\dllcache
2008-11-08 20:47:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-08 20:47:17 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-11-08 18:41:29 ----RSH---- C:\boot.ini
2008-11-08 18:41:29 ----A---- C:\WINDOWS\win.ini
2008-11-08 18:41:29 ----A---- C:\WINDOWS\system.ini
2008-11-08 18:35:52 ----SD---- C:\WINDOWS\Tasks
2008-11-08 18:22:33 ----HD---- C:\WINDOWS\inf
2008-11-08 18:21:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-08 18:21:42 ----SHD---- C:\WINDOWS\Installer
2008-11-08 18:21:39 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-11-08 16:16:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-08 11:39:59 ----D---- C:\Documents and Settings\Ray\Application Data\uTorrent
2008-11-08 00:45:30 ----D---- C:\School
2008-11-07 21:28:55 ----RSD---- C:\WINDOWS\assembly
2008-11-07 21:26:20 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-07 21:17:16 ----D---- C:\i386
2008-11-07 21:13:42 ----D---- C:\WINDOWS\WinSxS
2008-11-07 21:13:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-07 21:12:37 ----D---- C:\WINDOWS\system32\en-US
2008-11-07 21:12:35 ----RSD---- C:\WINDOWS\Fonts
2008-11-07 21:08:05 ----D---- C:\WINDOWS\system32\RTCOM
2008-11-07 21:07:22 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-07 21:04:37 ----D---- C:\Program Files\Intel
2008-11-07 20:57:42 ----D---- C:\WINDOWS\system32\spool
2008-11-07 20:54:25 ----D---- C:\Program Files\mIRC
2008-11-07 20:53:06 ----D---- C:\Program Files\Internet Explorer
2008-11-07 20:48:13 ----D---- C:\WINDOWS\system32\config
2008-11-07 20:41:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-07 18:49:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-07 16:42:46 ----SHD---- C:\RECYCLER
2008-11-06 23:35:19 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-05 11:04:41 ----D---- C:\WINDOWS\system32\DirectX
2008-10-25 19:23:16 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-25 19:20:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 14:03:37 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-24 13:38:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 12:42:07 ----D---- C:\Documents and Settings\Ray\Application Data\Google
2008-10-24 12:41:23 ----D---- C:\Program Files\Google
2008-10-23 21:10:18 ----D---- C:\Program Files\Common Files
2008-10-23 10:29:50 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

2008-10-22 00:33:27 ----D---- C:\temp
2008-10-21 21:52:11 ----D---- C:\Audio1
2008-10-21 20:37:10 ----D---- C:\Audio
2008-10-15 16:49:44 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 01:28:09 ----SD---- C:\Documents and Settings\Ray\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-11-07 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2002-06-21 8224]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-02-06 242320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-15 4652544]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-17 6853088]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-06-10 31048]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 a7qofmyy;a7qofmyy; C:\WINDOWS\system32\drivers\a7qofmyy.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 10254]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 o1394bul;o1394bul; \??\C:\DOCUME~1\Ray\LOCALS~1\Temp\o1394bul.sys []
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V); C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 220079]
S3 RegGuard;RegGuard; \??\C:\WINDOWS\system32\Drivers\regguard.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\drivers\wanatw.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-02 198336]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 168432]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-17 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-10 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Aaflac · 2008/11/09

Thanks for posting the RSIT log.txt!

Please do the following while we get to the root of the problem:

Backup the Windows Registry:
Download ERUNT

Save to the Desktop

Double-click on the file to install the program

Uncheck the NTREGOPT Desktop shortcut option

Click No when the option to run Erunt at Windows startup is presented.

During the installation, click: Launch ERUNT

Accept the default settings for running a backup

Erunt will now backup the Registry

After ERUNT completes the Windows Registry backup, click OK to exit.

~~~~
Next, download FixPolicies.ex

Double-click FixPolicies.exe

In the next prompt, click: Install

The program creates a FixPolicies folder, double-click to open it

Double-click: Fix_Policies.cmd

A black box briefly appears and then closes.

This enables Control Panel, Task Manager, Regedit, and stops any Administrative warnings.

This enables Regedit, Control Panel, Task Manager, and stops Administrative warnings, etc.

If the malware resets the Registry policy keys again, you can run FixPolicies again.
A permanent solution requires removing the infection.

Aaflac · 2008/11/09

Let's take action to remove the infection...

Please download OTMoveIt3 to the Desktop.

Double-click on OTMoveIt3.exe to run it.

Copy and paste all of the following inside the code box below into the Paste List Of File/Folders To Move area of OTMoveIt3
Code:
:processes 
explorer.exe 
:files 
C:\WINDOWS\system32\msiconf.exe 
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\winstart.bat
C:\WINDOWS\system32\ws29393.dll
C:\WINDOWS\system32\mws29393.dll
C:\WINDOWS\system32\TDSSoiqh.dll
C:\qnurnd.exe
C:\WINDOWS\system32\jsne87fidgf.dll
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
 "msiexec.exe "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd]
:commands 
[emptytemp] 
[start explorer]
Click the red Moveit! button

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes.

Copy/Paste the contents under Results in your reply.

If the machine rebooted, and you are unable to copy/paste from the Results window, do the following:
Open Notepad (Start > All Programs > Accessories > Notepad)
Click: File > Open
In the File Name box enter *.log and press the Enter key
Navigate to the C:\_OTMoveIt\MovedFiles folder
Open the newest .log file present

Otherwise, Copy/Paste the contents under Results

Close OTMoveIt3

~~~~
There is a Desktop image running from the Temp folder.

Although I rather doubt it, must ask, have you configured the following Active Desktop Component:
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Ray/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

If the above is not familiar, please do the following:

Go to Start > Control Panel, and double click: Display
In the Desktop tab, select: Customize Desktop
Next, select the Web tab

In the Web pages area, uncheck and Delete all the entries there, except for:
My current home page

Click Apply, and then OK.

~~~~
Run RSIT once again.

~~~~
Please provide the OTMoveIt3 log contents, and the new RSIT log.txt in your reply.

Schlacko · 2008/11/10

SDFix managed to finish. It seems to have fixed the desktop wallpaper problem. The mouse issue remains. another thing I didn't mention, cause I kind of doubt its related to malware, is my internet being screwy sometimes. The network connection icon on the taskbar continually goes between 'local area connection is now connected' and 'a network cable is unplugged.' I know this part only affects this computer cause the other 2 computers on the network aren't having this problem. the cable box seems fine too, and resetting the modem doesn't help. anyways heres the SDFix log. thanks again.

