Solved Log files for review

Xd23bgt · 2011/05/04

[Resolved] Log files for review

I have a PC running Vista SP2 with an Intel Core 2 Duo processor, 4 GB RAM, ATI HD2600, and 2 400GB hard drives set up as a RAID 1 (mirror), partitioned into C & D drives. From time to time, SpySweeper pops up to tell me it has blocked access to a certain website, even though I have no web browsers open. Iâ€™d like some help to make sure my PC is not infected.

Based on your posting rules, I ran all the diagnostics you requested. Here are my results:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6502

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

5/3/2011 10:56:05 PM
mbam-log-2011-05-03 (22-56-05).txt

Scan type: Quick scan
Objects scanned: 150919
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-05-04 12:38:28
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Scsi\fttxr52P1Port6Path0Target0Lun0 Promise_ rev.1.10
Running: 083pbffz.exe; Driver: C:\Users\GOLIATH\AppData\Local\Temp\uxddypob.sys

---- System - GMER 1.0.15 ----

SSDT BD88B120 ZwAlertResumeThread
SSDT BE0A1348 ZwAlertThread
SSDT BE35D840 ZwAllocateVirtualMemory
SSDT BC953618 ZwAlpcConnectPort
SSDT BD994120 ZwAssignProcessToJobObject
SSDT BE38D880 ZwCreateMutant
SSDT BA4F2FA8 ZwCreateProcess
SSDT BA4F2DA0 ZwCreateProcessEx
SSDT BE392658 ZwCreateSymbolicLinkObject
SSDT BE35C350 ZwCreateThread
SSDT BD992068 ZwDebugActiveProcess
SSDT BE35DA58 ZwDuplicateObject
SSDT BE35D1E0 ZwFreeVirtualMemory
SSDT BD890120 ZwImpersonateAnonymousToken
SSDT BD928110 ZwImpersonateThread
SSDT BD8B6230 ZwLoadDriver
SSDT BE35D0C0 ZwMapViewOfSection
SSDT BD893110 ZwOpenEvent
SSDT BE35E008 ZwOpenProcess
SSDT BD905110 ZwOpenProcessToken
SSDT BDA75068 ZwOpenSection
SSDT BE35DB68 ZwOpenThread
SSDT BE3914B8 ZwProtectVirtualMemory
SSDT BA4F2968 ZwQueueApcThread
SSDT BA4F2800 ZwReadVirtualMemory
SSDT BD91B068 ZwResumeThread
SSDT BD90F110 ZwSetContextThread
SSDT BE35EE70 ZwSetInformationProcess
SSDT BA4F2AD0 ZwSetInformationThread
SSDT BD98F380 ZwSetSystemInformation
SSDT BD9A1068 ZwSuspendProcess
SSDT BD9148D8 ZwSuspendThread
SSDT BD8FA118 ZwTerminateProcess
SSDT BD91C110 ZwTerminateThread
SSDT BD90C110 ZwUnmapViewOfSection
SSDT BE35D4F0 ZwWriteVirtualMemory
SSDT BE392BA8 ZwCreateThreadEx
SSDT BA4F2788 ZwCreateUserProcess

INT 0x51 ? BBB23A50
INT 0x52 ? BB97B7D0
INT 0x62 ? BBB23550
INT 0x72 ? BB97BCD0
INT 0x82 ? B9B50CD0
INT 0x92 ? BA5232D0
INT 0xA0 ? B9B502D0
INT 0xA2 ? B9B50A50
INT 0xB0 ? BBB232D0
INT 0xB1 ? BA523CD0
INT 0xB2 ? B9B50550

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D E26F08A0 8 Bytes [20, B1, 88, BD, 48, 13, 0A, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 E26F08B4 4 Bytes [40, D8, 35, BE]
.text ntkrnlpa.exe!KeSetEvent + 13D E26F08C0 4 Bytes [18, 36, 95, BC]
.text ntkrnlpa.exe!KeSetEvent + 191 E26F0914 4 Bytes [20, 41, 99, BD]
.text ntkrnlpa.exe!KeSetEvent + 1F5 E26F0978 4 Bytes [80, D8, 38, BE]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0xC5605000, 0x37D761, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xEE26A300, 0x3ACC8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xEE2AD300, 0x1B7E, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74867817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7486BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7485F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7485E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74898395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7486DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7485FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7485FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [748ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7488C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7485D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74856853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7485687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74862AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer: Anhoch
System Product Name: GoliathXD 785A
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 188):
0xE2644000 \SystemRoot\system32\ntkrnlpa.exe
0xE2611000 \SystemRoot\system32\hal.dll
0xBFC0D000 \SystemRoot\system32\kdcom.dll
0xBFC14000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0xBFC84000 \SystemRoot\system32\PSHED.dll
0xBFC95000 \SystemRoot\system32\BOOTVID.dll
0xBFC9D000 \SystemRoot\system32\CLFS.SYS
0xBFCDE000 \SystemRoot\system32\CI.dll
0xBFE0E000 \SystemRoot\system32\drivers\Wdf01000.sys
0xBFE7F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0xBFE8D000 \SystemRoot\system32\drivers\acpi.sys
0xBFED3000 \SystemRoot\system32\drivers\WMILIB.SYS
0xBFEDC000 \SystemRoot\system32\drivers\msisadrv.sys
0xBFEE4000 \SystemRoot\system32\drivers\pci.sys
0xBFF0B000 \SystemRoot\System32\drivers\partmgr.sys
0xBFF1A000 \SystemRoot\system32\DRIVERS\sshrmd.sys
0xBFF23000 \SystemRoot\system32\DRIVERS\ssfs0bbc.sys
0xBFF2E000 \SystemRoot\system32\DRIVERS\ssidrv.sys
0xBFF5C000 \SystemRoot\system32\DRIVERS\msrpc.sys
0xBFF87000 \SystemRoot\system32\DRIVERS\NETIO.SYS
0xC100F000 \SystemRoot\system32\DRIVERS\NDIS.SYS
0xC111A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xC1125000 \SystemRoot\system32\drivers\volmgr.sys
0xC1134000 \SystemRoot\System32\drivers\volmgrx.sys
0xC117E000 \SystemRoot\system32\drivers\intelide.sys
0xC1185000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0xC1193000 \SystemRoot\system32\drivers\pciide.sys
0xC119A000 \SystemRoot\System32\drivers\mountmgr.sys
0xC11AA000 \SystemRoot\system32\drivers\atapi.sys
0xC11B2000 \SystemRoot\system32\drivers\ataport.SYS
0xC11D0000 \SystemRoot\system32\drivers\fttxr52p.sys
0xBFFC2000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0xBFDBE000 \SystemRoot\system32\DRIVERS\Si3132r5.sys
0xC120A000 \SystemRoot\system32\drivers\fltmgr.sys
0xC123C000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMDS.SYS
0xC1292000 \SystemRoot\system32\drivers\fileinfo.sys
0xC12A2000 \SystemRoot\system32\DRIVERS\Lbd.sys
0xC12B1000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMEFA.SYS
0xC12DE000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0xC12E1000 \SystemRoot\System32\Drivers\ksecdd.sys
0xC1408000 \SystemRoot\System32\drivers\tcpip.sys
0xC14F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0xC1604000 \SystemRoot\System32\Drivers\Ntfs.sys
0xC1714000 \SystemRoot\system32\drivers\volsnap.sys
0xC174D000 \SystemRoot\System32\Drivers\spldr.sys
0xC1755000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0xC1757000 \SystemRoot\System32\Drivers\mup.sys
0xC1766000 \SystemRoot\System32\drivers\ecache.sys
0xC178D000 \SystemRoot\system32\drivers\disk.sys
0xC179E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0xC17BF000 \SystemRoot\system32\drivers\crcdisk.sys
0xC17DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0xC17EA000 \SystemRoot\system32\DRIVERS\SMBios.sys
0xC17F3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xC153B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xC154A000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0xC5604000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0xC1352000 \SystemRoot\System32\drivers\dxgkrnl.sys
0xC5D8A000 \SystemRoot\System32\drivers\watchdog.sys
0xC5E0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xC5E99000 \SystemRoot\system32\DRIVERS\HECI.sys
0xC5EA4000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0xC5EDC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xC5EE7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xC5F25000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xC5F34000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xC5F4C000 \SystemRoot\system32\drivers\ctaud2k.sys
0xC5FCB000 \SystemRoot\system32\drivers\portcls.sys
0xC5D96000 \SystemRoot\system32\drivers\drmk.sys
0xC5DBB000 \SystemRoot\system32\drivers\ks.sys
0xC1589000 \SystemRoot\system32\drivers\ctoss2k.sys
0xC5FF8000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xC5DE5000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0xC15BE000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0xC5E00000 \SystemRoot\system32\DRIVERS\fdc.sys
0xC15CC000 \SystemRoot\system32\DRIVERS\parport.sys
0xC15E4000 \SystemRoot\system32\DRIVERS\serial.sys
0xC5DF5000 \SystemRoot\system32\DRIVERS\serenum.sys
0xC13F2000 \SystemRoot\system32\DRIVERS\intelsmb.sys
0xBFFE8000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0xC6201000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0xC6230000 \SystemRoot\system32\DRIVERS\storport.sys
0xC6271000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xC6288000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xC6293000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xC62B6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xC62C5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xC62D9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0xC62EE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xC62FE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xC6309000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xC6314000 \SystemRoot\system32\DRIVERS\swenum.sys
0xC6316000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xC6320000 \SystemRoot\system32\DRIVERS\umbus.sys
0xC632D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xCA808000 \SystemRoot\system32\drivers\ha20x2k.sys
0xCA92B000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xCA935000 \SystemRoot\system32\drivers\emupia2k.sys
0xCA965000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xCA976000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xC6362000 \SystemRoot\system32\drivers\ctac32k.sys
0xCA99F000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0xCA9B4000 \SystemRoot\System32\drivers\CT20XUT.SYS
0xCAA0E000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0xCAB55000 \SystemRoot\system32\drivers\AtihdLH3.sys
0xCAB70000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
0xCABC7000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
0xCABE6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xCABFD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xCAA00000 \SystemRoot\system32\DRIVERS\dc3d.sys
0xCA9E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xCA9E7000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
0xCA9F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xCC400000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xCC410000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xCC56C000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xCC574000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0xCC599000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xCC5B5000 \SystemRoot\system32\DRIVERS\point32k.sys
0xCC5C0000 \SystemRoot\system32\DRIVERS\V0260Vid.sys
0xCC5E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xCC5EF000 \SystemRoot\System32\Drivers\Null.SYS
0xCC5F6000 \SystemRoot\System32\Drivers\Beep.SYS
0xC1000000 \SystemRoot\System32\drivers\vga.sys
0xD1409000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xD142A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xD1432000 \SystemRoot\system32\drivers\rdpencdd.sys
0xD143A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xD1445000 \SystemRoot\System32\Drivers\Npfs.SYS
0xD1453000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xD145C000 \SystemRoot\system32\DRIVERS\tdx.sys
0xD1472000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
0xD14CB000 \SystemRoot\system32\DRIVERS\smb.sys
0xD14DF000 \SystemRoot\system32\drivers\afd.sys
0xD1527000 \SystemRoot\System32\DRIVERS\netbt.sys
0xD1559000 \SystemRoot\system32\DRIVERS\pacer.sys
0xD156F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xD157D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xD1590000 \??\C:\Windows\system32\Drivers\vmm.sys
0xD6E01000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xD6E3D000 \SystemRoot\system32\drivers\nsiproxy.sys
0xD6E47000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110502.001\IDSvix86.sys
0xD6EA2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xD6F00000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xD6F1D000 \SystemRoot\System32\Drivers\dfsc.sys
0xD6F34000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
0xD7C08000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx86.sys
0xD7CD0000 \SystemRoot\System32\Drivers\crashdmp.sys
0xD7CDD000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xD7CE7000 \SystemRoot\System32\Drivers\dump_fttxr52P.sys
0xE6200000 \SystemRoot\System32\win32k.sys
0xD7D15000 \SystemRoot\System32\drivers\Dxapi.sys
0xD7D1F000 \SystemRoot\system32\DRIVERS\monitor.sys
0xE6420000 \SystemRoot\System32\TSDDD.dll
0xE6440000 \SystemRoot\System32\cdd.dll
0xD7D2E000 \SystemRoot\system32\drivers\luafv.sys
0xD7D49000 \SystemRoot\system32\drivers\WudfPf.sys
0xEB60F000 \SystemRoot\system32\drivers\spsys.sys
0xEB6BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xEB6CF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xEB6F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEB703000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xEB716000 \SystemRoot\system32\drivers\HTTP.sys
0xEB783000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xEB7A0000 \SystemRoot\system32\DRIVERS\bowser.sys
0xEB7B9000 \SystemRoot\System32\drivers\mpsdrv.sys
0xEB7CE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xD7D6B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xD7DA4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xD7DBC000 \SystemRoot\System32\DRIVERS\srv2.sys
0xEE207000 \SystemRoot\System32\DRIVERS\srv.sys
0xEE256000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xEE25F000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xEE266000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xEE26A000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xEE2AD000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xEE2B2000 \??\C:\Windows\system32\drivers\osaio.sys
0xEE2B5000 \SystemRoot\system32\drivers\peauth.sys
0xEE393000 \SystemRoot\System32\Drivers\secdrv.SYS
0xEE39D000 \SystemRoot\System32\drivers\tcpipreg.sys
0xEE3A9000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xEE3BF000 \SystemRoot\system32\drivers\tdtcp.sys
0xEE3CA000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xD6FB3000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xCC419000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110504.002\NAVEX15.SYS
0xEE3D6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110504.002\NAVENG.SYS
0xD7DE4000 \??\C:\Users\GOLIATH\AppData\Local\Temp\uxddypob.sys
0x77AC0000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
596 csrss.exe
668 C:\Windows\System32\wininit.exe
676 csrss.exe
724 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\services.exe
764 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
944 C:\Windows\System32\svchost.exe
988 C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
1020 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\atiesrxx.exe
1232 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\audiodg.exe
1380 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1392 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\SLsvc.exe
1436 C:\Windows\System32\svchost.exe
1556 C:\Windows\System32\atieclxx.exe
1828 C:\Windows\System32\svchost.exe
288 C:\Windows\System32\spoolsv.exe
324 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\taskeng.exe
1824 C:\HARDWARE\INTEL\IDU\iduServ.exe
1552 C:\Windows\System32\svchost.exe
768 C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\ccsvchst.exe
2080 C:\Windows\System32\svchost.exe
2092 C:\Windows\System32\PnkBstrA.exe
2116 C:\HARDWARE\PROMISE\WebPAM\jetty\extra\win32\Wrapper.exe
2156 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2264 C:\HARDWARE\SYBA\3132-W-R\SATARaid5ConfigService.exe
2324 C:\Windows\System32\svchost.exe
2372 C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
2456 C:\Windows\System32\dwm.exe
2496 C:\HARDWARE\PROMISE\WebPAM\_jvm\bin\java.exe
2540 C:\Windows\explorer.exe
3004 C:\Windows\System32\SearchIndexer.exe
3044 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3184 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3200 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3284 C:\Windows\System32\CtHelper.exe
3292 C:\HARDWARE\Creative\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe
3300 C:\HARDWARE\Creative\DVDAudio\CTDVDDET.exe
3308 C:\Windows\System32\Ctxfihlp.exe
3316 C:\HARDWARE\INTEL\IDU\iptray.exe
3404 C:\Program Files\Windows Sidebar\sidebar.exe
3496 C:\Windows\System32\CTxfispi.exe
3592 dllhost.exe
3860 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1724 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
2292 C:\APPLICAT\DrvGleam\DriveGLEAM105.exe
2300 C:\Windows\System32\cmd.exe
900 C:\GRAPHICS\PANORAMA\Panorama.exe
940 C:\UTILITY\sc.exe
2760 C:\APPLICAT\TRAYICON\TRAYICON.EXE
3012 C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\ccsvchst.exe
2288 C:\Windows\System32\wbem\unsecapp.exe
3708 WmiPrvSE.exe
2804 C:\Program Files\Windows Sidebar\sidebar.exe
888 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
3492 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
4384 C:\Windows\System32\taskeng.exe
4560 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5064 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
5692 C:\Windows\System32\svchost.exe
5208 C:\APPLICAT\EXTENSO\Extenso4.exe
5500 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
3824 SSU.exe
3784 C:\Windows\explorer.exe
1208 C:\Windows\System32\SearchProtocolHost.exe
5744 C:\Windows\System32\SearchFilterHost.exe
5460 dllhost.exe
1748 dllhost.exe
4080 C:\Users\GOLIATH\Desktop\MBRCheck.exe
5568 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x0000001d`4c100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: Promise1X2 Mirror/RAID1, Rev: 1.10
PhysicalDrive0 Model Number: WDCWD4000KD-00NAB0, Rev: 01.06A01

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive1 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
372 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Tried running DDS from the Desktop in both normal and safe mode. Runs for several minutes, then hangs system (hard reboot required).