SDFix: Version 1.240
Run by Administrator on Mon 11/10/2008 at 01:19 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 08:34:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1 "=dword:2df9c43f
"s2 "=dword:110480d0
"h0 "=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0 "=dword:00000000
"hdf12 "=hex:17,4c,d1,ee,40,2d,1e,5e,3f,e5,68,ee,7a,27,d4,6a,93,95,26,6b,ce,..
"p0 "= "C:\Program Files\DAEMON Tools Pro\ "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0 "=hex:20,01,00,00,bc,3a,63,49,b7,60,df,a7,1c,88,7c,cd,a0,b6,a6,de,d2,..
"hdf12 "=hex:18,05,a0,b8,0d,14,a6,31,4d,8b,3f,93,61,10,fe,9a,f9,a6,9b,56,d7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12 "=hex:2b,47,58,f4,85,22,59,2e,8c,4a,0d,a3,49,72,ab,5f,3a,f2,7c,ad,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12 "=hex:b8,75,99,ba,5c,f3,f1,2c,0d,13,17,8d,80,d1,24,cb,c2,ab,6c,39,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0 "=dword:00000000
"hdf12 "=hex:17,4c,d1,ee,40,2d,1e,5e,3f,e5,68,ee,7a,27,d4,6a,93,95,26,6b,ce,..
"p0 "= "C:\Program Files\DAEMON Tools Pro\ "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0 "=hex:20,01,00,00,bc,3a,63,49,b7,60,df,a7,1c,88,7c,cd,a0,b6,a6,de,d2,..
"hdf12 "=hex:18,05,a0,b8,0d,14,a6,31,4d,8b,3f,93,61,10,fe,9a,f9,a6,9b,56,d7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12 "=hex:2b,47,58,f4,85,22,59,2e,8c,4a,0d,a3,49,72,ab,5f,3a,f2,7c,ad,f3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12 "=hex:b8,75,99,ba,5c,f3,f1,2c,0d,13,17,8d,80,d1,24,cb,c2,ab,6c,39,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0 "=dword:00000000
"hdf12 "=hex:17,4c,d1,ee,40,2d,1e,5e,3f,e5,68,ee,7a,27,d4,6a,93,95,26,6b,ce,..
"p0 "= "C:\Program Files\DAEMON Tools Pro\ "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0 "=hex:20,01,00,00,bc,3a,63,49,b7,60,df,a7,1c,88,7c,cd,a0,b6,a6,de,d2,..
"hdf12 "=hex:a7,9c,62,21,ec,89,b8,0e,01,30,51,a4,d6,56,71,f1,af,70,f2,1c,c5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12 "=hex:a3,92,94,ef,87,d6,69,4e,f7,8d,31,17,13,be,1d,3b,e9,7d,56,88,e4,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL "
"C:\\Program Files\\uTorrent\\uTorrent.exe "= "C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Ã¦Torrent "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\\Program Files\\mIRC\\mirc.exe "= "C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC "
"C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe "= "C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader "
"C:\\Program Files\\AIM6\\aim6.exe "= "C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM "
"C:\\Program Files\\Warcraft III\\Warcraft III.exe "= "C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "= "C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe "= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 "
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe "= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 "
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe "= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update "
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe "= "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsdoc.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsdoc.exe:*:Enabled:cdsdoc (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsinfo.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsinfo.exe:*:Enabled:cdsinfo (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsmps.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsmps.exe:*:Enabled:cdsmps (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsMsgServer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsMsgServer.exe:*:Enabled:cdsMsgServer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsNameServer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsNameServer.exe:*:Enabled:cdsNameServer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRemshClient.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRemshClient.exe:*:Enabled:cdsRemshClient (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRunHidden.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRunHidden.exe:*:Enabled:cdsRunHidden (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsUnzip.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsUnzip.exe:*:Enabled:cdsUnzip (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdswhich.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdswhich.exe:*:Enabled:cdswhich (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsZip.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsZip.exe:*:Enabled:cdsZip (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cds_root.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cds_root.exe:*:Enabled:cds_root (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsAdminTool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsAdminTool.exe:*:Enabled:clsAdminTool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsbd.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsbd.exe:*:Enabled:clsbd (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clu.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clu.exe:*:Enabled:clu (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\dregprint.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\dregprint.exe:*:Enabled:dregprint (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\mpsinfo.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\mpsinfo.exe:*:Enabled:mpsinfo (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmp.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmp.exe:*:Enabled:nmp (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmppath.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmppath.exe:*:Enabled:nmppath (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\obServer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\van.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\van.exe:*:Enabled:van (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\versionviewer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\versionviewer.exe:*:Enabled:versionviewer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\capture.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\capture.exe:*:Enabled:capture (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\comp16.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\comp16.exe:*:Enabled:comp16 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pcadi.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pcadi.exe:*:Enabledcadi (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pspiceexplorersrvr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pstswp.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pstswp.exe:*:Enabledstswp (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\regsvr32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\sch2cap.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\sch2cap.exe:*:Enabled:sch2cap (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\SETBROWS.EXE "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\SETBROWS.EXE:*:Enabled:SETBROWS (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\tutorial\\CAPTUTOR.EXE "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\tutorial\\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\obServer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\cdsservipc.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\cdsservipc.exe:*:Enabled:cdsservipc (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill.exe:*:Enabled:skill (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill_g.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill_g.exe:*:Enabled:skill_g (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\mkdefcfg.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\mkdefcfg.exe:*:Enabled:mkdefcfg (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\versiontool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\versiontool.exe:*:Enabled:versiontool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\javaws-1_2_0_02-windows-i586-i.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\javaws-1_2_0_02-windows-i586-i.exe:*:Enabled:javaws-1_2_0_02-windows-i586-i (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\java.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\java.exe:*:Enabled:java (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\javaw.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\javaw.exe:*:Enabled:javaw (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\jpicpl32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\jpicpl32.exe:*:Enabled:jpicpl32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\keytool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\keytool.exe:*:Enabled:keytool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\kinit.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\kinit.exe:*:Enabled:kinit (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\klist.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\klist.exe:*:Enabled:klist (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\ktab.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\ktab.exe:*:Enabled:ktab (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\orbd.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\orbd.exe:*:Enabledrbd (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\policytool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\policytool.exe:*:Enabledolicytool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmid.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmid.exe:*:Enabled:rmid (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmiregistry.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmiregistry.exe:*:Enabled:rmiregistry (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\servertool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\servertool.exe:*:Enabled:servertool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\tnameserv.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\tnameserv.exe:*:Enabled:tnameserv (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\fvupdateutil.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\fvupdateutil.exe:*:Enabled:fvupdateutil (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\gcdin.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\gcdin.exe:*:Enabled:gcdin (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\idfin.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\idfin.exe:*:Enabled:idfin (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\layout.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\layout.exe:*:Enabled:layout (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\libcat.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\libcat.exe:*:Enabled:libcat (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\lsession.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\lsession.exe:*:Enabled:lsession (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxascx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxascx.exe:*:Enabled:maxascx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxdxf.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxdxf.exe:*:Enabled:maxdxf (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxeco.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxeco.exe:*:Enabled:maxeco (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxfnetx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxfnetx.exe:*:Enabled:maxfnetx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxminx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxminx.exe:*:Enabled:maxminx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxorcad.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxorcad.exe:*:Enabled:maxorcad (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxp99x.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxp99x.exe:*:Enabled:maxp99x (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpadx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpadx.exe:*:Enabled:maxpadx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpcadx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpcadx.exe:*:Enabled:maxpcadx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxprotx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxprotx.exe:*:Enabled:maxprotx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxstrx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxstrx.exe:*:Enabled:maxstrx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxtangx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxtangx.exe:*:Enabled:maxtangx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\mfceco.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\mfceco.exe:*:Enabled:mfceco (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\padx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\padx.exe:*:Enabledadx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcadx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcadx.exe:*:Enabledcadx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcb2max.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcb2max.exe:*:Enabledcb2max (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\prcat.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\prcat.exe:*:Enabledrcat (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\protx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\protx.exe:*:Enabledrotx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\searchTool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\searchTool.exe:*:Enabled:searchTool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\setbrows.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\setbrows.exe:*:Enabled:setbrows (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\specin.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\specin.exe:*:Enabled:specin (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\strx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\strx.exe:*:Enabled:strx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tangx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tangx.exe:*:Enabled:tangx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tomax.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tomax.exe:*:Enabled:tomax (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tospec.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tospec.exe:*:Enabled:tospec (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\update90.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\update90.exe:*:Enabled:update90 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\batch32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\batch32.exe:*:Enabled:batch32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\sroute.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\sroute.exe:*:Enabled:sroute (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tutorial\\laytutor.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tutorial\\laytutor.exe:*:Enabled:laytutor (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pcb\\bin\\specctra.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pcb\\bin\\specctra.exe:*:Enabled:specctra (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\IndiceFileGeneration.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\IndiceFileGeneration.exe:*:Enabled:IndiceFileGeneration (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\Magneticdesigner.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\Magneticdesigner.exe:*:Enabled:Magneticdesigner (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\modeled.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\modeled.exe:*:Enabled:modeled (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\MrkSrvr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\MrkSrvr.exe:*:Enabled:MrkSrvr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspice.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspice.exe:*:Enabledspice (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceaa.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceaa.exe:*:Enabledspiceaa (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceexplorersrvr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\psp_cmd.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\psp_cmd.exe:*:Enabledsp_cmd (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\regsvr32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simmgr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simmgr.exe:*:Enabled:simmgr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simsrvr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simsrvr.exe:*:Enabled:simsrvr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\stmed.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\stmed.exe:*:Enabled:stmed (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.exe:*:Enabled:specctra (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\bin\\cdsdocIndexer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\merge.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\merge.exe:*:Enabled:merge (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\mkvdk.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\mkvdk.exe:*:Enabled:mkvdk (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\search.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\search.exe:*:Enabled:search (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\setup.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\setup.exe:*:Enabled:setup (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\v_uninst.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\v_uninst.exe:*:Enabled:v_uninst (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\callback.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\callback.exe:*:Enabled:callback (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\filter.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\filter.exe:*:Enabled:filter (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmlini.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmlini.exe:*:Enabled:htmlini (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmserv.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmserv.exe:*:Enabled:htmserv (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\index.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\index.exe:*:Enabled:index (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jstree.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jstree.exe:*:Enabled:jstree (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jvtree.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jvtree.exe:*:Enabled:jvtree (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\kvoop.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\kvoop.exe:*:Enabled:kvoop (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\regsvr32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\summary.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\summary.exe:*:Enabled:summary (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe:*:Enabled:amovie (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.com "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.com:*:Enabled:specctra (OrCAD 10.5 Demo) "
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe "= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword "
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe "= "C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe "= "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsdoc.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsdoc.exe:*:Enabled:cdsdoc (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsinfo.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsinfo.exe:*:Enabled:cdsinfo (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsmps.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsmps.exe:*:Enabled:cdsmps (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsMsgServer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsMsgServer.exe:*:Enabled:cdsMsgServer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsNameServer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsNameServer.exe:*:Enabled:cdsNameServer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRemshClient.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRemshClient.exe:*:Enabled:cdsRemshClient (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRunHidden.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRunHidden.exe:*:Enabled:cdsRunHidden (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsUnzip.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsUnzip.exe:*:Enabled:cdsUnzip (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdswhich.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdswhich.exe:*:Enabled:cdswhich (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsZip.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsZip.exe:*:Enabled:cdsZip (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cds_root.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cds_root.exe:*:Enabled:cds_root (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsAdminTool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsAdminTool.exe:*:Enabled:clsAdminTool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsbd.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsbd.exe:*:Enabled:clsbd (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clu.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clu.exe:*:Enabled:clu (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\dregprint.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\dregprint.exe:*:Enabled:dregprint (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\mpsinfo.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\mpsinfo.exe:*:Enabled:mpsinfo (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmp.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmp.exe:*:Enabled:nmp (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmppath.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmppath.exe:*:Enabled:nmppath (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\obServer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\van.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\van.exe:*:Enabled:van (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\versionviewer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\versionviewer.exe:*:Enabled:versionviewer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\capture.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\capture.exe:*:Enabled:capture (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\comp16.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\comp16.exe:*:Enabled:comp16 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pcadi.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pcadi.exe:*:Enabledcadi (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pspiceexplorersrvr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pstswp.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pstswp.exe:*:Enabledstswp (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\regsvr32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\sch2cap.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\sch2cap.exe:*:Enabled:sch2cap (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\SETBROWS.EXE "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\SETBROWS.EXE:*:Enabled:SETBROWS (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\tutorial\\CAPTUTOR.EXE "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\tutorial\\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\obServer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\cdsservipc.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\cdsservipc.exe:*:Enabled:cdsservipc (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill.exe:*:Enabled:skill (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill_g.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill_g.exe:*:Enabled:skill_g (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\mkdefcfg.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\mkdefcfg.exe:*:Enabled:mkdefcfg (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\versiontool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\versiontool.exe:*:Enabled:versiontool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\javaws-1_2_0_02-windows-i586-i.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\javaws-1_2_0_02-windows-i586-i.exe:*:Enabled:javaws-1_2_0_02-windows-i586-i (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\java.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\java.exe:*:Enabled:java (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\javaw.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\javaw.exe:*:Enabled:javaw (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\jpicpl32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\jpicpl32.exe:*:Enabled:jpicpl32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\keytool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\keytool.exe:*:Enabled:keytool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\kinit.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\kinit.exe:*:Enabled:kinit (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\klist.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\klist.exe:*:Enabled:klist (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\ktab.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\ktab.exe:*:Enabled:ktab (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\orbd.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\orbd.exe:*:Enabledrbd (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\policytool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\policytool.exe:*:Enabledolicytool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmid.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmid.exe:*:Enabled:rmid (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmiregistry.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmiregistry.exe:*:Enabled:rmiregistry (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\servertool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\servertool.exe:*:Enabled:servertool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\tnameserv.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\tnameserv.exe:*:Enabled:tnameserv (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\fvupdateutil.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\fvupdateutil.exe:*:Enabled:fvupdateutil (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\gcdin.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\gcdin.exe:*:Enabled:gcdin (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\idfin.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\idfin.exe:*:Enabled:idfin (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\layout.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\layout.exe:*:Enabled:layout (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\libcat.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\libcat.exe:*:Enabled:libcat (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\lsession.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\lsession.exe:*:Enabled:lsession (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxascx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxascx.exe:*:Enabled:maxascx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxdxf.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxdxf.exe:*:Enabled:maxdxf (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxeco.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxeco.exe:*:Enabled:maxeco (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxfnetx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxfnetx.exe:*:Enabled:maxfnetx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxminx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxminx.exe:*:Enabled:maxminx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxorcad.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxorcad.exe:*:Enabled:maxorcad (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxp99x.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxp99x.exe:*:Enabled:maxp99x (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpadx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpadx.exe:*:Enabled:maxpadx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpcadx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpcadx.exe:*:Enabled:maxpcadx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxprotx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxprotx.exe:*:Enabled:maxprotx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxstrx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxstrx.exe:*:Enabled:maxstrx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxtangx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxtangx.exe:*:Enabled:maxtangx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\mfceco.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\mfceco.exe:*:Enabled:mfceco (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\padx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\padx.exe:*:Enabledadx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcadx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcadx.exe:*:Enabledcadx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcb2max.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcb2max.exe:*:Enabledcb2max (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\prcat.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\prcat.exe:*:Enabledrcat (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\protx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\protx.exe:*:Enabledrotx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\searchTool.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\searchTool.exe:*:Enabled:searchTool (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\setbrows.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\setbrows.exe:*:Enabled:setbrows (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\specin.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\specin.exe:*:Enabled:specin (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\strx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\strx.exe:*:Enabled:strx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tangx.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tangx.exe:*:Enabled:tangx (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tomax.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tomax.exe:*:Enabled:tomax (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tospec.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tospec.exe:*:Enabled:tospec (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\update90.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\update90.exe:*:Enabled:update90 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\batch32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\batch32.exe:*:Enabled:batch32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\sroute.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\sroute.exe:*:Enabled:sroute (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tutorial\\laytutor.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tutorial\\laytutor.exe:*:Enabled:laytutor (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pcb\\bin\\specctra.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pcb\\bin\\specctra.exe:*:Enabled:specctra (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\IndiceFileGeneration.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\IndiceFileGeneration.exe:*:Enabled:IndiceFileGeneration (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\Magneticdesigner.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\Magneticdesigner.exe:*:Enabled:Magneticdesigner (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\modeled.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\modeled.exe:*:Enabled:modeled (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\MrkSrvr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\MrkSrvr.exe:*:Enabled:MrkSrvr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspice.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspice.exe:*:Enabledspice (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceaa.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceaa.exe:*:Enabledspiceaa (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceexplorersrvr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\psp_cmd.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\psp_cmd.exe:*:Enabledsp_cmd (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\regsvr32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simmgr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simmgr.exe:*:Enabled:simmgr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simsrvr.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simsrvr.exe:*:Enabled:simsrvr (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\stmed.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\stmed.exe:*:Enabled:stmed (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.exe:*:Enabled:specctra (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\bin\\cdsdocIndexer.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\bin\\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\merge.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\merge.exe:*:Enabled:merge (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\mkvdk.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\mkvdk.exe:*:Enabled:mkvdk (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\search.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\search.exe:*:Enabled:search (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\setup.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\setup.exe:*:Enabled:setup (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\v_uninst.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\v_uninst.exe:*:Enabled:v_uninst (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\callback.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\callback.exe:*:Enabled:callback (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\filter.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\filter.exe:*:Enabled:filter (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmlini.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmlini.exe:*:Enabled:htmlini (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmserv.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmserv.exe:*:Enabled:htmserv (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\index.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\index.exe:*:Enabled:index (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jstree.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jstree.exe:*:Enabled:jstree (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jvtree.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jvtree.exe:*:Enabled:jvtree (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\kvoop.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\kvoop.exe:*:Enabled:kvoop (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\regsvr32.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\summary.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\summary.exe:*:Enabled:summary (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe:*:Enabled:amovie (OrCAD 10.5 Demo) "
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.com "= "C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.com:*:Enabled:specctra (OrCAD 10.5 Demo) "