I'd appreciate it if someone could help me figure out if my system is infected and, if so, what to do about getting rid of the infection. Thanks!

broni · 2011/05/04

Same computer as here?
http://www.windowsbbs.com/malware-v...ed-log-files-review-need-help-diagnosing.html

Xd23bgt · 2011/05/04

Not the same. The first one was my computer (WinXP). This new one is my wife's (Vista). Thanks!

broni · 2011/05/04

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

Xd23bgt · 2011/05/04

Here's the log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xC5E0E000 C:\Windows\system32\DRIVERS\atikmdag.sys 7888896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0xE2633000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0xE2633000 PnpManager 3907584 bytes
0xE2633000 RAW 3907584 bytes
0xE2633000 WMIxWDM 3907584 bytes
0xDBAB0000 Win32k 2113536 bytes
0xDBAB0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBA200000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110504.019\NAVEX15.SYS 1388544 bytes (Symantec Corporation, AV Engine)
0xCBA0A000 C:\Windows\System32\drivers\CTEXFIFX.SYS 1339392 bytes (Creative Technology Ltd., Creative XFi Effects)
0xCB607000 C:\Windows\system32\drivers\ha20x2k.sys 1191936 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))
0xC1609000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0xC1001000 C:\Windows\system32\DRIVERS\NDIS.SYS 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0xC1407000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0xBFCDB000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xE5651000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xCD803000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx86.sys 819200 bytes (Symantec Corporation, BASH Driver)
0xE140B000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0xC1349000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xCB806000 C:\Windows\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xC660C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xCD0FE000 C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xC674C000 C:\Windows\system32\drivers\ctaud2k.sys 520192 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xC12D8000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xBFE06000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xBFC11000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xE1512000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xCD06C000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xBA36C000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110504.001\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0xCB8E3000 C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0xE57A5000 C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0xC1233000 C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS 352256 bytes (Symantec Corporation, Symantec Data Store)
0xCD1AD000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0xDBD60000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xC1126000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0xCB975000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBFE85000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0xE5606000 C:\Windows\system32\DRIVERS\atksgt.sys 274432 bytes
0xBFC9A000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0xC6A33000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0xC1549000 C:\Windows\system32\DRIVERS\atikmpag.sys 258048 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0xC66E7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xC6BB3000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBFF7F000 C:\Windows\system32\DRIVERS\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xC6B65000 C:\Windows\system32\Drivers\vmm.sys 241664 bytes (Microsoft Corporation, Virtual Machine Monitor)
0xCD99F000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0xC1719000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xC66A4000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver)
0xBFDBB000 C:\Windows\system32\DRIVERS\Si3132r5.sys 225280 bytes (Silicon Image, Inc, SATA SoftRAID 5 miniport driver)
0xC1588000 C:\Windows\system32\drivers\ctoss2k.sys 217088 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xC6B30000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xE2600000 ACPI_HAL 208896 bytes
0xE2600000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xE575C000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0xC1201000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xCB9BD000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0xCB734000 C:\Windows\system32\drivers\emupia2k.sys 196608 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xC6A04000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0xCD91B000 C:\Windows\System32\Drivers\dump_fttxr52P.sys 188416 bytes
0xC11C2000 C:\Windows\system32\drivers\fttxr52p.sys 188416 bytes (Promise Technology, Inc., Promise FastTRAK TX4200/TX4300 Driver for Windows family)
0xBFF26000 C:\Windows\system32\DRIVERS\ssidrv.sys 188416 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0xC67CB000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xC12A8000 C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS 184320 bytes (Symantec Corporation, Symantec Extended File Attributes)
0xCB8B7000 C:\Windows\System32\drivers\CT20XUT.SYS 180224 bytes (Creative Technology Ltd., Creative 20X Utility Effects)
0xBFF54000 C:\Windows\system32\DRIVERS\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xC65C5000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xE14CB000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xCB775000 C:\Windows\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xCD185000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0xC176B000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0xBFEDC000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xBFFBA000 C:\Windows\system32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0xCD8DE000 C:\Windows\system32\DRIVERS\V0260Vid.sys 155648 bytes (Creative Technology Ltd., Video Capture Device Driver)
0xC65A0000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xCB93C000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xC6A96000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xC17A3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xCBBB2000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xCB7C7000 C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0xE15CA000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xC11A4000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xCD0CA000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xE157F000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0xCBB51000 C:\Windows\system32\drivers\AtihdLH3.sys 110592 bytes (Advanced Micro Devices, AMD High Definition Audio Function Driver)
0xC14F1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xCD962000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xC15D5000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0xCD97D000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xE159C000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0xC6734000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xCD9D8000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0xC15BD000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0xCD0E7000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0xC6A74000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xCB7E6000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xE578F000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xCB79E000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0xCBB83000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xCB8A2000 C:\Windows\System32\drivers\CTHWIUT.SYS 86016 bytes (Creative Technology Ltd., Creative Utility Effects)
0xE15B5000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0xC6ADC000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xBA353000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110504.019\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xC6AC8000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xCB961000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0xE14FF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xCB7B4000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xC1792000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xCB764000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0xBFC81000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0xBFFE0000 C:\Windows\system32\DRIVERS\VMNetSrv.sys 69632 bytes (Microsoft Corporation, Virtual Machine Network Services Driver)
0xC1289000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xC11F0000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xE14BB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0xC118C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0xC65EF000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xC6AF1000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0xC153A000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0xC1299000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xCD953000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0xC175C000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xBFF03000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0xC6AB9000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xC6725000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xC1117000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0xC5E00000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xDBCF0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0xCB9EF000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0xCBBEE000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0xC1177000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBFE77000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xCD904000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0xC6B23000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xC13E9000 C:\Windows\system32\DRIVERS\intelsmb.sys 49152 bytes (Intel Corporation, System Management Bus 2.0 (SMBus) Driver)
0xE5739000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xE5750000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0xCBBA6000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xC6594000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xC6600000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xC6699000 C:\Windows\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel(R) Management Engine Interface)
0xC6B01000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0xC6B0C000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0xCBBE3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0xC6A8B000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xCD8D3000 C:\Windows\system32\DRIVERS\point32k.sys 45056 bytes (Microsoft Corporation, Point32.sys)
0xBFF1B000 C:\Windows\system32\DRIVERS\ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xC110C000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xE5745000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0xC17E4000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xC66DC000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xCD911000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0xCD949000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xCB72A000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0xC6B19000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xE14F5000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0xC13F5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xE572F000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xC15EF000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0xC6BA9000 C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xE15E9000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xC17C4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0xC6BA0000 C:\Windows\system32\DRIVERS\dc3d.sys 36864 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
0xCBB6C000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xC6BEF000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xCD063000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xBA3C7000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xCBA00000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xC17EF000 C:\Windows\system32\DRIVERS\SMBios.sys 36864 bytes (Intel Corporation, Intel(R) System Management BIOS Driver)
0xBFF12000 C:\Windows\system32\DRIVERS\sshrmd.sys 36864 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0xDBCD0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xC1600000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xBFECB000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xC119C000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xBFC92000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xC67F8000 C:\Windows\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xCD8CB000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBFED4000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0xCD17D000 C:\Windows\system32\DRIVERS\NuidFltr.sys 32768 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xCBBD3000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0xCBBDB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0xC1752000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xCBB7C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0xCBB9F000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xC1170000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBFC0A000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xCBB75000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xE15F2000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0xC1185000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xE5649000 C:\Windows\system32\DRIVERS\lirsgt.sys 20480 bytes
0xE15F9000 C:\Windows\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xE564E000 C:\Windows\system32\drivers\osaio.sys 12288 bytes (OSA Technologies, An Avocent Company, OSA I/O Port Driver)
0xC12D5000 C:\Windows\system32\DRIVERS\SiWinAcc.sys 12288 bytes (Silicon Image, Inc., Windows Accelerator Driver)
0xC175A000 C:\Windows\system32\DRIVERS\SiRemFil.sys 8192 bytes (Silicon Image, Inc., Filter driver for Silicon Image SATALink controllers.)
0xC6B17000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xCBB99000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x03C90000 Hidden Image-->S2PCISE.exe [ EPROCESS 0xBEF76570 ] PID: 2128, 36864 bytes
0x037F0000 Hidden Image-->S2PCISE.exe [ EPROCESS 0xBA798B08 ] PID: 5268, 36864 bytes
0x00F10000 Hidden Image-->CFScan.dll [ EPROCESS 0xBEFD1598 ] PID: 2280, 45056 bytes

Awaiting next step...

broni · 2011/05/04

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Xd23bgt · 2011/05/05

Unfortunately, I cannot get ComboFix to run. It hangs up during the scan every time. I have followed all the instructions. Disabled all antivirus, antispyware, and firewall. Tried in normal mode and safe mode. Then, in safe mode ran rkill.com followed by a renamed ComboFix from Desktop (renamed before copying to Desktop), with same result. Rkill log overwritten (more later...) so can't post, but stopped a process in a Windows subdirectory called com*.exe (can't remember exact name/location). Rebooted into normal mode. Ran rkill.exe, and log is below. It overwrote earlier rkill.log instead of appending or creating a new file. Immediately ran a newly downloaded renamed ComboFix from Desktop (renamed before copying to Desktop). Hung up during scan, and then BSOD'd.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 05/05/2011 at 0:39:24.
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

C:\HARDWARE\PROMISE\WebPAM\_jvm\bin\java.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE

Rkill completed on 05/05/2011 at 0:39:30.

WebPAM is software associated with my Promise RAID Controller. Any suggestions?

broni · 2011/05/05

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

====================================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Xd23bgt · 2011/05/05