Remaining Files :

Files with Hidden Attributes :

Sat 17 Nov 2007 23,510,720 A.SHR --- "C:\dotnetfx.exe "
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe "
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe "
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "
Tue 23 Sep 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak "
Tue 23 Sep 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak "
Sun 9 Nov 2008 20,993 ...H. --- "C:\Documents and Settings\Ray\Local Settings\Temp\csrssc.exe "
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Ray\Application Data\U3\temp\Launchpad Removal.exe "

Finished!

Schlacko · 2008/11/10

That clip_image002 was just a little pic I made to show someone something from chemistry, not sure how it ended up where it did.
When I ran MoveIt, McAfee alerted me about it removing a bunch of things, like 'fake alert' somethings, it disappeared real fast. Then on reboot it removed 'generic.dx'

MoveIt log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\msiconf.exe not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\winstart.bat moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ws29393.dll
C:\WINDOWS\system32\ws29393.dll NOT unregistered.
C:\WINDOWS\system32\ws29393.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\mws29393.dll
C:\WINDOWS\system32\mws29393.dll NOT unregistered.
C:\WINDOWS\system32\mws29393.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\TDSSoiqh.dll
C:\WINDOWS\system32\TDSSoiqh.dll NOT unregistered.
C:\WINDOWS\system32\TDSSoiqh.dll moved successfully.
C:\qnurnd.exe moved successfully.
C:\WINDOWS\system32\jsne87fidgf.dll NOT unregistered.
C:\WINDOWS\system32\jsne87fidgf.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msiexec.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_wgRx6UIDaQWCBX5 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_HbxosRGod87srPj scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_uH6m70ncu0GhZcn scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_xC85me9QoBDLVFE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV5.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11102008_124243

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\mcafee_wgRx6UIDaQWCBX5 not found!
File C:\WINDOWS\temp\mcmsc_HbxosRGod87srPj not found!
File C:\WINDOWS\temp\mcmsc_uH6m70ncu0GhZcn not found!
File C:\WINDOWS\temp\mcmsc_xC85me9QoBDLVFE not found!
File C:\WINDOWS\temp\WFV5.tmp not found!

New RSit log

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ray at 2008-11-10 12:52:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 23 GB (10%) free of 235 GB
Total RAM: 1022 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:11 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Ray\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071108
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071108
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe "
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O17 - HKLM\System\CS2\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O17 - HKLM\System\CS3\Services\Tcpip\..\{238CA914-AC6E-4376-B3E9-C50F39EB9627}: NameServer = 192.168.1.1,207.69.188.185
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8389 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-09-17 8491008]
"dscactivate "=c:\dell\dsca.exe [2007-07-30 16384]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2007-09-17 81920]
"mcagent_exe "=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"LVCOMS "=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"REGSHAVE "=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2008-01-09 16859648]
"Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools Pro Agent "=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"Uniblue RegistryBooster 2009 "=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"Uniblue RegistryBooster 2 "=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2008-05-05 1923352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@RegRunOnSecure]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater]
WinUpdater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3MediaStudio]
C:\Program Files\Zortam Mp3 Media Studio\zmmspro.exe [2008-09-08 2834432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ray^Start Menu^Programs^Startup^ipoint.exe]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Documents and Settings\Ray\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe "= "C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Warcraft III\Warcraft III.exe "= "C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 "
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe "= "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update "
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe "= "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsdoc.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsdoc.exe:*:Enabled:cdsdoc (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsinfo.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsinfo.exe:*:Enabled:cdsinfo (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsmps.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsmps.exe:*:Enabled:cdsmps (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsMsgServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsMsgServer.exe:*:Enabled:cdsMsgServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsNameServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsNameServer.exe:*:Enabled:cdsNameServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRemshClient.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRemshClient.exe:*:Enabled:cdsRemshClient (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRunHidden.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRunHidden.exe:*:Enabled:cdsRunHidden (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsUnzip.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsUnzip.exe:*:Enabled:cdsUnzip (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdswhich.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdswhich.exe:*:Enabled:cdswhich (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsZip.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsZip.exe:*:Enabled:cdsZip (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cds_root.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cds_root.exe:*:Enabled:cds_root (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsAdminTool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsAdminTool.exe:*:Enabled:clsAdminTool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsbd.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsbd.exe:*:Enabled:clsbd (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clu.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clu.exe:*:Enabled:clu (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\dregprint.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\dregprint.exe:*:Enabled:dregprint (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\mpsinfo.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\mpsinfo.exe:*:Enabled:mpsinfo (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmp.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmp.exe:*:Enabled:nmp (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmppath.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmppath.exe:*:Enabled:nmppath (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\van.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\van.exe:*:Enabled:van (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\versionviewer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\versionviewer.exe:*:Enabled:versionviewer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\capture.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\capture.exe:*:Enabled:capture (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\comp16.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\comp16.exe:*:Enabled:comp16 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pcadi.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pcadi.exe:*:Enabledcadi (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pspiceexplorersrvr.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pstswp.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pstswp.exe:*:Enabledstswp (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\regsvr32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\sch2cap.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\sch2cap.exe:*:Enabled:sch2cap (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\SETBROWS.EXE "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\SETBROWS.EXE:*:Enabled:SETBROWS (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\tutorial\CAPTUTOR.EXE "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\tutorial\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\cdsservipc.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\cdsservipc.exe:*:Enabled:cdsservipc (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill.exe:*:Enabled:skill (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill_g.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill_g.exe:*:Enabled:skill_g (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\mkdefcfg.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\mkdefcfg.exe:*:Enabled:mkdefcfg (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\versiontool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\versiontool.exe:*:Enabled:versiontool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\javaws-1_2_0_02-windows-i586-i.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\javaws-1_2_0_02-windows-i586-i.exe:*:Enabled:javaws-1_2_0_02-windows-i586-i (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\java.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\java.exe:*:Enabled:java (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\javaw.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\javaw.exe:*:Enabled:javaw (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\jpicpl32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\jpicpl32.exe:*:Enabled:jpicpl32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\keytool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\keytool.exe:*:Enabled:keytool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\kinit.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\kinit.exe:*:Enabled:kinit (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\klist.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\klist.exe:*:Enabled:klist (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\ktab.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\ktab.exe:*:Enabled:ktab (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\orbd.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\orbd.exe:*:Enabledrbd (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\policytool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\policytool.exe:*:Enabledolicytool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmid.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmid.exe:*:Enabled:rmid (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmiregistry.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmiregistry.exe:*:Enabled:rmiregistry (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\servertool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\servertool.exe:*:Enabled:servertool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\tnameserv.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\tnameserv.exe:*:Enabled:tnameserv (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\fvupdateutil.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\fvupdateutil.exe:*:Enabled:fvupdateutil (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\gcdin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\gcdin.exe:*:Enabled:gcdin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\idfin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\idfin.exe:*:Enabled:idfin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\layout.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\layout.exe:*:Enabled:layout (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\libcat.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\libcat.exe:*:Enabled:libcat (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\lsession.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\lsession.exe:*:Enabled:lsession (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxascx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxascx.exe:*:Enabled:maxascx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxdxf.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxdxf.exe:*:Enabled:maxdxf (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxeco.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxeco.exe:*:Enabled:maxeco (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxfnetx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxfnetx.exe:*:Enabled:maxfnetx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxminx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxminx.exe:*:Enabled:maxminx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxorcad.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxorcad.exe:*:Enabled:maxorcad (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxp99x.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxp99x.exe:*:Enabled:maxp99x (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpadx.exe:*:Enabled:maxpadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpcadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpcadx.exe:*:Enabled:maxpcadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxprotx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxprotx.exe:*:Enabled:maxprotx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxstrx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxstrx.exe:*:Enabled:maxstrx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxtangx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxtangx.exe:*:Enabled:maxtangx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\mfceco.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\mfceco.exe:*:Enabled:mfceco (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\padx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\padx.exe:*:Enabledadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcadx.exe:*:Enabledcadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcb2max.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcb2max.exe:*:Enabledcb2max (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\prcat.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\prcat.exe:*:Enabledrcat (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\protx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\protx.exe:*:Enabledrotx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\searchTool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\searchTool.exe:*:Enabled:searchTool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\setbrows.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\setbrows.exe:*:Enabled:setbrows (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\specin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\specin.exe:*:Enabled:specin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\strx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\strx.exe:*:Enabled:strx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tangx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tangx.exe:*:Enabled:tangx (OrCAD 10.5 Demo) "