Part 1
Here’s the output from Bootkit Remover:
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00100000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)
Done;
Press any key to quit...
Here’s the TDSSKiller output:
2011/05/05 19:31:12.0409 3176 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 19:31:14.0409 3176 ================================================================================
2011/05/05 19:31:14.0409 3176 SystemInfo:
2011/05/05 19:31:14.0409 3176
2011/05/05 19:31:14.0409 3176 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/05 19:31:14.0409 3176 Product type: Workstation
2011/05/05 19:31:14.0409 3176 ComputerName: SPORKO4
2011/05/05 19:31:14.0409 3176 UserName: GOLIATH
2011/05/05 19:31:14.0409 3176 Windows directory: C:\Windows
2011/05/05 19:31:14.0409 3176 System windows directory: C:\Windows
2011/05/05 19:31:14.0409 3176 Processor architecture: Intel x86
2011/05/05 19:31:14.0409 3176 Number of processors: 2
2011/05/05 19:31:14.0409 3176 Page size: 0x1000
2011/05/05 19:31:14.0409 3176 Boot type: Normal boot
2011/05/05 19:31:14.0409 3176 ================================================================================
2011/05/05 19:31:14.0948 3176 Initialize success
2011/05/05 19:31:32.0581 5780 ================================================================================
2011/05/05 19:31:32.0581 5780 Scan started
2011/05/05 19:31:32.0581 5780 Mode: Manual;
2011/05/05 19:31:32.0581 5780 ================================================================================
2011/05/05 19:31:33.0104 5780 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/05 19:31:33.0167 5780 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/05 19:31:33.0261 5780 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/05 19:31:33.0300 5780 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/05 19:31:33.0331 5780 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/05 19:31:33.0393 5780 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/05 19:31:33.0433 5780 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/05 19:31:33.0472 5780 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/05 19:31:33.0511 5780 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/05 19:31:33.0612 5780 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/05 19:31:33.0643 5780 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/05 19:31:33.0667 5780 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/05 19:31:33.0698 5780 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/05/05 19:31:33.0925 5780 amdkmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/05 19:31:34.0198 5780 amdkmdap (92dc2e0ae49148f83b24d89c737b0c97) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/05 19:31:34.0268 5780 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/05 19:31:34.0308 5780 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/05 19:31:34.0409 5780 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\Aspi32.sys
2011/05/05 19:31:34.0464 5780 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/05 19:31:34.0495 5780 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/05 19:31:34.0565 5780 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
2011/05/05 19:31:34.0612 5780 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
2011/05/05 19:31:34.0847 5780 atikmdag (d05cf4523e0c04ef82454abfd84fdc1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/05 19:31:34.0979 5780 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
2011/05/05 19:31:35.0065 5780 BCM43XV (e57b242f831afa67d898f30a93ad47c2) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/05 19:31:35.0136 5780 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\WMP54GSx86.sys
2011/05/05 19:31:35.0222 5780 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/05 19:31:35.0354 5780 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx86.sys
2011/05/05 19:31:35.0472 5780 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/05 19:31:35.0511 5780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/05 19:31:35.0534 5780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/05 19:31:35.0573 5780 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/05 19:31:35.0604 5780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/05 19:31:35.0636 5780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/05 19:31:35.0667 5780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/05 19:31:35.0737 5780 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/05 19:31:35.0909 5780 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys
2011/05/05 19:31:35.0995 5780 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/05 19:31:36.0081 5780 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/05 19:31:36.0136 5780 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/05 19:31:36.0183 5780 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/05 19:31:36.0229 5780 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/05 19:31:36.0268 5780 COMMONFX.DLL (ecd78c93a8ca1e280e10e24188e6568e) C:\Windows\system32\COMMONFX.DLL
2011/05/05 19:31:36.0300 5780 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/05 19:31:36.0339 5780 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/05 19:31:36.0440 5780 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/05 19:31:36.0511 5780 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS
2011/05/05 19:31:36.0565 5780 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS
2011/05/05 19:31:36.0604 5780 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys
2011/05/05 19:31:36.0643 5780 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys
2011/05/05 19:31:36.0698 5780 CTAUDFX.DLL (ccbcdd95116b993dfa523b3ecc88f73d) C:\Windows\system32\CTAUDFX.DLL
2011/05/05 19:31:36.0768 5780 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys
2011/05/05 19:31:36.0823 5780 CTEAPSFX.DLL (3d411b5df969c0f1dd062aa147bed524) C:\Windows\system32\CTEAPSFX.DLL
2011/05/05 19:31:36.0854 5780 CTEDSPFX.DLL (fe0823d8280a51a5575ae2fd9a3732e2) C:\Windows\system32\CTEDSPFX.DLL
2011/05/05 19:31:36.0917 5780 CTEDSPIO.DLL (eaf112535481ab76a022a274f1a8f924) C:\Windows\system32\CTEDSPIO.DLL
2011/05/05 19:31:36.0972 5780 CTEDSPSY.DLL (db50923f48b8a8fd80329dae21ad316c) C:\Windows\system32\CTEDSPSY.DLL
2011/05/05 19:31:37.0050 5780 CTERFXFX.DLL (c7f3e238871c8a0473430f8f87921ec5) C:\Windows\system32\CTERFXFX.DLL
2011/05/05 19:31:37.0136 5780 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/05/05 19:31:37.0393 5780 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/05/05 19:31:37.0714 5780 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/05/05 19:31:37.0776 5780 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/05/05 19:31:38.0018 5780 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys
2011/05/05 19:31:38.0065 5780 CTSBLFX.DLL (48184677fac84ada4b20b1fbbacea95d) C:\Windows\system32\CTSBLFX.DLL
2011/05/05 19:31:38.0261 5780 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys
2011/05/05 19:31:38.0417 5780 dc3d (6b62f5f9a987d08f67fc1302e4b67aed) C:\Windows\system32\DRIVERS\dc3d.sys
2011/05/05 19:31:38.0581 5780 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/05 19:31:38.0683 5780 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/05 19:31:38.0722 5780 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/05 19:31:38.0768 5780 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/05 19:31:38.0862 5780 e1express (2269390a8af6e2c1c381cc15afccf0ac) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/05 19:31:38.0925 5780 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/05 19:31:39.0042 5780 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/05 19:31:39.0120 5780 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/05 19:31:39.0190 5780 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/05 19:31:39.0245 5780 emupia (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys
2011/05/05 19:31:39.0354 5780 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/05 19:31:39.0472 5780 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/05 19:31:39.0518 5780 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/05 19:31:39.0550 5780 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/05 19:31:39.0597 5780 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/05 19:31:39.0620 5780 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/05 19:31:39.0683 5780 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/05 19:31:39.0722 5780 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/05 19:31:39.0808 5780 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/05 19:31:39.0854 5780 fttxr52P (34a245b425ad0b83c784322eb842c87e) C:\Windows\system32\drivers\fttxr52p.sys
2011/05/05 19:31:39.0909 5780 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/05 19:31:39.0972 5780 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys
2011/05/05 19:31:40.0050 5780 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/05 19:31:40.0276 5780 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/05 19:31:40.0347 5780 HECI (9c1a84cb7d209cbecb1909de4875e9d6) C:\Windows\system32\DRIVERS\HECI.sys
2011/05/05 19:31:40.0386 5780 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/05 19:31:40.0417 5780 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/05 19:31:40.0518 5780 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/05 19:31:40.0589 5780 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/05 19:31:40.0636 5780 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/05 19:31:40.0675 5780 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/05 19:31:40.0854 5780 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/05 19:31:40.0917 5780 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/05 19:31:41.0042 5780 IDSVix86 (7c8ce2b83a89ee1cb0c3fee5991e62a2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110504.001\IDSvix86.sys
2011/05/05 19:31:41.0097 5780 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/05 19:31:41.0175 5780 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/05 19:31:41.0222 5780 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/05 19:31:41.0276 5780 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/05 19:31:41.0331 5780 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/05 19:31:41.0386 5780 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/05 19:31:41.0417 5780 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/05 19:31:41.0456 5780 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/05 19:31:41.0550 5780 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/05 19:31:41.0581 5780 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/05 19:31:41.0620 5780 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/05 19:31:41.0643 5780 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/05 19:31:41.0675 5780 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/05 19:31:41.0722 5780 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/05 19:31:41.0839 5780 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
2011/05/05 19:31:41.0878 5780 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/05/05 19:31:41.0972 5780 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/05 19:31:42.0042 5780 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/05 19:31:42.0065 5780 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/05 19:31:42.0167 5780 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/05 19:31:42.0222 5780 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/05 19:31:42.0261 5780 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/05 19:31:42.0308 5780 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/05 19:31:42.0347 5780 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/05 19:31:42.0401 5780 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/05 19:31:42.0425 5780 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/05 19:31:42.0464 5780 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/05 19:31:42.0558 5780 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/05 19:31:42.0589 5780 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/05 19:31:42.0643 5780 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/05 19:31:42.0714 5780 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/05 19:31:42.0761 5780 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/05 19:31:42.0792 5780 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/05 19:31:42.0870 5780 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/05 19:31:42.0909 5780 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/05 19:31:42.0940 5780 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/05 19:31:42.0987 5780 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/05 19:31:43.0034 5780 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/05 19:31:43.0073 5780 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/05 19:31:43.0104 5780 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/05 19:31:43.0143 5780 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/05 19:31:43.0222 5780 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/05 19:31:43.0268 5780 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/05 19:31:43.0331 5780 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/05 19:31:43.0378 5780 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/05 19:31:43.0409 5780 NAL (ace8666aa75ca8451ea2ff819389e941) C:\Windows\system32\Drivers\iqvw32.sys
2011/05/05 19:31:43.0456 5780 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/05 19:31:43.0573 5780 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110505.003\NAVENG.SYS
2011/05/05 19:31:43.0667 5780 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110505.003\NAVEX15.SYS
2011/05/05 19:31:43.0815 5780 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/05 19:31:43.0886 5780 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/05 19:31:43.0917 5780 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/05 19:31:43.0987 5780 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/05 19:31:44.0089 5780 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/05 19:31:44.0120 5780 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/05 19:31:44.0151 5780 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/05 19:31:44.0245 5780 netr28u (5efe06456dbc5cd87cadc42af8d31cd9) C:\Windows\system32\DRIVERS\netr28u.sys
2011/05/05 19:31:44.0300 5780 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/05 19:31:44.0386 5780 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/05 19:31:44.0440 5780 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/05 19:31:44.0511 5780 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/05 19:31:44.0558 5780 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/05 19:31:44.0604 5780 NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/05/05 19:31:44.0714 5780 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/05 19:31:44.0768 5780 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/05 19:31:44.0800 5780 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/05 19:31:44.0831 5780 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/05 19:31:44.0948 5780 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/05 19:31:45.0034 5780 osaio (d7d120fd31bb8b4ec6a4f628517edc33) C:\Windows\system32\drivers\osaio.sys
2011/05/05 19:31:45.0089 5780 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys
2011/05/05 19:31:45.0136 5780 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/05 19:31:45.0190 5780 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/05 19:31:45.0214 5780 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/05 19:31:45.0276 5780 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/05 19:31:45.0308 5780 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/05 19:31:45.0386 5780 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/05 19:31:45.0440 5780 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/05 19:31:45.0542 5780 Point32 (d82ac5b7da8fdccda1323836516405ec) C:\Windows\system32\DRIVERS\point32k.sys
2011/05/05 19:31:45.0597 5780 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/05 19:31:45.0714 5780 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/05 19:31:45.0808 5780 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/05 19:31:45.0870 5780 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/05 19:31:45.0956 5780 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/05 19:31:46.0003 5780 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/05 19:31:46.0042 5780 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/05 19:31:46.0097 5780 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/05 19:31:46.0143 5780 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/05 19:31:46.0206 5780 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/05 19:31:46.0276 5780 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/05 19:31:46.0339 5780 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/05 19:31:46.0393 5780 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/05 19:31:46.0417 5780 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/05 19:31:46.0464 5780 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/05 19:31:46.0518 5780 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/05 19:31:46.0589 5780 SANDRA (24c68978d48f41084dc00159aa07fab8) C:\DIAGS\Sandra\WNt500x86\Sandra.sys
2011/05/05 19:31:46.0745 5780 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/05 19:31:46.0792 5780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/05 19:31:46.0831 5780 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/05 19:31:46.0870 5780 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/05 19:31:46.0909 5780 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/05 19:31:46.0956 5780 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/05 19:31:47.0026 5780 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/05 19:31:47.0050 5780 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/05 19:31:47.0081 5780 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/05 19:31:47.0183 5780 Si3132r5 (227e56633d6423e1f7d869618ac8404f) C:\Windows\system32\DRIVERS\Si3132r5.sys
2011/05/05 19:31:47.0229 5780 SiFilter (dbdee2a96f2f616726817373516cb0bd) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2011/05/05 19:31:47.0308 5780 SiRemFil (3e6b438e5cb674a1382b2955aa98f637) C:\Windows\system32\DRIVERS\SiRemFil.sys
2011/05/05 19:31:47.0487 5780 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/05 19:31:47.0550 5780 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/05 19:31:47.0620 5780 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/05 19:31:47.0706 5780 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/05 19:31:47.0831 5780 SMBios (d72a21424ca66c7a745bd995eca6a710) C:\Windows\system32\DRIVERS\SMBios.sys
2011/05/05 19:31:47.0870 5780 smbusp (9acbc471d86ed01a6f6bf30394c8acef) C:\Windows\system32\DRIVERS\intelsmb.sys
2011/05/05 19:31:47.0909 5780 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/05 19:31:48.0034 5780 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS
2011/05/05 19:31:48.0190 5780 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS
2011/05/05 19:31:48.0245 5780 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/05 19:31:48.0292 5780 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/05 19:31:48.0323 5780 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/05 19:31:48.0370 5780 ssfs0bbc (6c46d1d2fc31a8cf0f1d6f9d6859d836) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
2011/05/05 19:31:48.0433 5780 sshrmd (cfbd9006204468f64c5737f71eb602f3) C:\Windows\system32\DRIVERS\sshrmd.sys
2011/05/05 19:31:48.0472 5780 ssidrv (808c18876dd615b82f08298c98af46b2) C:\Windows\system32\DRIVERS\ssidrv.sys
2011/05/05 19:31:48.0534 5780 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/05 19:31:48.0589 5780 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/05 19:31:48.0784 5780 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS
2011/05/05 19:31:48.0831 5780 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS
2011/05/05 19:31:48.0878 5780 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/05/05 19:31:48.0979 5780 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS
2011/05/05 19:31:49.0081 5780 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
2011/05/05 19:31:49.0151 5780 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/05 19:31:49.0190 5780 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/05 19:31:49.0268 5780 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/05 19:31:49.0347 5780 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/05 19:31:49.0393 5780 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/05 19:31:49.0440 5780 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/05 19:31:49.0464 5780 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/05 19:31:49.0511 5780 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/05 19:31:49.0550 5780 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/05 19:31:49.0612 5780 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/05 19:31:49.0651 5780 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/05 19:31:49.0698 5780 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/05 19:31:49.0761 5780 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/05 19:31:49.0839 5780 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/05 19:31:49.0901 5780 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/05 19:31:49.0940 5780 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/05 19:31:49.0979 5780 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/05 19:31:50.0034 5780 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/05 19:31:50.0128 5780 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/05 19:31:50.0206 5780 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/05 19:31:50.0237 5780 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/05 19:31:50.0268 5780 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/05 19:31:50.0308 5780 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/05 19:31:50.0347 5780 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/05 19:31:50.0401 5780 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/05 19:31:50.0448 5780 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/05 19:31:50.0495 5780 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/05 19:31:50.0573 5780 V0260VID (ed36590e9e6ca2c310a832a2f8a3c77f) C:\Windows\system32\DRIVERS\V0260Vid.sys
2011/05/05 19:31:50.0612 5780 V0420VID (e579144c0bfa5720e1da5a7783058e9a) C:\Windows\system32\DRIVERS\V0420Vid.sys
2011/05/05 19:31:50.0651 5780 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/05 19:31:50.0722 5780 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/05 19:31:50.0784 5780 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/05 19:31:50.0815 5780 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/05 19:31:50.0862 5780 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/05 19:31:50.0909 5780 vmm (817da66b1b889fad1dbf669e0e2f3228) C:\Windows\system32\Drivers\vmm.sys
2011/05/05 19:31:50.0956 5780 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/05 19:31:51.0065 5780 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/05 19:31:51.0104 5780 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/05 19:31:51.0167 5780 VPCNetS2 (2abe8281db609d8bb1bd1b2f93800d5f) C:\Windows\system32\DRIVERS\VMNetSrv.sys
2011/05/05 19:31:51.0354 5780 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/05 19:31:51.0401 5780 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/05 19:31:51.0448 5780 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 19:31:51.0495 5780 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/05 19:31:51.0604 5780 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/05 19:31:51.0714 5780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/05 19:31:51.0901 5780 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/05/05 19:31:51.0948 5780 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/05 19:31:52.0026 5780 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/05 19:31:52.0073 5780 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/05 19:31:52.0151 5780 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/05 19:31:52.0183 5780 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/05 19:31:52.0339 5780 ================================================================================
2011/05/05 19:31:52.0339 5780 Scan finished
2011/05/05 19:31:52.0339 5780 ================================================================================
Also a Bootkit Remover debug file (not sure you need this):
.\debug.cpp(238) : Debug log started at 05.05.2011 - 23:27:23
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0xe2617000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe "
.\debug.cpp(256) : 0xe29d1000 0x00033000 "\SystemRoot\system32\hal.dll "
.\debug.cpp(256) : 0xbfc0f000 0x00007000 "\SystemRoot\system32\kdcom.dll "
.\debug.cpp(256) : 0xbfc16000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll "
.\debug.cpp(256) : 0xbfc86000 0x00011000 "\SystemRoot\system32\PSHED.dll "
.\debug.cpp(256) : 0xbfc97000 0x00008000 "\SystemRoot\system32\BOOTVID.dll "
.\debug.cpp(256) : 0xbfc9f000 0x00041000 "\SystemRoot\system32\CLFS.SYS "
.\debug.cpp(256) : 0xbfce0000 0x000e0000 "\SystemRoot\system32\CI.dll "
.\debug.cpp(256) : 0xbfe01000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys "
.\debug.cpp(256) : 0xbfe72000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS "
.\debug.cpp(256) : 0xbfe80000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys "
.\debug.cpp(256) : 0xbfec6000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS "
.\debug.cpp(256) : 0xbfecf000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys "
.\debug.cpp(256) : 0xbfed7000 0x00027000 "\SystemRoot\system32\drivers\pci.sys "
.\debug.cpp(256) : 0xbfefe000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys "
.\debug.cpp(256) : 0xbff0d000 0x00009000 "\SystemRoot\system32\DRIVERS\sshrmd.sys "
.\debug.cpp(256) : 0xbff16000 0x0000b000 "\SystemRoot\system32\DRIVERS\ssfs0bbc.sys "
.\debug.cpp(256) : 0xbff21000 0x0002e000 "\SystemRoot\system32\DRIVERS\ssidrv.sys "
.\debug.cpp(256) : 0xbff4f000 0x0002b000 "\SystemRoot\system32\DRIVERS\msrpc.sys "
.\debug.cpp(256) : 0xbff7a000 0x0003b000 "\SystemRoot\system32\DRIVERS\NETIO.SYS "
.\debug.cpp(256) : 0xc1008000 0x0010b000 "\SystemRoot\system32\DRIVERS\NDIS.SYS "
.\debug.cpp(256) : 0xc1113000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0xc111e000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys "
.\debug.cpp(256) : 0xc112d000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys "
.\debug.cpp(256) : 0xc1177000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys "
.\debug.cpp(256) : 0xc117e000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS "
.\debug.cpp(256) : 0xc118c000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys "
.\debug.cpp(256) : 0xc1193000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys "
.\debug.cpp(256) : 0xc11a3000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys "
.\debug.cpp(256) : 0xc11ab000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS "
.\debug.cpp(256) : 0xc11c9000 0x0002e000 "\SystemRoot\system32\drivers\fttxr52p.sys "
.\debug.cpp(256) : 0xbffb5000 0x00026000 "\SystemRoot\system32\drivers\SCSIPORT.SYS "
.\debug.cpp(256) : 0xbfdc0000 0x00037000 "\SystemRoot\system32\DRIVERS\Si3132r5.sys "
.\debug.cpp(256) : 0xc120a000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys "
.\debug.cpp(256) : 0xc123c000 0x00056000 "\SystemRoot\system32\drivers\NIS\1108000.005\SYMDS.SYS "
.\debug.cpp(256) : 0xc1292000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys "
.\debug.cpp(256) : 0xc12a2000 0x0000f000 "\SystemRoot\system32\DRIVERS\Lbd.sys "
.\debug.cpp(256) : 0xc12b1000 0x0002d000 "\SystemRoot\system32\drivers\NIS\1108000.005\SYMEFA.SYS "
.\debug.cpp(256) : 0xc12de000 0x00003000 "\SystemRoot\system32\DRIVERS\SiWinAcc.sys "
.\debug.cpp(256) : 0xc12e1000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys "
.\debug.cpp(256) : 0xc140b000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys "
.\debug.cpp(256) : 0xc14f5000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys "
.\debug.cpp(256) : 0xc160e000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys "
.\debug.cpp(256) : 0xc171e000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys "
.\debug.cpp(256) : 0xc1757000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys "
.\debug.cpp(256) : 0xc175f000 0x00002000 "\SystemRoot\system32\DRIVERS\SiRemFil.sys "
.\debug.cpp(256) : 0xc1761000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys "
.\debug.cpp(256) : 0xc1770000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys "
.\debug.cpp(256) : 0xc1797000 0x00011000 "\SystemRoot\system32\drivers\disk.sys "
.\debug.cpp(256) : 0xc17a8000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS "
.\debug.cpp(256) : 0xc17c9000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys "
.\debug.cpp(256) : 0xc17e9000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys "
.\debug.cpp(256) : 0xc17f4000 0x00009000 "\SystemRoot\system32\DRIVERS\SMBios.sys "
.\debug.cpp(256) : 0xc1600000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys "
.\debug.cpp(256) : 0xc153e000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys "
.\debug.cpp(256) : 0xc154d000 0x0003f000 "\SystemRoot\system32\DRIVERS\atikmpag.sys "
.\debug.cpp(256) : 0xc5a09000 0x00786000 "\SystemRoot\system32\DRIVERS\atikmdag.sys "
.\debug.cpp(256) : 0xc1352000 0x000a0000 "\SystemRoot\System32\drivers\dxgkrnl.sys "
.\debug.cpp(256) : 0xc618f000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys "
.\debug.cpp(256) : 0xc6200000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys "
.\debug.cpp(256) : 0xc628d000 0x0000b000 "\SystemRoot\system32\DRIVERS\HECI.sys "
.\debug.cpp(256) : 0xc6298000 0x00038000 "\SystemRoot\system32\DRIVERS\e1e6032.sys "
.\debug.cpp(256) : 0xc62d0000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0xc62db000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0xc6319000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0xc6328000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys "
.\debug.cpp(256) : 0xc6340000 0x0007f000 "\SystemRoot\system32\drivers\ctaud2k.sys "
.\debug.cpp(256) : 0xc63bf000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys "
.\debug.cpp(256) : 0xc619b000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys "
.\debug.cpp(256) : 0xc61c0000 0x0002a000 "\SystemRoot\system32\drivers\ks.sys "
.\debug.cpp(256) : 0xc158c000 0x00035000 "\SystemRoot\system32\drivers\ctoss2k.sys "
.\debug.cpp(256) : 0xc63ec000 0x00008000 "\SystemRoot\system32\drivers\ctprxy2k.sys "
.\debug.cpp(256) : 0xc61ea000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys "
.\debug.cpp(256) : 0xc15c1000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS "
.\debug.cpp(256) : 0xc63f4000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys "
.\debug.cpp(256) : 0xc15cf000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys "
.\debug.cpp(256) : 0xbffdb000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys "
.\debug.cpp(256) : 0xc15e7000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys "
.\debug.cpp(256) : 0xc15f1000 0x0000c000 "\SystemRoot\system32\DRIVERS\intelsmb.sys "
.\debug.cpp(256) : 0xc640a000 0x00011000 "\SystemRoot\system32\DRIVERS\VMNetSrv.sys "
.\debug.cpp(256) : 0xc641b000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys "
.\debug.cpp(256) : 0xc644a000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys "
.\debug.cpp(256) : 0xc648b000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys "
.\debug.cpp(256) : 0xc64a2000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys "
.\debug.cpp(256) : 0xc64ad000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys "
.\debug.cpp(256) : 0xc64d0000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys "
.\debug.cpp(256) : 0xc64df000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys "
.\debug.cpp(256) : 0xc64f3000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys "
.\debug.cpp(256) : 0xc6508000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys "
.\debug.cpp(256) : 0xc6518000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys "
.\debug.cpp(256) : 0xc6523000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys "
.\debug.cpp(256) : 0xc652e000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys "
.\debug.cpp(256) : 0xc6530000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys "
.\debug.cpp(256) : 0xc653a000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys "
.\debug.cpp(256) : 0xc6547000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys "
.\debug.cpp(256) : 0xcac09000 0x00123000 "\SystemRoot\system32\drivers\ha20x2k.sys "
.\debug.cpp(256) : 0xcad2c000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys "
.\debug.cpp(256) : 0xcad36000 0x00030000 "\SystemRoot\system32\drivers\emupia2k.sys "
.\debug.cpp(256) : 0xcad66000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
.\debug.cpp(256) : 0xcad77000 0x00029000 "\SystemRoot\system32\drivers\ctsfm2k.sys "
.\debug.cpp(256) : 0xcae0f000 0x0009c000 "\SystemRoot\system32\drivers\ctac32k.sys "
.\debug.cpp(256) : 0xcaeab000 0x00015000 "\SystemRoot\System32\drivers\CTHWIUT.SYS "
.\debug.cpp(256) : 0xcaec0000 0x0002c000 "\SystemRoot\System32\drivers\CT20XUT.SYS "
.\debug.cpp(256) : 0xcb00b000 0x00147000 "\SystemRoot\System32\drivers\CTEXFIFX.SYS "
.\debug.cpp(256) : 0xcb152000 0x0001b000 "\SystemRoot\system32\drivers\AtihdLH3.sys "
.\debug.cpp(256) : 0xcb16d000 0x00057000 "\SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS "
.\debug.cpp(256) : 0xcb1c4000 0x0001f000 "\SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS "
.\debug.cpp(256) : 0xcb1e3000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys "
.\debug.cpp(256) : 0xcb1fa000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS "
.\debug.cpp(256) : 0xcb000000 0x00009000 "\SystemRoot\system32\DRIVERS\dc3d.sys "
.\debug.cpp(256) : 0xcaeec000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS "
.\debug.cpp(256) : 0xcaef3000 0x0000a000 "\SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS "
.\debug.cpp(256) : 0xcaefd000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys "
.\debug.cpp(256) : 0xcaf06000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS "
.\debug.cpp(256) : 0xcaf16000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys "
.\debug.cpp(256) : 0xccb58000 0x00008000 "\SystemRoot\system32\DRIVERS\NuidFltr.sys "
.\debug.cpp(256) : 0xccb60000 0x00025000 "\??\C:\Windows\system32\Drivers\SYMEVENT.SYS "
.\debug.cpp(256) : 0xccb85000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
.\debug.cpp(256) : 0xccba1000 0x0000b000 "\SystemRoot\system32\DRIVERS\point32k.sys "
.\debug.cpp(256) : 0xccbac000 0x00026000 "\SystemRoot\system32\DRIVERS\V0260Vid.sys "
.\debug.cpp(256) : 0xccbd2000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
.\debug.cpp(256) : 0xccbdb000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0xccbe2000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS "
.\debug.cpp(256) : 0xccbe9000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0xcaf1f000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS "
.\debug.cpp(256) : 0xccbf5000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
.\debug.cpp(256) : 0xcaf40000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys "
.\debug.cpp(256) : 0xcaf48000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0xcaf53000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0xcaf61000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys "
.\debug.cpp(256) : 0xcaf6a000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys "
.\debug.cpp(256) : 0xcaf80000 0x00059000 "\SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS "
.\debug.cpp(256) : 0xcafd9000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys "
.\debug.cpp(256) : 0xcada0000 0x00048000 "\SystemRoot\system32\drivers\afd.sys "
.\debug.cpp(256) : 0xc657c000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys "
.\debug.cpp(256) : 0xcade8000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys "
.\debug.cpp(256) : 0xcafed000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys "
.\debug.cpp(256) : 0xc65ae000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys "
.\debug.cpp(256) : 0xc65c1000 0x0003b000 "\??\C:\Windows\system32\Drivers\vmm.sys "
.\debug.cpp(256) : 0xd7601000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys "
.\debug.cpp(256) : 0xd763d000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys "
.\debug.cpp(256) : 0xd7647000 0x0005b000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110504.001\IDSvix86.sys "
.\debug.cpp(256) : 0xd76a2000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys "
.\debug.cpp(256) : 0xd7700000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "
.\debug.cpp(256) : 0xd771d000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys "
.\debug.cpp(256) : 0xd7734000 0x0007f000 "\SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys "
.\debug.cpp(256) : 0xd8408000 0x000c8000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx86.sys "
.\debug.cpp(256) : 0xd84d0000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys "
.\debug.cpp(256) : 0xd84dd000 0x0000a000 "\SystemRoot\System32\Drivers\dump_diskdump.sys "
.\debug.cpp(256) : 0xd84e7000 0x0002e000 "\SystemRoot\System32\Drivers\dump_fttxr52P.sys "
.\debug.cpp(256) : 0xe4e40000 0x00204000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0xd8515000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0xd851f000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys "
.\debug.cpp(256) : 0xe5060000 0x00009000 "\SystemRoot\System32\TSDDD.dll "
.\debug.cpp(256) : 0xe5080000 0x0000e000 "\SystemRoot\System32\cdd.dll "
.\debug.cpp(256) : 0xd852e000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys "
.\debug.cpp(256) : 0xd8549000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys "
.\debug.cpp(256) : 0xeb803000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys "
.\debug.cpp(256) : 0xeb8b3000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys "
.\debug.cpp(256) : 0xeb8c3000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys "
.\debug.cpp(256) : 0xeb8ed000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys "
.\debug.cpp(256) : 0xeb8f7000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys "
.\debug.cpp(256) : 0xeb90a000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys "
.\debug.cpp(256) : 0xeb977000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys "
.\debug.cpp(256) : 0xeb994000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys "
.\debug.cpp(256) : 0xeb9ad000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys "
.\debug.cpp(256) : 0xeb9c2000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys "
.\debug.cpp(256) : 0xd856b000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys "
.\debug.cpp(256) : 0xeb9e1000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys "
.\debug.cpp(256) : 0xd85a4000 0x00028000 "\SystemRoot\System32\DRIVERS\srv2.sys "
.\debug.cpp(256) : 0xeda07000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv.sys "
.\debug.cpp(256) : 0xeda56000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys "
.\debug.cpp(256) : 0xeda5f000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys "
.\debug.cpp(256) : 0xeda66000 0x00004000 "\SystemRoot\System32\Drivers\Aspi32.SYS "
.\debug.cpp(256) : 0xeda6a000 0x00043000 "\SystemRoot\system32\DRIVERS\atksgt.sys "
.\debug.cpp(256) : 0xedaad000 0x00005000 "\SystemRoot\system32\DRIVERS\lirsgt.sys "
.\debug.cpp(256) : 0xedab2000 0x00003000 "\??\C:\Windows\system32\drivers\osaio.sys "
.\debug.cpp(256) : 0xedab5000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys "
.\debug.cpp(256) : 0xedb93000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS "
.\debug.cpp(256) : 0xedb9d000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys "
.\debug.cpp(256) : 0xedba9000 0x0000b000 "\SystemRoot\system32\drivers\tdtcp.sys "
.\debug.cpp(256) : 0xedbb4000 0x0000c000 "\SystemRoot\System32\DRIVERS\tssecsrv.sys "
.\debug.cpp(256) : 0xedbc0000 0x00033000 "\SystemRoot\System32\Drivers\RDPWD.SYS "
.\debug.cpp(256) : 0xd85cc000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys "
.\debug.cpp(256) : 0xcca00000 0x00153000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110505.003\NAVEX15.SYS "
.\debug.cpp(256) : 0xd85e2000 0x00014000 "\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110505.003\NAVENG.SYS "
.\debug.cpp(256) : 0x77430000 0x00128000 "\Windows\System32\ntdll.dll "
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8A82BFDB-0000-0000-C870-000000000000 "
.\debug.cpp(400) : Destination "\Device\8A82BFDB-0000-0000-C870-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\085433BB-0000-0000-191D-200000000000 "
.\debug.cpp(400) : Destination "\Device\085433BB-0000-0000-191D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{63CBBFC5-E6B4-44D6-B52E-27D9F40767AF} "
.\debug.cpp(400) : Destination "\Device\NDMP6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice "
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --

Xd23bgt · 2011/05/05

Part 2 – debug continued
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000065 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_514D8086&REV_02#3&18d45aa6&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_514D8086&REV_02#3&18d45aa6&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f3962aec-7c86-11dc-96da-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000066 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000063 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HIT7D09#5&ba0c6d0&1&UID513#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7} "
.\debug.cpp(400) : Destination "\Device\00000097 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
.\debug.cpp(400) : Destination "\Device\Video1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&12f3616a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTEXFIFX.SYS "
.\debug.cpp(400) : Destination "\Device\CTEXFIFX.SYS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{76f5278f-403f-11dc-a00d-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\80E763BB-0000-0000-25FC-200000000000 "
.\debug.cpp(400) : Destination "\Device\80E763BB-0000-0000-25FC-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
.\debug.cpp(400) : Destination "\Device\Video2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent "
.\debug.cpp(400) : Destination "\Device\SymEvent "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_00F9#5&a55a344&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0005&SUBSYS_00211102&REV_00#4&2bf9a2b2&0&08F0#{dff220f3-f70f-11d0-b917-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283E&SUBSYS_514D8086&REV_02#3&18d45aa6&0&FB#{05599d11-9710-11d3-91d4-00a0c91403f1} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0201401D-0000-0000-58A1-000000000000 "
.\debug.cpp(400) : Destination "\Device\0201401D-0000-0000-58A1-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9} "
.\debug.cpp(400) : Destination "\Device\NDMP11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000064 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9589&SUBSYS_E410174B&REV_00#4&200cd205&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
.\debug.cpp(400) : Destination "\Device\Video3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&db94b65&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\0000008b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice "
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0005&SUBSYS_00211102&REV_00#4&2bf9a2b2&0&08F0#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_Promise&Prod_1X2_Mirror#RAID1&Rev_1.10#5&3ade1254&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Scsi\fttxr52P1Port6Path0Target0Lun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00F9&MI_01&Col02#7&5d13fd9&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000092 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62} "
.\debug.cpp(400) : Destination "\Device\NDMP7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement "
.\debug.cpp(400) : Destination "\Device\ProcessManagement "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
.\debug.cpp(400) : Destination "\Device\Video4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0 "
.\debug.cpp(400) : Destination "\Device\Tun0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SMBusP1 "
.\debug.cpp(400) : Destination "\Device\SMBus0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&ed01d6c&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde2Channel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\020277BB-0000-0000-7AEC-200000000000 "
.\debug.cpp(400) : Destination "\Device\020277BB-0000-0000-7AEC-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_105A&DEV_3577&SUBSYS_3577105A&REV_02#4&2bf9a2b2&0&10F0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1 "
.\debug.cpp(400) : Destination "\Device\ParallelVdm0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0E8F&PID_1022#5&29ce6bf6&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&12be5c53&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_514D8086&REV_02#3&18d45aa6&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_514D8086&REV_02#3&18d45aa6&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMDS "
.\debug.cpp(400) : Destination "\Device\SymDS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00F9&MI_00#7&29a87d9b&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000090 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\091DD7AB-0000-0000-2A10-000000000000 "
.\debug.cpp(400) : Destination "\Device\091DD7AB-0000-0000-2A10-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice "
.\debug.cpp(400) : Destination "\Device\SpDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#HIT7D09#5&ba0c6d0&1&UID513#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8} "
.\debug.cpp(400) : Destination "\Device\00000097 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_041E&PID_4052#5&29ce6bf6&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2862a9dd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1 "
.\debug.cpp(400) : Destination "\Device\Serial0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FDA5AAA6-FCB2-4FD4-81FB-2071DE658FAA} "
.\debug.cpp(400) : Destination "\Device\NDMP3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BASHDRVCHANNEL "
.\debug.cpp(400) : Destination "\Device\BBDrvDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth "
.\debug.cpp(400) : Destination "\Device\PEAuth "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_041E&PID_4052#5&29ce6bf6&0&1#{6bdd1fc6-810f-11d0-bec7-08002be2092f} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000072 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9589&SUBSYS_E410174B&REV_00#4&200cd205&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0A7F33BB-0000-0000-AF1D-200000000000 "
.\debug.cpp(400) : Destination "\Device\0A7F33BB-0000-0000-AF1D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0201E4BB-0000-0000-421D-200000000000 "
.\debug.cpp(400) : Destination "\Device\0201E4BB-0000-0000-421D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\026001BB-0000-0000-1A0D-200000000000 "
.\debug.cpp(400) : Destination "\Device\026001BB-0000-0000-1A0D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0A8761BB-0000-0000-D20D-200000000000 "
.\debug.cpp(400) : Destination "\Device\0A8761BB-0000-0000-D20D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Point32Filter "
.\debug.cpp(400) : Destination "\Device\Point32Filter "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_104B&SUBSYS_00018086&REV_02#3&18d45aa6&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0005&SUBSYS_00211102&REV_00#4&2bf9a2b2&0&08F0#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000070 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISMB0C01#0000#{54585497-96cf-4d16-a0c5-a54e8a81118e} "
.\debug.cpp(400) : Destination "\Device\00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SMBIOS "
.\debug.cpp(400) : Destination "\Device\SMBiosDevice0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Lbd "
.\debug.cpp(400) : Destination "\Device\Lbd "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15 "
.\debug.cpp(400) : Destination "\Device\NAVEX15 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched "
.\debug.cpp(400) : Destination "\Device\Psched "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0201A6BB-0000-0000-3220-000000000000 "
.\debug.cpp(400) : Destination "\Device\0201A6BB-0000-0000-3220-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7D0888B6-CF9F-46F2-A05E-6E4D049C32BB} "
.\debug.cpp(400) : Destination "\Device\NDMP4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6: "
.\debug.cpp(400) : Destination "\Device\Scsi\fttxr52P1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TCP "
.\debug.cpp(400) : Destination "\Device\Tcp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&13598519&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_104B&SUBSYS_00018086&REV_02#3&18d45aa6&0&C8#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{7D0888B6-CF9F-46F2-A05E-6E4D049C32BB} "
.\debug.cpp(400) : Destination "\Device\INTELPRO_{7D0888B6-CF9F-46F2-A05E-6E4D049C32BB} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0EBB18AB-0000-0000-3A10-000000000000 "
.\debug.cpp(400) : Destination "\Device\0EBB18AB-0000-0000-3A10-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#5&ed01d6c&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde2Channel1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bdb4f9aa-f9b0-11df-bd10-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00F9&MI_01&Col04#7&5d13fd9&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000094 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EMUPIA "
.\debug.cpp(400) : Destination "\Device\EMUPIA "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&db94b65&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000008b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_041E&PID_4052#5&29ce6bf6&0&1#{6994ad05-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10 "
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv "
.\debug.cpp(400) : Destination "\Device\EraserCtrlDrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SSIDRV "
.\debug.cpp(400) : Destination "\Device\SSIDRV "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\osaio "
.\debug.cpp(400) : Destination "\Device\osaio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000074 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1 "
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureA1827EC3Offset7E00Length5D26F15400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\020277BB-0000-0000-DA8D-200000000000 "
.\debug.cpp(400) : Destination "\Device\020277BB-0000-0000-DA8D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi7: "
.\debug.cpp(400) : Destination "\Device\RaidPort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#CNTX_VPCNETS2_MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000007 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
.\debug.cpp(400) : Destination "\Device\FsWrap "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e099f409-440f-11dc-8f38-0019d1eb01d8} "
.\debug.cpp(400) : Destination "\Device\Floppy0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_003C#6&10485f93&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000096 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMRDR "
.\debug.cpp(400) : Destination "\Device\SYMRDR "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbMmDp32 "
.\debug.cpp(400) : Destination "\Device\MbMmDp32 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000067 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\0000006e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{34ACAA83-E362-45EF-9190-DB1E02B4EDE1} "
.\debug.cpp(400) : Destination "\Device\NDMP2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000063 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000008 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5 "
.\debug.cpp(400) : Destination "\Device\USBFDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{76f5278e-403f-11dc-a00d-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG: "
.\debug.cpp(400) : Destination "\clfs "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CDB59485-1628-40C6-AE19-BEADF2A5306B} "
.\debug.cpp(400) : Destination "\Device\NDMP13 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG "
.\debug.cpp(400) : Destination "\Device\NAVENG "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000068 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\00000081 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_514D8086&REV_02#3&18d45aa6&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6 "
.\debug.cpp(400) : Destination "\Device\USBFDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS2 "
.\debug.cpp(400) : Destination "\Device\VPCNetS2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX "
.\debug.cpp(400) : Destination "\Device\SRTSPX "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\87C001BB-0000-0000-4BFC-200000000000 "
.\debug.cpp(400) : Destination "\Device\87C001BB-0000-0000-4BFC-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
.\debug.cpp(400) : Destination "\Device\Secdrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0005&SUBSYS_00211102&REV_00#4&2bf9a2b2&0&08F0#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\020277BB-0000-0000-C8ED-200000000000 "
.\debug.cpp(400) : Destination "\Device\020277BB-0000-0000-C8ED-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&db94b65&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000008b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&29dfa02c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&6597e82&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0CC5AFDB-0000-0000-6C70-000000000000 "
.\debug.cpp(400) : Destination "\Device\0CC5AFDB-0000-0000-6C70-000000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HA20X2K "
.\debug.cpp(400) : Destination "\Device\HA20X2K "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000066 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318} "
.\debug.cpp(400) : Destination "\Device\00000081 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14 "
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8F9658BB-0000-0000-183D-200000000000 "
.\debug.cpp(400) : Destination "\Device\8F9658BB-0000-0000-183D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8576E1BB-0000-0000-803D-200000000000 "
.\debug.cpp(400) : Destination "\Device\8576E1BB-0000-0000-803D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{56D25F5F-B307-4736-9423-E0EDB2EEEA25} "
.\debug.cpp(400) : Destination "\Device\NDMP1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00F9&MI_01&Col02#7&5d13fd9&0&0001#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000092 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000071 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000068 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#CNTX_VPCNETS2_MP#0001#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000007 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000062 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00F9&MI_00#7&29a87d9b&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000090 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1eb03cf0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000064 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi "
.\debug.cpp(400) : Destination "\Device\Nsi "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2b618780&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\FloppyPDO0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTPROXY "
.\debug.cpp(400) : Destination "\Device\CTPROXY "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
.\debug.cpp(400) : Destination "\Device\WANARP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{541EFF09-BA28-42D1-A0BB-9342062D7CAE} "
.\debug.cpp(400) : Destination "\Device\NDMP14 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_29A4&SUBSYS_514D8086&REV_02#3&18d45aa6&0&18#{e2d1ff34-3458-49a9-88da-8e6915ce9be5} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl "
.\debug.cpp(400) : Destination "\Device\PartmgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature10CB3D50Offset100000Length1D4C000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00F9&MI_01&Col01#7&5d13fd9&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000091 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F} "
.\debug.cpp(400) : Destination "\Device\NDMP12 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice "
.\debug.cpp(400) : Destination "\Device\NXTIPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_041E&PID_4052#5&29ce6bf6&0&1#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000062 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A: "
.\debug.cpp(400) : Destination "\Device\Floppy0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev "
.\debug.cpp(400) : Destination "\Device\WFP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&215c35a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
.\debug.cpp(400) : Destination "\Device\NDMP9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1018f6cf&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1018f6cf&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8E5317BB-0000-0000-A62D-200000000000 "
.\debug.cpp(400) : Destination "\Device\8E5317BB-0000-0000-A62D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7170A_________________1.M1____#6&1422f850&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP4T0L0-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6 "
.\debug.cpp(400) : Destination "\Device\WANARPV6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC "
.\debug.cpp(400) : Destination "\Device\ASYNCMAC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&326633af&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1} "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_514D8086&REV_02#3&18d45aa6&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\lirsgt "
.\debug.cpp(400) : Destination "\Device\lirsgt "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\00000098 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_003C#5&a55a344&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MshHidNuidFilter "
.\debug.cpp(400) : Destination "\Device\MshHidNuidFilter "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTHWIUT.SYS "
.\debug.cpp(400) : Destination "\Device\CTHWIUT.SYS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0 "
.\debug.cpp(400) : Destination "\Device\1394BUS0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYMEFA "
.\debug.cpp(400) : Destination "\Device\SYMEFA "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIron "
.\debug.cpp(400) : Destination "\Device\SymIron "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000067 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010 "
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&6597e82&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
.\debug.cpp(400) : Destination "\Device\NdisWan "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
.\debug.cpp(400) : Destination "\Device\AscKmd "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymTDI "
.\debug.cpp(400) : Destination "\Device\SymTDI "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PWIPF6 "
.\debug.cpp(400) : Destination "\Device\pwipf6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1 "
.\debug.cpp(400) : Destination "\Device\NamedPipe\Spooler\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH "
.\debug.cpp(400) : Destination "\Device\NDMP8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VPCNetS2_{7D0888B6-CF9F-46F2-A05E-6E4D049C32BB} "
.\debug.cpp(400) : Destination "\Device\VPCNetS2_{7D0888B6-CF9F-46F2-A05E-6E4D049C32BB} "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice "
.\debug.cpp(400) : Destination "\Device\MPS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VMM "
.\debug.cpp(400) : Destination "\Device\VMM "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&db94b65&0&0001#{dba43692-ad00-48aa-b1a7-ffa99a04ee17} "
.\debug.cpp(400) : Destination "\Device\0000008b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&36e283d0&0#{97f76ef0-f883-11d0-af1f-0000f800845c} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8023&SUBSYS_514D8086&REV_00#4&2bf9a2b2&0&18F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&2b618780&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\FloppyPDO0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00F9&MI_01&Col03#7&5d13fd9&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000093 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0005&SUBSYS_00211102&REV_00#4&2bf9a2b2&0&08F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_514D8086&REV_02#3&18d45aa6&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature10CB3D50Offset1D4C100000Length3FD7000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD4000KD-00NAB0_____________________01.06A01#5&1998dc5b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymIDSCo "
.\debug.cpp(400) : Destination "\Device\SymIDSCo "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0E8F&PID_1022#6&7929958&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\00000095 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SND_USER_DEVICE "
.\debug.cpp(400) : Destination "\Device\SND_USER_DEVICE "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP "
.\debug.cpp(400) : Destination "\Device\SRTSP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6 "
.\debug.cpp(400) : Destination "\Device\NDMP10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7170A_________________1.M1____#6&1422f850&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP4T0L0-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\020328EB-0000-0000-408D-200000000000 "
.\debug.cpp(400) : Destination "\Device\020328EB-0000-0000-408D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\0428D8AB-0000-0000-5BDC-200000000000 "
.\debug.cpp(400) : Destination "\Device\0428D8AB-0000-0000-5BDC-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv "
.\debug.cpp(400) : Destination "\Device\SstpDrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\atksgt "
.\debug.cpp(400) : Destination "\Device\atksgt "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio "
.\debug.cpp(400) : Destination "\Device\Ndisuio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&db94b65&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000008b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1 "
.\debug.cpp(400) : Destination "\Device\Parallel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle "
.\debug.cpp(400) : Destination "\Device\WfpAle "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000069 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CT20XUT.SYS "
.\debug.cpp(400) : Destination "\Device\CT20XUT.SYS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTAC32K "
.\debug.cpp(400) : Destination "\Device\CTAC32K "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\8C8CB4BB-0000-0000-804D-200000000000 "
.\debug.cpp(400) : Destination "\Device\8C8CB4BB-0000-0000-804D-200000000000 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000065 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv "
.\debug.cpp(400) : Destination "\Device\EraserUtilDrv11010 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000#5&db94b65&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f} "
.\debug.cpp(400) : Destination "\Device\0000008b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTSFM2K "
.\debug.cpp(400) : Destination "\Device\CTSFM2K "
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00100000
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 372 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;

broni · 2011/05/05

All looks clean, so far....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Xd23bgt · 2011/05/05

Post 1 of 3

OTL output:
OTL logfile created on: 5/5/2011 9:18:35 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\GOLIATH\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 4.63 Gb Free Space | 3.95% Space Free | Partition Type: NTFS
Drive D: | 255.36 Gb Total Space | 14.91 Gb Free Space | 5.84% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 139.32 Gb Free Space | 37.39% Space Free | Partition Type: NTFS

Computer Name: SPORKO4 | User Name: GOLIATH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 21:15:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GOLIATH\Desktop\OTL.exe
PRC - [2011/05/04 10:01:34 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2011/04/20 09:33:48 | 006,515,800 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2011/03/22 10:14:10 | 000,165,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2011/01/26 18:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/26 18:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/24 17:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- C:\APPLICAT\GetRight\GetRight.exe
PRC - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/06/04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/22 18:18:54 | 001,649,152 | ---- | M] (Intel(R) Corporation) -- C:\HARDWARE\INTEL\IDU\iptray.exe
PRC - [2009/01/22 18:18:52 | 000,124,928 | ---- | M] (Intel(R) Corporation) -- C:\HARDWARE\INTEL\IDU\iduServ.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/01 21:43:08 | 000,708,608 | ---- | M] (Shaun Ivory) -- C:\GRAPHICS\PANORAMA\Panorama.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\HARDWARE\Creative\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/02/20 15:58:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
PRC - [2008/01/19 03:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2008/01/13 19:27:34 | 000,081,952 | ---- | M] () -- C:\APPLICAT\DrvGleam\DriveGLEAM105.exe
PRC - [2007/03/12 07:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 07:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/14 18:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\HARDWARE\PROMISE\WebPAM\_jvm\bin\java.exe
PRC - [2005/10/05 18:19:00 | 000,131,072 | ---- | M] () -- C:\HARDWARE\SYBA\3132-W-R\SATARaid5ConfigService.exe
PRC - [2003/09/29 08:30:08 | 000,110,592 | ---- | M] () -- C:\HARDWARE\PROMISE\WebPAM\jetty\extra\win32\Wrapper.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\HARDWARE\Creative\DVDAudio\CTDVDDET.exe
PRC - [1998/10/02 00:13:04 | 000,069,632 | ---- | M] (Spicey Programs) -- C:\UTILITY\sc.exe
PRC - [1996/05/17 08:20:58 | 000,198,656 | ---- | M] () -- C:\APPLICAT\TRAYICON\TRAYICON.EXE

========== Modules (SafeList) ==========

MOD - [2011/05/05 21:15:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GOLIATH\Desktop\OTL.exe
MOD - [2011/04/19 01:49:30 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/04/19 01:49:30 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\asoehook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (PromiseWebPAM)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- -- (AWService)
SRV - [2011/05/04 10:01:34 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2011/02/28 19:49:20 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/26 18:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/10/07 11:23:18 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\APPLICAT\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/05/07 22:34:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/22 18:18:52 | 000,124,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\HARDWARE\INTEL\IDU\iduServ.exe -- (IduService) Intel(R)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\DIAGS\Sandra\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/15 22:48:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/10/05 18:19:00 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\HARDWARE\SYBA\3132-W-R\SATARaid5ConfigService.exe -- (SATARaid5 Config Service)