Schlacko · 2008/11/10

rest of new RSit log

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe "= "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsdoc.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsdoc.exe:*:Enabled:cdsdoc (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsinfo.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsinfo.exe:*:Enabled:cdsinfo (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsmps.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsmps.exe:*:Enabled:cdsmps (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsMsgServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsMsgServer.exe:*:Enabled:cdsMsgServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsNameServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsNameServer.exe:*:Enabled:cdsNameServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRemshClient.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRemshClient.exe:*:Enabled:cdsRemshClient (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRunHidden.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsRunHidden.exe:*:Enabled:cdsRunHidden (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsUnzip.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsUnzip.exe:*:Enabled:cdsUnzip (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdswhich.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdswhich.exe:*:Enabled:cdswhich (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsZip.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsZip.exe:*:Enabled:cdsZip (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cds_root.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cds_root.exe:*:Enabled:cds_root (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsAdminTool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsAdminTool.exe:*:Enabled:clsAdminTool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsbd.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clsbd.exe:*:Enabled:clsbd (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clu.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\clu.exe:*:Enabled:clu (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\dregprint.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\dregprint.exe:*:Enabled:dregprint (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\mpsinfo.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\mpsinfo.exe:*:Enabled:mpsinfo (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmp.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmp.exe:*:Enabled:nmp (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmppath.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\nmppath.exe:*:Enabled:nmppath (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\van.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\van.exe:*:Enabled:van (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\bin\versionviewer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\bin\versionviewer.exe:*:Enabled:versionviewer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\capture.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\capture.exe:*:Enabled:capture (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\comp16.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\comp16.exe:*:Enabled:comp16 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pcadi.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pcadi.exe:*:Enabledcadi (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pspiceexplorersrvr.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pspiceexplorersrvr.exe:*:Enabledspiceexplorersrvr (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pstswp.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\pstswp.exe:*:Enabledstswp (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\regsvr32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\regsvr32.exe:*:Enabled:regsvr32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\sch2cap.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\sch2cap.exe:*:Enabled:sch2cap (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\SETBROWS.EXE "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\SETBROWS.EXE:*:Enabled:SETBROWS (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\capture\tutorial\CAPTUTOR.EXE "= "C:\OrCAD\OrCAD_10.5_Demo\tools\capture\tutorial\CAPTUTOR.EXE:*:Enabled:CAPTUTOR (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\cdsdocIndexer.exe:*:Enabled:cdsdocIndexer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\obServer.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\cdsdoc\bin\obServer.exe:*:EnabledbServer (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\cdsservipc.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\cdsservipc.exe:*:Enabled:cdsservipc (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill.exe:*:Enabled:skill (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill_g.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\dfII\bin\skill_g.exe:*:Enabled:skill_g (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\mkdefcfg.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\mkdefcfg.exe:*:Enabled:mkdefcfg (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\versiontool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\fet\bin\versiontool.exe:*:Enabled:versiontool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\javaws-1_2_0_02-windows-i586-i.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\javaws-1_2_0_02-windows-i586-i.exe:*:Enabled:javaws-1_2_0_02-windows-i586-i (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\java.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\java.exe:*:Enabled:java (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\javaw.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\javaw.exe:*:Enabled:javaw (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\jpicpl32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\jpicpl32.exe:*:Enabled:jpicpl32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\keytool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\keytool.exe:*:Enabled:keytool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\kinit.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\kinit.exe:*:Enabled:kinit (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\klist.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\klist.exe:*:Enabled:klist (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\ktab.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\ktab.exe:*:Enabled:ktab (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\orbd.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\orbd.exe:*:Enabledrbd (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\policytool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\policytool.exe:*:Enabledolicytool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmid.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmid.exe:*:Enabled:rmid (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmiregistry.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\rmiregistry.exe:*:Enabled:rmiregistry (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\servertool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\servertool.exe:*:Enabled:servertool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\tnameserv.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\jre\bin\tnameserv.exe:*:Enabled:tnameserv (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\fvupdateutil.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\fvupdateutil.exe:*:Enabled:fvupdateutil (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\gcdin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\gcdin.exe:*:Enabled:gcdin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\idfin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\idfin.exe:*:Enabled:idfin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\layout.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\layout.exe:*:Enabled:layout (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\libcat.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\libcat.exe:*:Enabled:libcat (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\lsession.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\lsession.exe:*:Enabled:lsession (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxascx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxascx.exe:*:Enabled:maxascx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxdxf.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxdxf.exe:*:Enabled:maxdxf (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxeco.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxeco.exe:*:Enabled:maxeco (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxfnetx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxfnetx.exe:*:Enabled:maxfnetx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxminx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxminx.exe:*:Enabled:maxminx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxorcad.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxorcad.exe:*:Enabled:maxorcad (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxp99x.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxp99x.exe:*:Enabled:maxp99x (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpadx.exe:*:Enabled:maxpadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpcadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxpcadx.exe:*:Enabled:maxpcadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxprotx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxprotx.exe:*:Enabled:maxprotx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxstrx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxstrx.exe:*:Enabled:maxstrx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxtangx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\maxtangx.exe:*:Enabled:maxtangx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\mfceco.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\mfceco.exe:*:Enabled:mfceco (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\padx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\padx.exe:*:Enabledadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcadx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcadx.exe:*:Enabledcadx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcb2max.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\pcb2max.exe:*:Enabledcb2max (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\prcat.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\prcat.exe:*:Enabledrcat (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\protx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\protx.exe:*:Enabledrotx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\searchTool.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\searchTool.exe:*:Enabled:searchTool (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\setbrows.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\setbrows.exe:*:Enabled:setbrows (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\specin.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\specin.exe:*:Enabled:specin (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\strx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\strx.exe:*:Enabled:strx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tangx.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tangx.exe:*:Enabled:tangx (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tomax.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tomax.exe:*:Enabled:tomax (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tospec.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tospec.exe:*:Enabled:tospec (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\update90.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\update90.exe:*:Enabled:update90 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\sroute\batch32.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\sroute\batch32.exe:*:Enabled:batch32 (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\sroute\sroute.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\sroute\sroute.exe:*:Enabled:sroute (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tutorial\laytutor.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\layout\tutorial\laytutor.exe:*:Enabled:laytutor (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pcb\bin\specctra.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pcb\bin\specctra.exe:*:Enabled:specctra (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\IndiceFileGeneration.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\IndiceFileGeneration.exe:*:Enabled:IndiceFileGeneration (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\Magneticdesigner.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\Magneticdesigner.exe:*:Enabled:Magneticdesigner (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\modeled.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\modeled.exe:*:Enabled:modeled (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\MrkSrvr.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\MrkSrvr.exe:*:Enabled:MrkSrvr (OrCAD 10.5 Demo) "
"C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\pspice.exe "= "C:\OrCAD\OrCAD_10.5_Demo\tools\pspice\pspice.exe:*:Enabledspice (OrCAD 10.5 Demo) "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{527ecff9-90a9-11dc-8500-001aa09c7908}]
shell\AutoRun\command - G:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2008-11-10 12:43:05 ----A---- C:\WINDOWS\system32\tdssl.dll
2008-11-10 12:42:43 ----D---- C:\_OTMoveIt
2008-11-09 22:01:16 ----D---- C:\WINDOWS\ERDNT
2008-11-09 22:00:52 ----D---- C:\Program Files\ERUNT
2008-11-09 17:50:17 ----D---- C:\rsit
2008-11-09 17:27:16 ----D---- C:\Documents and Settings\Ray\Application Data\Malwarebytes
2008-11-09 17:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-09 17:27:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-09 11:17:41 ----D---- C:\WINDOWS\ERUNT
2008-11-09 11:16:53 ----D---- C:\SDFix
2008-11-08 11:27:02 ----D---- C:\Program Files\Greatis
2008-11-08 10:52:21 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-11-08 00:34:06 ----D---- C:\Program Files\MSVideoPlugin
2008-11-07 23:25:47 ----D---- C:\Program Files\Exterminate It!
2008-11-07 22:13:20 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-11-07 21:14:05 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-11-07 21:12:44 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-07 21:12:39 ----D---- C:\Program Files\MSBuild
2008-11-07 21:12:29 ----D---- C:\Program Files\Reference Assemblies
2008-11-07 21:08:27 ----D---- C:\Documents and Settings\Ray\Application Data\WinBatch
2008-11-07 21:08:05 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-11-07 21:07:22 ----D---- C:\Program Files\Realtek
2008-11-07 21:07:20 ----A---- C:\WINDOWS\RtlExUpd.dll
2008-11-07 21:07:20 ----A---- C:\WINDOWS\HideWin.exe
2008-11-07 20:57:15 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2008-11-07 20:57:15 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2008-11-07 20:57:15 ----N---- C:\WINDOWS\system32\prntvpt.dll
2008-11-07 20:57:14 ----D---- C:\2751ec6fae986f5f6d894f9f7375a6ae
2008-11-07 20:56:41 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-07 20:48:03 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2008-11-07 20:47:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-07 20:45:53 ----D---- C:\5fed41e3604af86fcd346bd3e7e5605c
2008-11-07 20:45:47 ----RHD---- C:\AHCache
2008-11-07 20:45:39 ----D---- C:\eb06fbdb3574a816b6407323
2008-11-07 18:49:42 ----D---- C:\Program Files\Panda Security
2008-11-07 15:50:10 ----D---- C:\Program Files\Uniblue
2008-11-07 15:43:32 ----D---- C:\Documents and Settings\Ray\Application Data\Uniblue
2008-11-05 11:27:36 ----D---- C:\Documents and Settings\Ray\Application Data\Red Alert 3
2008-11-05 11:04:41 ----D---- C:\Program Files\Electronic Arts
2008-11-03 15:21:40 ----D---- C:\Documents and Settings\Ray\Application Data\PRODEGETOOLBAR641
2008-10-30 21:53:20 ----D---- C:\Program Files\Firaxis Games
2008-10-27 00:08:44 ----D---- C:\Capitalism II
2008-10-25 23:49:00 ----D---- C:\Documents and Settings\Ray\Application Data\My Games
2008-10-25 22:55:42 ----D---- C:\Program Files\gBurner
2008-10-25 19:23:35 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-10-25 19:23:35 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-25 19:23:35 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-10-25 19:23:34 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-10-25 19:23:34 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-10-25 19:23:34 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-25 19:23:33 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-25 19:23:33 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-25 19:23:33 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-25 19:23:32 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-25 19:23:32 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-25 19:23:32 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-25 19:23:31 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-25 19:23:31 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-25 19:23:31 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-25 19:23:29 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-25 19:23:28 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-25 19:23:28 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-25 19:23:27 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-25 19:22:41 ----D---- C:\WINDOWS\Logs
2008-10-25 19:20:36 ----D---- C:\WINDOWS\system32\AGEIA
2008-10-25 19:20:33 ----D---- C:\Program Files\AGEIA Technologies
2008-10-24 13:39:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 12:40:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-23 21:10:18 ----D---- C:\Program Files\Common Files\DirectX
2008-10-23 09:49:45 ----D---- C:\Program Files\Codemasters
2008-10-15 16:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 16:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 16:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 16:48:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 16:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 1 months======