========== Driver Services (SafeList) ==========

DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 09:35:05 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110505.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 09:35:05 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110505.022\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/22 10:14:22 | 000,176,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/03/22 10:14:22 | 000,029,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2011/03/22 10:14:22 | 000,023,176 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110504.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/01/26 19:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/01/26 19:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 18:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 08:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/09/06 19:41:52 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/06 19:21:51 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/06 05:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/26 02:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2010/03/24 01:47:26 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/14 18:46:05 | 000,015,352 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\osaio.sys -- (osaio)
DRV - [2010/01/20 23:47:54 | 000,836,384 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/08/29 20:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/25 16:25:22 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/07/03 10:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/01/22 18:18:44 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/01/15 10:15:26 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) USBCCGP filter driver (dc3d)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\DIAGS\Sandra\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/10/29 22:56:04 | 000,217,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3132r5.sys -- (Si3132r5)
DRV - [2008/10/29 22:56:04 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/10/29 22:56:04 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008/02/25 04:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2008/02/25 04:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2008/02/25 04:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2008/02/25 04:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2008/02/25 04:41:06 | 000,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2008/02/25 04:41:02 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2008/02/25 04:40:56 | 000,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2008/02/25 04:40:52 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2008/02/05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008/01/12 16:20:12 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/01/12 16:20:12 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/07/18 05:32:14 | 000,154,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2007/05/31 10:32:34 | 000,099,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420)
DRV - [2007/03/12 03:59:00 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WMP54GSx86.sys -- (BCM43XX)
DRV - [2007/02/15 20:42:34 | 000,155,032 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\fttxr52p.sys -- (fttxr52P)
DRV - [2006/12/28 06:57:00 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2006/11/07 17:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2003/11/03 11:39:10 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-770899019-1359692399-3537158434-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-770899019-1359692399-3537158434-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-770899019-1359692399-3537158434-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-type: "${8} "
FF - prefs.js..extensions.enabledItems: cards@clav.mozdev.org:0.98
FF - prefs.js..extensions.enabledItems: ErrorZillaMod@jaybaldwin:0.41
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: goup@clav.mozdev.org:1.0
FF - prefs.js..extensions.enabledItems: hashcolouredtabs@bristol.ac.uk:0.4.23
FF - prefs.js..extensions.enabledItems: launchy@gemal.dk:4.4.0
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {2485990f-d3b0-4e57-bd0f-5abdffa70773}:1.4.8
FF - prefs.js..extensions.enabledItems: {31822e53-540b-415c-94cd-d8ff2b143a8e}:0.3.4
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {3474c305-9dad-11d8-9207-00055d74c2e4}:0.4.2
FF - prefs.js..extensions.enabledItems: {349ce370-12e8-11d9-9669-0800200c9a66}:0.3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {3acc3b91-1e3c-4d0d-aefe-f82dead71816}:1.2.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {5A32C460-12D9-11D9-9669-0800200C9A66}:0.2.4
FF - prefs.js..extensions.enabledItems: {5B700FEA-FF2A-4746-BB2D-9D26A8EB056D}:1.6.4
FF - prefs.js..extensions.enabledItems: {5ed572bf-9878-43b3-be69-feb67cb4080e}:0.9.5.0
FF - prefs.js..extensions.enabledItems: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8}:0.2.2
FF - prefs.js..extensions.enabledItems: {61FD08D8-A2CB-46c0-B36D-3F531AC53C12}:2.0.2011040501
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.02
FF - prefs.js..extensions.enabledItems: {68E5DD30-A659-4987-99F9-EAF21F9D4140}:3.0t3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:1.0.0
FF - prefs.js..extensions.enabledItems: {8B41860E-5D30-4e96-BB09-CE22F491A481}:0.6.8.4
FF - prefs.js..extensions.enabledItems: {8e117890-a33f-424b-a2ea-deb272731365}:0.2.0.20060116
FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1
FF - prefs.js..extensions.enabledItems: {909409b9-2e3b-4682-a5d1-71ca80a76456}:0.2.1.031
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: {99ec6690-8bb1-11da-a72b-0800200c9a66}:0.3
FF - prefs.js..extensions.enabledItems: {9b84cce7-a817-45d7-865e-9e6e8da1c388}:1.0.6
FF - prefs.js..extensions.enabledItems: {AA052FD6-366A-4771-A591-0D8DC551585D}:1.1.21
FF - prefs.js..extensions.enabledItems: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}:2.0.1.1
FF - prefs.js..extensions.enabledItems: {af5b81c7-2587-4206-8b57-41e384facaba}:1.9
FF - prefs.js..extensions.enabledItems: {c4d362ec-1cff-4ca0-9031-99a8fad7995a}:1.14.2011050202
FF - prefs.js..extensions.enabledItems: {cd2b821e-19f9-40a7-ac5c-08d6c197fc43}:0.8.6
FF - prefs.js..extensions.enabledItems: {CE49E315-575E-44df-8E4B-A8CD28A48B9D}:0.4.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {d176c86a-1eac-2cce-1757-bc0dbc6c526c}:0.993
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82
FF - prefs.js..extensions.enabledItems: {D580BE35-9342-4622-A635-08F640066C97}:1.4.2
FF - prefs.js..extensions.enabledItems: {e22068c8-faf8-4620-b0d6-e2811a82e84b}:3.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {e3a1bec3-1cc1-4d20-875b-a10587471a5e}:0.8.2
FF - prefs.js..extensions.enabledItems: {ea702e71-fcda-4c39-93bb-fea2b543b58c}:0.7.0.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: {f65bf62a-5ffc-4317-9612-38907a779583}:1.3.0
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}:0.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: apollo@www.spuler.us:3.5
FF - prefs.js..extensions.enabledItems: icandyjr@www.spuler.us:3.5
FF - prefs.js..extensions.enabledItems: neptune@www.spuler.us:3.5
FF - prefs.js..extensions.enabledItems: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}:3.6
FF - prefs.js..extensions.enabledItems: {26bf010a-c934-4f38-868d-e8419d9e82ff}:2.0.0.8
FF - prefs.js..extensions.enabledItems: {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}:1.8.72
FF - prefs.js..extensions.enabledItems: {86b1f2a0-1790-11db-ac5d-0800200c9a66}:2.4.4
FF - prefs.js..extensions.enabledItems: {88060a48-addf-4060-87db-c9aec3e5615a}:1.5.915
FF - prefs.js..extensions.enabledItems: {9dd2ef0a-f6f2-4f54-ad61-611181226d56}:2.0.0.6
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {ded0fc70-7215-4802-afeb-b2982d3e7225}:3.6
FF - prefs.js..extensions.enabledItems: {E800A8D5-6B36-4854-9F21-443F8CBFF835}:2.0.3
FF - prefs.js..extensions.enabledItems: {FD40BF8D-5859-4f95-866A-F59FF99ECF59}:2.6
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/12 16:28:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/09/06 19:57:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/09/06 19:31:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\APPLICAT\Firefox\components [2011/05/04 10:27:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\APPLICAT\Firefox\plugins [2011/05/04 10:27:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.14\extensions\\Components: C:\APPLICAT\SeaMonkey\components [2011/04/29 11:01:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.14\extensions\\Plugins: C:\APPLICAT\SeaMonkey\plugins [2011/04/29 11:01:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender2008\tbextension

[2010/01/09 13:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Extensions
[2010/01/09 13:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2007/08/12 05:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\1o01ngee.default\extensions
[2011/05/04 10:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions
[2009/07/25 15:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2011/05/04 10:21:50 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/09/14 20:07:00 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2010/02/14 00:34:26 | 000,000,000 | ---D | M] (Aeon Colors) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}
[2010/07/17 13:22:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/15 21:46:40 | 000,000,000 | ---D | M] (mozImage) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{2485990f-d3b0-4e57-bd0f-5abdffa70773}
[2007/10/20 09:11:04 | 000,000,000 | ---D | M] ( "Doodle Plastik ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{26bf010a-c934-4f38-868d-e8419d9e82ff}
[2007/08/14 13:22:18 | 000,000,000 | ---D | M] (Popup Count) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{31822e53-540b-415c-94cd-d8ff2b143a8e}
[2007/08/14 12:29:03 | 000,000,000 | ---D | M] ( "Adblock ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2007/08/14 12:30:54 | 000,000,000 | ---D | M] (Bookmark Backup) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}
[2007/08/14 13:21:24 | 000,000,000 | ---D | M] ( "Print It! ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{349ce370-12e8-11d9-9669-0800200c9a66}
[2011/05/04 10:21:50 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2007/08/14 12:39:17 | 000,000,000 | ---D | M] ( "Extended Link Properties ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{3acc3b91-1e3c-4d0d-aefe-f82dead71816}
[2010/11/04 19:52:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/14 00:40:19 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2007/08/14 12:48:48 | 000,000,000 | ---D | M] ( "Gcache ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{5A32C460-12D9-11D9-9669-0800200C9A66}
[2009/07/25 15:32:09 | 000,000,000 | ---D | M] (Fetch Text URL) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{5B700FEA-FF2A-4746-BB2D-9D26A8EB056D}
[2007/10/20 09:11:11 | 000,000,000 | ---D | M] ( "View formatted source ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{5ed572bf-9878-43b3-be69-feb67cb4080e}
[2007/10/20 09:11:11 | 000,000,000 | ---D | M] ( "Stop-or-Reload Button ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
[2011/05/04 10:21:50 | 000,000,000 | ---D | M] ( "Popup ALT Attribute ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}
[2008/09/15 22:07:21 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2010/11/04 19:52:25 | 000,000,000 | ---D | M] (View Source Chart) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2011/05/04 10:21:49 | 000,000,000 | ---D | M] (LastTab) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{68E5DD30-A659-4987-99F9-EAF21F9D4140}
[2011/05/04 10:24:42 | 000,000,000 | ---D | M] ( "Nautipolis for Firefox ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}
[2011/05/04 10:24:50 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/25 15:21:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/05/04 10:21:46 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2007/10/20 09:11:06 | 000,000,000 | ---D | M] ( ""glowyblue" ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{86b1f2a0-1790-11db-ac5d-0800200c9a66}
[2007/10/20 09:11:09 | 000,000,000 | ---D | M] ( "Phoenity ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{88060a48-addf-4060-87db-c9aec3e5615a}
[2007/10/20 09:11:03 | 000,000,000 | ---D | M] ( "Bookmarks LinkChecker ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{8B41860E-5D30-4e96-BB09-CE22F491A481}
[2007/08/14 13:07:48 | 000,000,000 | ---D | M] ( "Mozilla Calendar ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{8e117890-a33f-424b-a2ea-deb272731365}
[2010/07/17 13:23:00 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2007/08/14 13:25:44 | 000,000,000 | ---D | M] ( "SessionSaver .2 ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2010/02/14 00:40:35 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010/02/14 00:40:38 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2007/10/20 09:11:11 | 000,000,000 | ---D | M] ( "Unread Tabs ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{99ec6690-8bb1-11da-a72b-0800200c9a66}
[2008/09/15 21:40:08 | 000,000,000 | ---D | M] (Neo Diggler) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{9b84cce7-a817-45d7-865e-9e6e8da1c388}
[2007/10/20 09:11:04 | 000,000,000 | ---D | M] ( "Doodle Classic ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{9dd2ef0a-f6f2-4f54-ad61-611181226d56}
[2010/04/03 21:09:31 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011/05/04 10:21:31 | 000,000,000 | ---D | M] (Calculator) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}
[2008/09/15 21:40:08 | 000,000,000 | ---D | M] ( "OpenBook ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2010/02/14 00:40:39 | 000,000,000 | ---D | M] (Bork Bork Bork!) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{af5b81c7-2587-4206-8b57-41e384facaba}
[2011/05/04 10:24:51 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
[2007/10/20 09:11:06 | 000,000,000 | ---D | M] ( "FLST ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{cd2b821e-19f9-40a7-ac5c-08d6c197fc43}
[2007/08/14 13:24:32 | 000,000,000 | ---D | M] ( "Show Image ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{CE49E315-575E-44df-8E4B-A8CD28A48B9D}
[2011/05/04 10:21:30 | 000,000,000 | ---D | M] ( "CoolPreviews ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2008/09/15 21:40:08 | 000,000,000 | ---D | M] (XE.com Universal Currency Converter ®) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{d176c86a-1eac-2cce-1757-bc0dbc6c526c}
[2011/05/04 10:21:28 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2007/10/20 09:11:06 | 000,000,000 | ---D | M] ( "MAB ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{D580BE35-9342-4622-A635-08F640066C97}
[2010/02/14 00:33:47 | 000,000,000 | ---D | M] (Aeon) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
[2008/09/15 21:40:07 | 000,000,000 | ---D | M] (NeedleSearch) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{e22068c8-faf8-4620-b0d6-e2811a82e84b}
[2009/09/14 19:24:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2007/10/20 09:11:09 | 000,000,000 | ---D | M] ( "Preferential ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
[2007/08/14 03:37:18 | 000,000,000 | ---D | M] (Modern Pinball) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2007/08/14 13:24:58 | 000,000,000 | ---D | M] (Sort Bookmarks) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{ea702e71-fcda-4c39-93bb-fea2b543b58c}
[2011/05/04 10:21:14 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2011/05/04 10:24:51 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/02/14 00:41:16 | 000,000,000 | ---D | M] ( "infoRSS ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{f65bf62a-5ffc-4317-9612-38907a779583}
[2011/05/04 10:21:08 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2008/11/09 14:58:55 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2008/03/28 15:28:23 | 000,000,000 | ---D | M] (FormalGnome) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{FD40BF8D-5859-4f95-866A-F59FF99ECF59}
[2007/08/14 13:27:58 | 000,000,000 | ---D | M] ( "Wayback ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}
[2010/02/14 00:34:06 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2009/07/25 15:54:40 | 000,000,000 | ---D | M] (Apollo) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\apollo@www.spuler.us
[2007/10/20 09:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\cards@clav.mozdev.org
[2011/05/04 10:22:14 | 000,000,000 | ---D | M] (ErrorZilla Mod) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\ErrorZillaMod@jaybaldwin
[2011/05/04 10:22:09 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\firebug@software.joehewitt.com
[2007/10/20 09:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\goup@clav.mozdev.org
[2010/04/03 21:09:10 | 000,000,000 | ---D | M] (HashColouredTabs+) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\hashcolouredtabs@bristol.ac.uk
[2009/07/25 15:11:24 | 000,000,000 | ---D | M] (iCandy Junior) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\icandyjr@www.spuler.us
[2010/02/14 00:40:18 | 000,000,000 | ---D | M] (Launchy) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\launchy@gemal.dk
[2009/07/25 15:11:51 | 000,000,000 | ---D | M] (Neptune) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\neptune@www.spuler.us
[2010/04/03 21:09:37 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\noia2_option@kk.noia
[2009/02/11 21:54:52 | 000,000,000 | ---D | M] ( "Broadband Speed Test and Diagnostics ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\speedtest@gotomyhelp.com
[2009/07/25 15:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\apollo@www.spuler.us\chrome\browser\extensions
[2009/07/25 15:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\apollo@www.spuler.us\chrome\browser\extensions\icons
[2009/07/25 15:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\apollo@www.spuler.us\chrome\mozapps\extensions
[2009/07/25 15:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\icandyjr@www.spuler.us\chrome\browser\extensions
[2009/07/25 15:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\icandyjr@www.spuler.us\chrome\browser\extensions\icons
[2009/07/25 15:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\icandyjr@www.spuler.us\chrome\mozapps\extensions
[2009/07/25 15:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\neptune@www.spuler.us\chrome\browser\extensions
[2009/07/25 15:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\neptune@www.spuler.us\chrome\browser\extensions\icons
[2009/07/25 15:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\neptune@www.spuler.us\chrome\mozapps\extensions
[2011/05/04 10:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions
[2010/07/01 22:37:38 | 000,000,000 | ---D | M] (googlebar) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/01/09 13:21:22 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010/01/09 13:26:52 | 000,000,000 | ---D | M] (Preferential) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
[2011/04/16 18:34:14 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010/01/09 13:22:35 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011/05/04 10:18:59 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\coralietab@mozdev.org
[2010/01/09 13:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\SeaMonkey\Profiles\m9fdspen.default\extensions
[2010/10/07 10:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\APPLICAT\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/27 15:42:04 | 000,000,000 | ---D | M] (Java Console) -- C:\APPLICAT\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/04/12 16:28:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2010/09/06 19:31:44 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
[2010/09/06 19:57:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN

Hosts file not found
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\APPLICAT\IE7Pro\IEPro.dll (IE7Pro.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\APPLICAT\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLICAT\SpybotSD\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-770899019-1359692399-3537158434-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\HARDWARE\Creative\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTXFIREG] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ipTray.exe] C:\HARDWARE\INTEL\IDU\ipTray.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\HARDWARE\Creative\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-770899019-1359692399-3537158434-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-770899019-1359692399-3537158434-1000..\Run: [DriveGLEAM] C:\APPLICAT\DrvGleam\DriveGLEAM105.exe ()
O8 - Extra context menu item: Download with GetRight - C:\APPLICAT\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\APPLICAT\GetRight\GRBrowse.htm ()
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\APPLICAT\IE7Pro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\APPLICAT\IE7Pro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\APPLICAT\MSOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\APPLICAT\MSOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\APPLICAT\MSOffice\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLICAT\SpybotSD\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1303237921162 (MUCatalogWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

Xd23bgt · 2011/05/05

Post 2 of 3 (OTL continued)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\APPLICAT\QuickBooks2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\GOLIATH\Documents\Melissa\cf8768ea-be8d-4132-b14a-67b9c2e9cda7.jpg
O24 - Desktop BackupWallPaper: C:\Users\GOLIATH\Documents\Melissa\cf8768ea-be8d-4132-b14a-67b9c2e9cda7.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c2c5621f-9a51-11de-9576-0019d1eb01d8}\Shell - " " = AutoRun
O33 - MountPoints2\{c2c5621f-9a51-11de-9576-0019d1eb01d8}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -a
O33 - MountPoints2\{e60156d7-73d7-11dc-bc11-0019d1eb01d8}\Shell - " " = AutoRun
O33 - MountPoints2\{e60156d7-73d7-11dc-bc11-0019d1eb01d8}\Shell\AutoRun\command - " " = G:\LaunchU3.exe
O33 - MountPoints2\G\Shell - " " = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - " " = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-770899019-1359692399-3537158434-1000\...com [@ = comfile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - msh263.drv File not found
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 21:16:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\GOLIATH\Desktop\OTL.exe
[2011/05/05 00:41:07 | 000,000,000 | --SD | C] -- C:\jacksprat
[2011/05/05 00:40:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/05 00:12:37 | 000,000,000 | --SD | C] -- C:\maxsmyth
[2011/05/04 22:31:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/04 22:31:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/04 22:31:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/04 22:31:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/04 22:29:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/04 13:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programming
[2011/05/03 22:50:08 | 000,000,000 | ---D | C] -- C:\Users\GOLIATH\AppData\Roaming\Malwarebytes
[2011/05/03 22:49:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/03 22:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/03 22:49:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/28 22:34:34 | 000,000,000 | -HSD | C] -- C:\Users\GOLIATH\Documents\%APPDATA%
[2011/04/28 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\GOLIATH\AppData\Local\CutePDF Writer
[2011/04/28 22:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011/04/28 22:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/04/27 15:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/20 14:28:47 | 000,000,000 | ---D | C] -- C:\TMP2
[2011/04/20 12:02:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CoffeeCup Software
[2011/04/20 12:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CoffeeCup Software
[2011/04/18 23:36:43 | 001,563,024 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2011/04/18 23:36:43 | 000,000,000 | ---D | C] -- C:\Users\GOLIATH\AppData\Roaming\Webroot
[2011/04/18 23:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/04/18 23:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 21:15:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GOLIATH\Desktop\OTL.exe
[2011/05/05 19:38:43 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 19:38:43 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 11:00:04 | 000,001,684 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L2F338C82EDAD44F4941FC0E2065D7828.job
[2011/05/05 09:46:26 | 000,607,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/05 09:46:26 | 000,106,018 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/05 09:38:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 09:38:34 | 3485,220,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 01:35:50 | 000,054,928 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000007-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/05/05 01:35:50 | 000,054,928 | ---- | M] () -- C:\Windows\System32\BMXState-{00000007-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/05/05 01:35:50 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000007-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/05/04 10:00:39 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2011/05/03 22:40:12 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - GOLIATH - Full System Scan.job
[2011/04/20 14:00:31 | 000,157,696 | ---- | M] () -- C:\Users\GOLIATH\AppData\Roaming\SharedSettings.ccs
[2011/04/20 09:34:48 | 001,563,024 | ---- | M] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2011/04/19 02:05:00 | 000,423,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/18 23:46:31 | 000,317,191 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.bak
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 00:32:15 | 3485,220,864 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/04 22:31:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/04 22:31:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/04 22:31:14 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/04 22:31:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/04 22:31:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/28 22:31:56 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/04/18 23:46:25 | 000,001,684 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L2F338C82EDAD44F4941FC0E2065D7828.job
[2011/03/22 10:14:16 | 000,031,104 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2011/03/22 10:14:10 | 000,016,256 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2011/01/04 17:40:08 | 000,001,940 | ---- | C] () -- C:\Users\GOLIATH\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/20 22:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/17 12:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/30 14:56:29 | 000,000,089 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/07/11 20:27:17 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/05/13 21:26:44 | 000,157,696 | ---- | C] () -- C:\Users\GOLIATH\AppData\Roaming\SharedSettings.ccs
[2010/05/13 21:23:56 | 000,000,192 | ---- | C] () -- C:\Windows\System32\xpysys.dll
[2010/01/09 14:29:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/09 14:29:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/12/11 15:49:46 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/11/29 19:19:28 | 000,000,025 | ---- | C] () -- C:\Windows\OUTSTACKER.INI
[2009/08/19 18:34:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/25 22:11:39 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/04 00:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/04/11 15:12:42 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/02/17 22:09:04 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/02/17 20:08:38 | 008,507,392 | ---- | C] () -- C:\ProgramData\sandra.mda
[2008/12/28 21:24:49 | 000,516,505 | ---- | C] () -- C:\Windows\C.O.R.E. Uninstaller.exe
[2008/10/10 23:20:44 | 000,000,107 | ---- | C] () -- C:\Windows\System32\apsett.ini
[2008/09/30 20:38:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/16 19:41:56 | 001,746,360 | ---- | C] () -- C:\Windows\System32\CTAA1.DAT
[2008/07/14 19:30:55 | 000,022,328 | ---- | C] () -- C:\Users\GOLIATH\AppData\Roaming\PnkBstrK.sys
[2008/07/14 19:30:39 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008/07/11 15:40:54 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2008/07/11 15:40:54 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2008/04/10 09:07:33 | 000,691,545 | ---- | C] () -- C:\Windows\unins000.exe
[2008/04/10 09:07:33 | 000,002,541 | ---- | C] () -- C:\Windows\unins000.dat
[2008/02/20 16:00:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2008/02/20 15:58:46 | 000,037,888 | ---- | C] () -- C:\Windows\System32\PSCONV.EXE
[2008/02/20 15:46:20 | 000,149,838 | ---- | C] () -- C:\Windows\System32\CTBAS2W.DAT
[2008/02/20 15:44:34 | 000,274,587 | ---- | C] () -- C:\Windows\System32\CTSBAS2W.DAT
[2008/02/20 15:44:26 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2008/02/20 15:44:26 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2008/02/20 15:44:10 | 000,313,207 | ---- | C] () -- C:\Windows\System32\CTSTATIC.DAT
[2008/02/20 15:44:10 | 000,053,932 | ---- | C] () -- C:\Windows\System32\CTDAUGHT.DAT
[2008/01/12 16:13:21 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/01/12 16:13:13 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007/12/09 10:29:48 | 000,000,119 | ---- | C] () -- C:\Windows\civ.ini
[2007/12/08 07:12:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007/12/08 07:12:18 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2007/12/08 07:12:11 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2007/10/14 08:11:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2007/10/02 07:16:32 | 000,061,678 | ---- | C] () -- C:\Users\GOLIATH\AppData\Roaming\PFP110JPR.{PB
[2007/10/02 07:16:32 | 000,012,358 | ---- | C] () -- C:\Users\GOLIATH\AppData\Roaming\PFP110JCM.{PB
[2007/09/30 13:14:50 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2007/09/27 10:24:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/09/27 10:24:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/09/27 10:24:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/09/26 19:44:12 | 000,000,501 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/09/24 14:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\EAREMOVE.INI
[2007/09/24 11:31:05 | 000,000,000 | ---- | C] () -- C:\Windows\ins.INI
[2007/09/23 14:50:23 | 000,000,785 | ---- | C] () -- C:\Windows\DR2.ini
[2007/09/15 04:51:11 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2007/09/11 18:03:04 | 000,047,109 | ---- | C] () -- C:\Windows\War3Unin.dat
[2007/09/11 17:42:52 | 000,029,384 | ---- | C] () -- C:\Windows\scunin.dat
[2007/09/11 06:40:58 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/09/11 03:49:39 | 000,000,095 | ---- | C] () -- C:\Users\GOLIATH\AppData\Local\fusioncache.dat
[2007/09/10 12:58:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/09/10 11:25:29 | 000,158,720 | ---- | C] () -- C:\Windows\RefUinst.exe
[2007/09/10 05:49:39 | 000,000,767 | ---- | C] () -- C:\Windows\BZII.INI
[2007/09/10 04:29:49 | 000,000,489 | ---- | C] () -- C:\Windows\Disney.ini
[2007/09/10 04:29:42 | 000,000,305 | ---- | C] () -- C:\Windows\EReg515.dat
[2007/09/09 18:22:54 | 000,000,676 | ---- | C] () -- C:\Windows\EReg072.dat
[2007/09/02 09:19:22 | 000,000,799 | ---- | C] () -- C:\Windows\CoDUO.INI
[2007/09/02 09:10:34 | 000,000,754 | ---- | C] () -- C:\Windows\CoD.INI
[2007/08/22 14:20:16 | 000,002,333 | ---- | C] () -- C:\Windows\eReg.dat
[2007/08/18 05:35:40 | 000,049,152 | ---- | C] () -- C:\Windows\Iniexpander.exe
[2007/08/18 05:30:21 | 000,000,228 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/08/13 15:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2007/08/13 08:40:40 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/13 08:40:21 | 000,118,784 | ---- | C] () -- C:\Windows\GREUninstall.exe
[2007/08/13 08:40:18 | 000,005,395 | ---- | C] () -- C:\Windows\mozver.dat
[2007/08/10 03:17:50 | 000,000,219 | ---- | C] () -- C:\Windows\RomeTW.ini
[2007/08/07 08:38:29 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2007/08/07 08:29:35 | 000,023,552 | ---- | C] () -- C:\Users\GOLIATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/07 07:38:15 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/08/07 06:42:38 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2007/08/07 06:42:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2007/08/07 06:38:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/08/01 11:07:52 | 000,001,356 | ---- | C] () -- C:\Users\GOLIATH\AppData\Local\d3d9caps.dat
[2007/07/25 22:53:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/07/25 22:49:28 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/03/22 21:33:00 | 000,516,096 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,423,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,020 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,018 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/07/20 12:31:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\_inmm.dll
[2003/02/07 14:31:48 | 000,000,260 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI

========== LOP Check ==========

[2010/10/22 23:17:47 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\.minecraft
[2009/08/14 00:48:58 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\.purple
[2008/01/12 16:20:53 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Ascaron Entertainment
[2007/11/25 20:14:48 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Bioshock
[2009/02/11 11:59:34 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\BitDefender
[2007/11/18 14:27:11 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Bluecave Software
[2011/04/20 12:02:22 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\CoffeeCup Software
[2010/02/14 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Facebook
[2010/06/12 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\FreeAudioPack
[2009/03/15 16:46:20 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\gtk-2.0
[2007/08/09 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\JGsoft
[2007/08/10 12:08:45 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Leadertech
[2007/08/31 18:05:55 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\LucasArts
[2009/10/09 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\My Battle for Middle-earth Files
[2007/12/14 12:42:14 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2007/08/07 19:42:29 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\My Games
[2007/12/16 07:18:35 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2009/12/11 22:51:23 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\PACE Anti-Piracy
[2007/08/31 18:06:35 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Petroglyph
[2010/08/27 21:50:19 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\PolyView
[2007/11/10 09:23:02 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Seven Zip
[2007/08/13 17:08:53 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Smart Recorder
[2010/02/14 00:20:35 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\SystemRequirementsLab
[2011/02/28 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\The Creative Assembly
[2011/05/05 01:35:29 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/05 11:00:04 | 000,001,684 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L2F338C82EDAD44F4941FC0E2065D7828.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/05/05 09:38:31 | 000,072,124 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 17:43:36 | 000,000,024 | -H-- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/08/01 20:54:48 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | -H-- | M] () -- C:\config.sys
[2011/05/05 09:38:34 | 3485,220,864 | -HS- | M] () -- C:\hiberfil.sys
[2007/08/10 15:52:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/08/10 15:52:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/05 09:38:32 | 3800,985,600 | -HS- | M] () -- C:\pagefile.sys
[2007/08/14 15:01:25 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2007/08/14 15:01:25 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2011/05/05 19:32:23 | 000,071,948 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_05.05.2011_19.31.12_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/09 14:51:02 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 05:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2007/02/02 19:01:22 | 000,022,951 | ---- | M] () -- C:\Windows\System32\V0420PC.jpg

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/21 16:16:26 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/08/01 20:53:39 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/08/01 20:53:31 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/08/01 20:53:39 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/08/01 20:54:11 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/08/01 20:54:17 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/19 19:01:17 | 000,000,286 | -HS- | M] () -- C:\Users\GOLIATH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/05/05 21:15:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GOLIATH\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2007/09/11 06:52:24 | 000,004,544 | ---- | M] () -- C:\Windows\AppPatch\Custom\{119f7269-5981-4a23-b392-c35d2fc0a1ae}.sdb
[2004/07/11 15:50:28 | 000,001,554 | ---- | M] () -- C:\Windows\AppPatch\Custom\{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/02/14 18:48:42 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/02/14 18:48:12 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/02/14 18:48:12 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/02/14 18:48:12 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/02/14 18:48:11 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/02/14 18:48:12 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/19 19:55:54 | 000,000,597 | ---- | M] () -- C:\Users\GOLIATH\Favorites\Backups.lnk
[2009/08/19 19:55:54 | 000,000,504 | ---- | M] () -- C:\Users\GOLIATH\Favorites\Databases.lnk
[2007/08/17 14:20:36 | 000,000,402 | -HS- | M] () -- C:\Users\GOLIATH\Favorites\desktop.ini
[2009/08/19 19:55:54 | 000,000,504 | ---- | M] () -- C:\Users\GOLIATH\Favorites\Documents.lnk
[2009/08/19 19:55:54 | 000,000,721 | ---- | M] () -- C:\Users\GOLIATH\Favorites\Macros.lnk
[2009/08/19 19:55:54 | 000,000,510 | ---- | M] () -- C:\Users\GOLIATH\Favorites\Spreadsheets.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/12/11 15:54:40 | 008,507,392 | ---- | M] () -- C:\ProgramData\sandra.mda
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
C.O.R.E. Uninstaller.exe
Uninstall Jade Empire.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[1998/09/02 04:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1999/09/10 07:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extras output:
OTL Extras logfile created on: 5/5/2011 9:18:35 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\GOLIATH\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 4.63 Gb Free Space | 3.95% Space Free | Partition Type: NTFS
Drive D: | 255.36 Gb Total Space | 14.91 Gb Free Space | 5.84% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 139.32 Gb Free Space | 37.39% Space Free | Partition Type: NTFS