2008-11-10 12:52:03 ----D---- C:\WINDOWS\Temp
2008-11-10 12:51:10 ----D---- C:\WINDOWS\Prefetch
2008-11-10 12:44:38 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-11-10 12:44:28 ----D---- C:\WINDOWS
2008-11-10 12:43:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-10 12:43:07 ----D---- C:\WINDOWS\system32
2008-11-10 12:42:43 ----SD---- C:\WINDOWS\Tasks
2008-11-10 12:31:02 ----D---- C:\Program Files\Mozilla Firefox
2008-11-10 12:22:55 ----D---- C:\Documents and Settings\Ray\Application Data\uTorrent
2008-11-10 01:18:39 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-10 00:59:25 ----D---- C:\Program Files\mIRC
2008-11-09 22:27:19 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-11-09 22:27:13 ----HD---- C:\WINDOWS\inf
2008-11-09 22:27:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-09 22:27:11 ----D---- C:\WINDOWS\system32\drivers
2008-11-09 22:26:25 ----SHD---- C:\WINDOWS\Installer
2008-11-09 22:15:59 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-09 22:00:52 ----D---- C:\Program Files
2008-11-09 20:20:40 ----SHD---- C:\WINDOWS\system32\dllcache
2008-11-09 20:20:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-08 20:47:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-08 20:47:17 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-11-08 18:41:29 ----RSH---- C:\boot.ini
2008-11-08 18:41:29 ----A---- C:\WINDOWS\win.ini
2008-11-08 18:41:29 ----A---- C:\WINDOWS\system.ini
2008-11-08 00:45:30 ----D---- C:\School
2008-11-07 21:28:55 ----RSD---- C:\WINDOWS\assembly
2008-11-07 21:26:20 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-07 21:17:16 ----D---- C:\i386
2008-11-07 21:13:42 ----D---- C:\WINDOWS\WinSxS
2008-11-07 21:13:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-07 21:12:37 ----D---- C:\WINDOWS\system32\en-US
2008-11-07 21:12:35 ----RSD---- C:\WINDOWS\Fonts
2008-11-07 21:08:05 ----D---- C:\WINDOWS\system32\RTCOM
2008-11-07 21:07:22 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-07 21:04:37 ----D---- C:\Program Files\Intel
2008-11-07 20:57:42 ----D---- C:\WINDOWS\system32\spool
2008-11-07 20:53:06 ----D---- C:\Program Files\Internet Explorer
2008-11-07 20:48:13 ----D---- C:\WINDOWS\system32\config
2008-11-07 18:49:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-07 16:42:46 ----SHD---- C:\RECYCLER
2008-11-06 23:35:19 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-05 11:04:41 ----D---- C:\WINDOWS\system32\DirectX
2008-10-25 19:23:16 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-25 19:20:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 14:03:37 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-24 13:38:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 12:42:07 ----D---- C:\Documents and Settings\Ray\Application Data\Google
2008-10-24 12:41:23 ----D---- C:\Program Files\Google
2008-10-23 21:10:18 ----D---- C:\Program Files\Common Files
2008-10-23 10:29:50 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-10-22 00:33:27 ----D---- C:\temp
2008-10-21 21:52:11 ----D---- C:\Audio1
2008-10-21 20:37:10 ----D---- C:\Audio
2008-10-15 16:49:44 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 01:28:09 ----SD---- C:\Documents and Settings\Ray\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-11-07 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2002-06-21 8224]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-02-06 242320]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-15 4652544]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-09-17 6853088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
S3 adqlvfxy;adqlvfxy; C:\WINDOWS\system32\drivers\adqlvfxy.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Ray\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 10254]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 o1394bul;o1394bul; \??\C:\DOCUME~1\Ray\LOCALS~1\Temp\o1394bul.sys []
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V); C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 220079]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys []
S3 RegGuard;RegGuard; \??\C:\WINDOWS\system32\Drivers\regguard.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\drivers\wanatw.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-02 198336]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 168432]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-06-21 792184]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-09-17 155716]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-06-20 605512]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-10 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Aaflac · 2008/11/10

Please provide the status on:
-The mouse
-The keyboard
-Wallpaper not showing up
-Can't go to Regedit

Schlacko · 2008/11/11

Mouse is acting like its been acting; randomly stops working, sometimes just for a couple seconds, sometimes I have to unplug it an plug it back in. I've tried switching back and forth from having its uptodate software and not having it, neither fixes the problem.

Keyboard is all good, wallpaper is all good, regedit has been functional since I did the HJT fixes.

Remaining problems are mouse and inconsistent internet, which might not be symptoms from malware/virii, I don't know, the mouse is probably just kinda old, but the internet is definitely suspicious. you're the man btw, thanks so much for all your help and effort.

Aaflac · 2008/11/11

Is your mouse an Intellimouse series?

Please do the following:

Go to Start > Run, type in msconfig
In msconfig go to the Boot.ini tab
Check: /Bootlog
Press: Apply and then: OK
Restart the computer

Now, search for and delete C:\Windows\ntbtlog.txt
Restart the computer once again
Begin tapping the F8 key on startup to enable the Advanced Start Menu
Select: Enable Boot Logging from the list

Once you are logged on, navigate to and open C:\Windows\ntbtlog.txt

1. --> Please post the contents of C:\Windows\ntbtlog.txt

~~~~
Now, download GMER
Save it to the Desktop.

Right click on gmer.zip and select Extract All....
Follow the prompts.

Double click on gmer.exe to run it. (Note: Do not run any programs while GMER is running.)
Select the Rootkit tab
On the right hand side, check all the items to be scanned, but uncheck Show All
Select all drives to scan
Click on the Scan button.

2. --> Please save the GMER scan log and post it in your reply.

Close: GMER

Schlacko · 2008/11/12

Another thing I meant to mention, and it looks like it didn't keep me from doing what you said, like I thought it would...when I go into MSConfig and change something, mostly startup stuff is what I would configure, any time I try to apply a change it says 'An Access denied error was returned while attempting to change a service. You may need to log on using an administrator account to make the specified changes." It said this when I applied the /bootlog thing.
Yes my mouse is an intellimouse explorer 3.0. Herees the ntbtlog.txt

Loaded driver \SystemRoot\system32\drivers\mfesmfk.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Service Pack 311 12 2008 22:51:48.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sys
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver PartMgr.sys
Loaded driver pavboot.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver iaStor.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltmgr.sys
Loaded driver sr.sys
Loaded driver DRVMCDB.SYS
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys
Loaded driver \SystemRoot\system32\DRIVERS\e1e5132.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_DP.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\DLACDBHM.SYS
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\aqeiufqm.SYS
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys
Loaded driver \SystemRoot\system32\drivers\RtkHDAud.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\Drivers\DLARTL_M.SYS
Did not load driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipfltdrv.sys
Loaded driver \SystemRoot\System32\Drivers\Mpfp.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\system32\DRIVERS\serial.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\System32\Drivers\SCDEmu.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\mfehidk.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\System32\Drivers\DRVNDDM.SYS
Loaded driver \SystemRoot\System32\DLA\DLADResM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAIFS_M.SYS
Loaded driver \SystemRoot\System32\DLA\DLAOPIOM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAPoolM.SYS
Loaded driver \SystemRoot\System32\DLA\DLABMFSM.SYS
Loaded driver \SystemRoot\System32\DLA\DLABOIOM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAUDFAM.SYS
Loaded driver \SystemRoot\System32\DLA\DLAUDF_M.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\ASCTRM.SYS
Loaded driver \SystemRoot\System32\Drivers\Aspi32.SYS
Loaded driver \SystemRoot\system32\DRIVERS\dsunidrv.sys
Loaded driver \SystemRoot\System32\Drivers\MASPINT.SYS
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Did not load driver \??\C:\Nexon\MapleStory\npkcrypt.sys
Did not load driver \??\C:\WINDOWS\system32\drivers\PfModNT.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\drivers\mfebopk.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \SystemRoot\system32\drivers\mfeavfk.sys

Schlacko · 2008/11/12

gmer.log
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-12 23:22:42
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF73680D0]
SSDT sptd.sys ZwEnumerateKey [0xF736DFB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF736E340]
SSDT sptd.sys ZwOpenKey [0xF73680B0]
SSDT sptd.sys ZwQueryKey [0xF736E418]
SSDT sptd.sys ZwQueryValueKey [0xF736E298]
SSDT sptd.sys ZwSetValueKey [0xF736E4AA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF224C9CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF224C978]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF224C98C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF224CA7B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF224CAA7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF224CA0A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF224CB41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF224C950]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF224C964]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF224C9DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF224CAE9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF224CA91]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF224CB69]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF224CB55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF224C9B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF224C9A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF224CA39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF224CB2B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF224CA20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF224C9F4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F60CD8AC 5 Bytes JMP 86F991C8
? System32\Drivers\aqeiufqm.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[364] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00050F86
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00050F97
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00050FB2
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0005006F
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00050FCD
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000500B3
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00050F6B
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00050F3F
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00050F5A
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00050F24
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0005005E
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00050096
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0005002F
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[880] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000500CE
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00040047
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00040F9B
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00040036
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00040025
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00040FB6
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00040FD1
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 24, 88 ]
.text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00040058
.text C:\WINDOWS\system32\services.exe[880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F6000A
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F600A7
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F60FA8
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F60FB9
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F60FCA
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60051
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F60F7C
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F600C4
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F60F2B
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F60F46
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F60F1A
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F60062
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F60F8D
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F60036
.text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F60F57
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E40FB9
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E40F79
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E40036
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00E40F94
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 04, 89 ]
.text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E40025
.text C:\WINDOWS\system32\lsass.exe[892] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F7000A
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F55
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F7004A
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F7C
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70F8D
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70039
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F3A
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70076
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70F04
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F7009D
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00F70EF3
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00F70FB2
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00F7005B
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00F70FC3
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00F70FDE
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00F70F1F
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00F60F7C
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00F60FB9
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00F60039
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00F60F8D
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 16, 89 ]
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00F60F9E
.text C:\WINDOWS\system32\svchost.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0051
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0F5C
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0F77
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0F94
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0093
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD006C
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F15
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD00AE
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CD0F04
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CD0FB9
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CD001B
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CD0F41
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CD002C
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CD0F30
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CC0FB2
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CC0025
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00CC0065
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CC0040
.text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F8B
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B80080
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80065
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80FA8
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80FC3
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F70
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B800B6
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B800E4
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B800D3
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B80F30
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B8004A
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B8009B
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B80039
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B80FDE
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B80F55
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B70FB6
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B70058
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B70FD1
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B70011
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B70047
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00B70036
.text C:\WINDOWS\system32\svchost.exe[1244] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B70FA5
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0298000A
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02980F6A
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02980F7B
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02980F96
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0298005F
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0298003D
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0298008B
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0298007A
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02980F1E
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029800B7
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 029800D2
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0298004E
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0298001B
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02980F4F
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02980FD1
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0298002C
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0298009C
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02970040
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0297005B
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0297002F
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02970FEF
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02970F9E
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02970000
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02970FAF
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ B7, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02970FD4
.text C:\WINDOWS\System32\svchost.exe[1260] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0294000A
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 03150000
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 03150FDB
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 03150FCA
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 03150FB9
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790FEF
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0079009F
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0079008E
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0079007D
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790062
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790040
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00790F99
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007900D5
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00790F74
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0079010D
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00790F63
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00790051
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 007900C4
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00790025
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00790FD4
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007900FC
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00780FAF
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00780051
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00780FDE
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0078002C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00780F94
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D3009D
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D30FA8
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D30FC3
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D30076
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D3004A
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D30F55
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D30F72
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D30F30
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D300C9
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D300E4
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D30065
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D3000A
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D30F83
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D30FDE
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D30025
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D300B8
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D20FB9
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D20F7C
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D20FD4
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D2000A
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D20F8D
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D20FEF
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D20F9E
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F2, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D2002F
.text C:\WINDOWS\system32\svchost.exe[1420] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E70000
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E70FDE
.text C:\WINDOWS\system32\svchost.exe[1420] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00E70FC3
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D50F5C
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D50F6D
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D50047
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D50036
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D50FAF
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D50076
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D50F30
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D500AC
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D5009B
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D50EF8
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D50F9E
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D50FD4
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D50F41
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D5001B
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D50000
.text C:\WINDOWS\Explorer.EXE[1684] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D50F13
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C30051
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C30098
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C30036
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C3001B
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C30FDB
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C30000
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C3007D
.text C:\WINDOWS\Explorer.EXE[1684] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C30062
.text C:\WINDOWS\Explorer.EXE[1684] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\Explorer.EXE[1684] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\Explorer.EXE[1684] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00C40014
.text C:\WINDOWS\Explorer.EXE[1684] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00C4002F
.text C:\WINDOWS\Explorer.EXE[1684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013E0FEF
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 013E0089
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 013E0078
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 013E005B
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 013E004A
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 013E0028
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 013E0F48
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 013E009A
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013E00C6
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 013E0F2D
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 013E0F1C
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 013E0039
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 013E0FDE
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 013E0F79
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 013E0FBC
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 013E0FCD
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 013E00AB
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 013D0FB9
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 013D0F79
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 013D0014
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 013D0FDE
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 013D0F94
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 013D0FEF
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 013D0036
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 013D0025
.text C:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 013B0000

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7368AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7368C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7368B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7369748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F736961E] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 871D11E8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 86F8C1E8
Device \Driver\usbuhci \Device\USBPDO-1 86F8C1E8
Device \Driver\usbuhci \Device\USBPDO-2 86F8C1E8
Device \Driver\usbehci \Device\USBPDO-3 86F583F0
Device \Driver\usbehci \Device\USBPDO-4 86F583F0

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 86F8C1E8
Device \Driver\usbuhci \Device\USBPDO-6 86F8C1E8
Device \Driver\usbuhci \Device\USBPDO-7 86F8C1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 871D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 871D31E8
Device \Driver\Cdrom \Device\CdRom0 86EED1E8
Device \Driver\Cdrom \Device\CdRom1 86EED1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 871D31E8
Device \Driver\Cdrom \Device\CdRom2 86EED1E8
Device \Driver\PCI_NTPNP8582 \Device\0000004f sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 86F8C1E8
Device \Driver\usbuhci \Device\USBFDO-1 86F8C1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86940790
Device \Driver\usbuhci \Device\USBFDO-2 86F8C1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86940790
Device \Driver\usbehci \Device\USBFDO-3 86F583F0
Device \Driver\usbuhci \Device\USBFDO-4 86F8C1E8
Device \Driver\Ftdisk \Device\FtControl 871D31E8
Device \Driver\usbuhci \Device\USBFDO-5 86F8C1E8
Device \Driver\usbuhci \Device\USBFDO-6 86F8C1E8
Device \Driver\usbehci \Device\USBFDO-7 86F583F0
Device \Driver\aqeiufqm \Device\Scsi\aqeiufqm1Port4Path0Target0Lun0 86EE21E8
Device \Driver\aqeiufqm \Device\Scsi\aqeiufqm1 86EE21E8
Device \Driver\aqeiufqm \Device\Scsi\aqeiufqm1Port4Path0Target1Lun0 86EE21E8
Device \FileSystem\Fastfat \Fat 869322A8
Device \FileSystem\Fastfat \Fat B8C2D297

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs 86E3C790
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

continued on next post

Schlacko · 2008/11/12

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0x4C 0xD1 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0x05 0xA0 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x47 0x58 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB8 0x75 0x99 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0x4C 0xD1 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0x05 0xA0 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0x47 0x58 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB8 0x75 0x99 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x17 0x4C 0xD1 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA7 0x9C 0x62 0x21 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA3 0x92 0x94 0xEF ...

---- EOF - GMER 1.0.14 ----

Aaflac · 2008/11/14

My apology for the delay...

McAfee’s Total Protection may be responsible for the MSConfig issue.
Try temporarily disabling McAfee, and see if it works.

Let’s see if Kaspersky picks up any infected files. There is no option to clean/disinfect, however, we can analyze the information on the report and determine whether further action is needed.

Please close all windows, and temporarily turn off the real time scanner of your antivirus program.
Then, use Internet Explorer, and do an online scan with Kaspersky WebScanner
Click: Scan Now
Then click: Accept
The program launches and downloads the latest definition files.

Once the files are downloaded, click on: Next

Under select a target to scan, select: My Computer

When the scan is done, any infection is displayed.

Click on: View scan report

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save

~~~~
Please provide the contents of the Kaspersky Online Scanner report in your reply.

Schlacko · 2008/11/16

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 16, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 15, 2008 22:50:37
Records in database: 1386277
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 210012
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 11:18:10

File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\_OTMoveIt\MovedFiles\11102008_124243\WINDOWS\system32\mws29393.dll Infected: Trojan.Win32.BHO.hxp 1
C:\_OTMoveIt\MovedFiles\11102008_124243\WINDOWS\system32\ws29393.dll Infected: Trojan.Win32.BHO.hxp 1

The selected area was scanned.

Aaflac · 2008/11/17

GMER did not point to any Rootkit infection.

Have you tried using a different mouse?

Did youu temporarily disable McAfee and try to make MSConfig changes?

Are you still having Internet problems (inconsistent internet)?

Log in or Sign up

Inactive Keyboard/mouse/wallpaper probs

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Aaflac Inactive

Aaflac Inactive

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Aaflac Inactive

Share This Page

Log in or Sign up

Inactive Keyboard/mouse/wallpaper probs

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Aaflac Inactive

Aaflac Inactive

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Schlacko Inactive Thread Starter

Aaflac Inactive

Schlacko Inactive Thread Starter

Aaflac Inactive

Share This Page

Useful Searches