Computer Name: SPORKO4 | User Name: GOLIATH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-770899019-1359692399-3537158434-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.html [@ = SeaMonkeyHTML] -- C:\APPLICAT\SeaMonkey\seamonkey.exe (mozilla.org)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\APPLICAT\EditPadLite\EditPadLite.exe (Just Great Software)
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\APPLICAT\MSOffice\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\APPLICAT\MSOffice\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mcZipDir] -- ".\Editor\FileSystemPacker\FileSystemPacker.exe" "%1 "
Directory [OneNote.Open] -- C:\APPLICAT\MSOffice\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\APPLICAT\IE7Pro\MiniDM.exe" = C:\APPLICAT\IE7Pro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095F0261-DB6B-47A4-936D-26152A1D07A8}" = lport=rpc | protocol=6 | dir=in | app=c:\diags\sandra\wnt500x86\rpcsandrasrv.exe |
"{61EEAF85-5C74-45AC-A4FB-0BDF078B016E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{95E7CFB8-C41C-4042-B1FB-18D1D1201653}" = lport=2869 | protocol=6 | dir=in | name=upnp framework |
"{A11515A8-8FC4-4E25-B3B4-C348C751C78B}" = lport=1900 | protocol=17 | dir=in | name=upnp framework |
"{BB13CADC-E275-4D5B-AC23-B0603737F77F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CE2F622E-7099-4E0B-9981-C041BB5AC6A3}" = lport=rpc | protocol=6 | dir=in | app=c:\diags\sandra\rpcagentsrv.exe |
"{D703D9F4-BD08-4FEA-A4E8-55F6B7FFEB8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E87952E2-E7B7-409A-827A-ADACEE26CD60}" = lport=rpc | protocol=6 | dir=in | app=c:\diags\sandra\wnt500x86\rpcsandrasrv.exe |
"{F9B849D0-FB19-4777-8853-5D0DAEE24429}" = lport=17567 | protocol=17 | dir=in | name=punkbuster - bf2142 |
"{FD5949F5-FFD5-4FEB-9F3D-111B56DC0CBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCC9E23-FBBD-46C8-B62D-11A32409FB1F}" = protocol=17 | dir=in | app=d:\games\civ4\civilization4.exe |
"{120A74A2-7FB3-4180-84CE-81A895EB2EB8}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysis.exe |
"{1352551A-69D6-460C-B266-AFB5E32F13F7}" = protocol=6 | dir=in | app=c:\applicat\yahoo\yahoomessenger.exe |
"{13DC5D64-3080-42A1-8D78-4489D3765F46}" = protocol=17 | dir=in | app=d:\games\sweaw\foc\swfoc.exe |
"{1ACBC6A2-06FC-4F71-BDEC-6F496A371336}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\empire total war\empire.exe |
"{1B551D7A-6CC8-4ACB-B4F9-B177745172C9}" = protocol=6 | dir=in | app=d:\games\sweaw\gamedata\sweaw.exe |
"{24E175DC-EE7B-488B-B506-9528D5EAB740}" = protocol=6 | dir=in | app=d:\games\civ4\beyond the sword\civ4beyondsword.exe |
"{2A3BE21E-6F5E-4D6E-8F7D-92F5B5301F92}" = protocol=6 | dir=in | app=d:\games\civ4\warlords\civ4warlords.exe |
"{33BB645F-847E-409D-A6EF-FEC603922A88}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{342EC115-CFFF-447C-867F-B6C2249AF83B}" = protocol=17 | dir=in | app=d:\games\ut2004\system\ut2004.exe |
"{380BEF86-B127-4128-AB78-14B60473124F}" = protocol=17 | dir=in | app=c:\applicat\teamspeakclient\teamspeak.exe |
"{3B30F100-4978-4E7A-82FE-D9593AF1863C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{41A94A60-8702-4DF9-BA69-2F9E1EB94D3F}" = protocol=17 | dir=in | app=d:\games\lotr-bfme2\rotwk\game.dat |
"{42E60B9D-00FA-4CAF-BE4A-A5AA642319AF}" = protocol=17 | dir=in | app=c:\applicat\msoffice\office12\onenote.exe |
"{4576D89D-6EE6-441E-A2DD-AEE9B0A35551}" = protocol=6 | dir=in | app=d:\games\sweaw\foc\swfoc.exe |
"{495D00F5-93BE-4076-AB4C-AFBBC3DBEB7D}" = protocol=6 | dir=in | app=d:\games\civ4\warlords\civ4warlords_pitboss.exe |
"{4991B7B2-22A0-451A-AFD7-219D471FC9C6}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{4B20344F-44F6-4332-A78B-0416B683CD9A}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{5327CD1D-CC0D-4CA6-9C6F-C7E56E627117}" = protocol=17 | dir=in | app=c:\applicat\yahoo\yserver.exe |
"{545D1127-E532-4FB2-9642-568F45329FC5}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{5B150596-A3B6-4379-A96F-E2735BA6E308}" = protocol=17 | dir=in | app=c:\windows\system32\ping.exe |
"{61EA29EE-1109-406B-BB69-AEAC1F0AB5C1}" = protocol=17 | dir=in | app=d:\games\sweaw\gamedata\sweaw.exe |
"{710598F0-B683-4594-836D-58AF22B58672}" = protocol=6 | dir=in | app=d:\games\lotr-bfme2\game.dat |
"{7159CA3D-D50C-4D82-B4C4-781490931F25}" = protocol=6 | dir=in | app=c:\applicat\msoffice\office12\onenote.exe |
"{7604E8C1-F55C-416D-B2C0-19139CABAE20}" = protocol=17 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe |
"{772806C4-6980-4495-B4DC-1092A3866A20}" = dir=in | app=c:\applicat\skype\phone\skype.exe |
"{7CEB1011-ACCF-482F-B82F-4621176EE0E8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7E210B01-D470-45D6-A5F5-FEA9E9B5486F}" = protocol=6 | dir=in | app=d:\games\ut2004\system\ut2004.exe |
"{804ECC32-151D-499F-BAD1-233EB58B8E1D}" = protocol=17 | dir=in | app=d:\games\civ4\beyond the sword\civ4beyondsword.exe |
"{86221669-B603-47F0-8392-D4561358A2F8}" = protocol=17 | dir=in | app=d:\games\smrailroads!\railroads.exe |
"{877A4136-5FC9-40FC-B16D-D60AE300CF8E}" = protocol=6 | dir=in | app=d:\games\bf2142\bf2142.exe |
"{8A1324FD-0325-4234-A553-1944D473A879}" = protocol=17 | dir=in | app=c:\applicat\yahoo\yahoomessenger.exe |
"{8D821A93-07BF-49FF-83C1-87E83935F093}" = protocol=6 | dir=in | app=c:\hardware\intel\idu\intelmain.exe |
"{8FCFA062-8D8E-4255-8884-468BC76B1793}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\empire total war\empire.exe |
"{903EE408-0242-4649-8AEF-8B4F21BF0BF6}" = protocol=17 | dir=in | app=d:\games\risefall\riseandfall.exe |
"{98194939-6851-4F88-A818-7D749DEF2AFF}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysisdedicatedserver.exe |
"{9978589E-BC96-4CF6-8A1C-F58CB0823C60}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9B64B2F5-A16B-4BC0-A151-7241A34695B6}" = protocol=17 | dir=in | app=d:\games\bf2142\bf2142.exe |
"{A1360DFD-AD73-41E2-AA78-0CB412C0EFC3}" = protocol=17 | dir=in | app=c:\hardware\intel\idu\iptray.exe |
"{A7D6CCEF-136A-4F10-AB21-222504DE7EA5}" = protocol=6 | dir=in | app=c:\applicat\yahoo\yserver.exe |
"{ABE29C52-11AD-4F74-811D-D4D3ED5764C9}" = protocol=6 | dir=in | app=d:\games\ut3\binaries\ut3.exe |
"{AED35A6F-B4DA-44E0-87DD-2595FD837FC7}" = protocol=17 | dir=in | app=d:\games\ut3\binaries\ut3.exe |
"{B49515DF-69C6-4A02-9DCA-8F76162A55FC}" = protocol=6 | dir=in | app=c:\hardware\intel\idu\iptray.exe |
"{BA17E5BC-EC4B-4447-901D-ECCA5104C0DE}" = protocol=6 | dir=in | app=d:\games\risefall\riseandfall.exe |
"{BBF9218D-3474-4F96-BC4E-28DED9FCD383}" = protocol=17 | dir=in | app=d:\games\lotr-bfme2\game.dat |
"{C300C9EE-221A-4AA6-B00C-D0FC4BEC87E0}" = protocol=17 | dir=in | app=d:\games\civ4\warlords\civ4warlords.exe |
"{C339B78C-2601-4E5F-AE04-FB5E40C00DEB}" = protocol=17 | dir=in | app=d:\games\lotr-bfme\game.dat |
"{C615CD29-9813-4E49-AA95-854FE9E2FB27}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CEC23471-761E-4E70-9133-72E9E432938C}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{D03408B8-D29E-4B28-B59D-EDA0A739D0CB}" = protocol=6 | dir=in | app=d:\games\lotr-bfme2\rotwk\game.dat |
"{D261F542-A4C0-4121-9F48-8619546B13A3}" = protocol=6 | dir=in | app=d:\games\crysis\bin32\crysis.exe |
"{D83751E5-5FD1-44F4-B973-FDD27F882DB2}" = protocol=6 | dir=in | app=c:\applicat\teamspeakclient\teamspeak.exe |
"{E298D360-725F-4551-B2D8-FB9DBF20DD15}" = protocol=6 | dir=in | app=d:\games\civ4\beyond the sword\civ4beyondsword_pitboss.exe |
"{E51DB0C8-B5E6-4BED-9D90-1CB5E8D0373D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
"{E7B03325-9436-4C3F-A7F1-9759AD9AFB67}" = protocol=6 | dir=in | app=d:\games\smrailroads!\railroads.exe |
"{E93B848F-5076-416A-B5E2-4A3351E74086}" = protocol=17 | dir=in | app=c:\hardware\intel\idu\intelmain.exe |
"{ECAAFBEA-55ED-407B-BD3F-C7F4AFA502E8}" = protocol=17 | dir=in | app=d:\games\civ4\warlords\civ4warlords_pitboss.exe |
"{EDBB0D53-F357-4D2F-9A1C-4843E0F8F66D}" = protocol=6 | dir=in | app=c:\windows\system32\ping.exe |
"{EF689104-1B37-49DC-9394-7D6BCE56BDA2}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\total war shogun 2 demo\shogun2.exe |
"{EF8A5E08-A6CA-449F-A250-A9719EA3703E}" = protocol=17 | dir=in | app=d:\games\civ4\beyond the sword\civ4beyondsword_pitboss.exe |
"{F6B70076-06C0-4DCC-A669-7D8F2FB22404}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F6F47227-DEAB-4CC2-90DB-EFF5357C0010}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{F8556496-ED2D-42AC-A723-D8430B2AE06B}" = protocol=6 | dir=in | app=d:\games\lotr-bfme\game.dat |
"{FD132F0A-8896-4F16-A2B6-9B62A992306C}" = protocol=6 | dir=in | app=d:\games\civ4\civilization4.exe |
"TCP Query User{08B3BE60-25F3-4E81-AA97-0E94C28F0969}D:\games\starwarsbf2\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=d:\games\starwarsbf2\gamedata\battlefrontii.exe |
"TCP Query User{1E3CDB28-7E3D-4ADA-A679-0A97AE769276}D:\games\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=d:\games\ravenshield\system\ravenshield.exe |
"TCP Query User{23B66D55-844C-4BC3-8D61-ECD397FD4981}C:\applicat\opera\opera.exe" = protocol=6 | dir=in | app=c:\applicat\opera\opera.exe |
"TCP Query User{2609327A-77B4-489E-A55C-FE6B1145BB41}C:\applicat\yahoo\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\applicat\yahoo\yahoomessenger.exe |
"TCP Query User{3402C3A1-6095-4B72-A7A8-14E67799C537}D:\games\aoe2\empires2.icd" = protocol=6 | dir=in | app=d:\games\aoe2\empires2.icd |
"TCP Query User{3709CAD9-0154-46CE-9577-250AEEED35A8}D:\games\portsofcall\pocxxl\pocxxl\bin\pocxxl.exe" = protocol=6 | dir=in | app=d:\games\portsofcall\pocxxl\pocxxl\bin\pocxxl.exe |
"TCP Query User{3FED9CF6-A596-45A9-8137-02DC7FB1B69E}C:\applicat\getright\getright.exe" = protocol=6 | dir=in | app=c:\applicat\getright\getright.exe |
"TCP Query User{45607553-A177-41C9-B456-1F1FC65110D6}D:\games\bf1942\bf1942.exe" = protocol=6 | dir=in | app=d:\games\bf1942\bf1942.exe |
"TCP Query User{610063FF-221B-49D9-A0AE-6F99F8EAC695}C:\applicat\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\applicat\firefox\firefox.exe |
"TCP Query User{6B6FDE03-2ABA-4D03-B692-582CA4ED08D6}C:\applicat\seamonkey\seamonkey.exe" = protocol=6 | dir=in | app=c:\applicat\seamonkey\seamonkey.exe |
"TCP Query User{81F7D5AA-9592-426A-A290-BA322B4C2E36}C:\users\goliath\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\goliath\appdata\local\temp\nero web\setupxu.exe |
"TCP Query User{841898DF-27FD-4D5B-8C84-CACBAD68C636}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{93085C0B-7C54-4606-8D40-038C492C9E20}D:\games\heroes5\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=d:\games\heroes5\heroes of might and magic v\bin\h5_game.exe |
"TCP Query User{A17AC7FE-F2CB-46AC-8800-04DA820FA584}D:\games\heroes5\heroes of might and magic v\tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=d:\games\heroes5\heroes of might and magic v\tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"TCP Query User{AA38F1DC-980E-4BE6-AE27-EBA46FE251B2}D:\games\heroes5\heroes of might and magic v\bina1\h5_game.exe" = protocol=6 | dir=in | app=d:\games\heroes5\heroes of might and magic v\bina1\h5_game.exe |
"TCP Query User{ABBB9FAA-D318-4977-8CC8-215836E29047}C:\graphics\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\graphics\realplayer\realplay.exe |
"TCP Query User{C65FC806-095D-4CC3-BB2E-9F707AFC1F68}D:\games\silverfalldemo\silverfall.exe" = protocol=6 | dir=in | app=d:\games\silverfalldemo\silverfall.exe |
"TCP Query User{C7A4962A-C399-4C84-B254-B408963DA2D4}D:\games\re-volt\rev.exe" = protocol=6 | dir=in | app=d:\games\re-volt\rev.exe |
"TCP Query User{C9962F12-C202-4420-BD91-3D64A97D47AD}D:\games\heroes3\heroes3.exe" = protocol=6 | dir=in | app=d:\games\heroes3\heroes3.exe |
"TCP Query User{CA7FDA85-FF1A-4773-8A86-AA2D990D6DF5}D:\games\warcraft3\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft3\war3.exe |
"TCP Query User{CE4CE925-D1FF-4A78-9E77-CC207AC519DF}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{D475CB4C-22C2-4B1D-9386-0429D6A4CB74}D:\games\madden2005\updater.exe" = protocol=6 | dir=in | app=d:\games\madden2005\updater.exe |
"TCP Query User{D9629A73-9D29-4167-A1D1-30DB8278DEEB}D:\games\ut3\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\games\ut3\binaries\ut3.exe |
"TCP Query User{DC7A43FE-73DC-4B79-AE1D-AE7C15B85F81}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{DF8C4C05-05C8-4EC9-BB6F-56C514C57034}D:\games\bf1942\bf1942.exe" = protocol=6 | dir=in | app=d:\games\bf1942\bf1942.exe |
"TCP Query User{E3286CE4-9C5F-4E91-874D-5EF5A0165844}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{E7419C23-6929-4AFE-AACC-BECC35DE85E2}D:\games\silverfall\silverfall.exe" = protocol=6 | dir=in | app=d:\games\silverfall\silverfall.exe |
"TCP Query User{EAB45189-EB91-425E-9A36-746411970A1C}D:\games\aoe2\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=d:\games\aoe2\age2_x1\age2_x1.icd |
"TCP Query User{EB4831A6-49F5-4993-8984-D8B63FF6DD81}C:\applicat\opera\opera.exe" = protocol=6 | dir=in | app=c:\applicat\opera\opera.exe |
"TCP Query User{EB9A09F6-C6BC-49EF-9246-A27C1C8C42E3}D:\games\ea games\eadm\core.exe" = protocol=6 | dir=in | app=d:\games\ea games\eadm\core.exe |
"UDP Query User{0FCBFAB9-429E-4219-8EBE-42AA31F67461}D:\games\heroes5\heroes of might and magic v\bina1\h5_game.exe" = protocol=17 | dir=in | app=d:\games\heroes5\heroes of might and magic v\bina1\h5_game.exe |
"UDP Query User{1B23DA0D-A2B4-4D2D-99D7-B8C3CDBA5A8F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{1E746E62-2E15-464E-8E52-62D26C3C1D36}C:\users\goliath\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\goliath\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{1ECDB3D5-6504-4FF8-AAB0-0A9C30A26D89}C:\applicat\getright\getright.exe" = protocol=17 | dir=in | app=c:\applicat\getright\getright.exe |
"UDP Query User{50E38399-DD7B-4088-8BF9-4270E351B7BA}D:\games\bf1942\bf1942.exe" = protocol=17 | dir=in | app=d:\games\bf1942\bf1942.exe |
"UDP Query User{53899668-AE15-424F-B100-B7DB9098615A}C:\graphics\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\graphics\realplayer\realplay.exe |
"UDP Query User{5BF05721-58ED-4CAF-871D-9327FCF923A0}D:\games\silverfall\silverfall.exe" = protocol=17 | dir=in | app=d:\games\silverfall\silverfall.exe |
"UDP Query User{6BADEA31-2EC7-4EB2-B09B-3AE0180693BF}D:\games\portsofcall\pocxxl\pocxxl\bin\pocxxl.exe" = protocol=17 | dir=in | app=d:\games\portsofcall\pocxxl\pocxxl\bin\pocxxl.exe |
"UDP Query User{820E01E7-0054-49C8-976F-7BA94C081FF0}D:\games\starwarsbf2\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=d:\games\starwarsbf2\gamedata\battlefrontii.exe |
"UDP Query User{871F7EA3-8337-44BF-87B4-74D50B1E6AB5}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{88051654-C0B0-4D97-8F89-B5A657924E31}C:\applicat\opera\opera.exe" = protocol=17 | dir=in | app=c:\applicat\opera\opera.exe |
"UDP Query User{8D97970A-A395-4017-B063-550C24E22E18}D:\games\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=d:\games\ravenshield\system\ravenshield.exe |
"UDP Query User{A05191A2-3340-40A0-B8AF-E9FE42EE939A}D:\games\heroes5\heroes of might and magic v\tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe" =

Xd23bgt · 2011/05/05

Post 3 of 3
protocol=17 | dir=in | app=d:\games\heroes5\heroes of might and magic v\tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"UDP Query User{B0CD3D91-E599-444E-AAA9-A78699EC07E8}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{B6C94ADF-3016-4F3C-8D06-E0BDC0EF34C7}C:\applicat\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\applicat\firefox\firefox.exe |
"UDP Query User{C2E2042A-27D9-4286-8828-BF58927F8855}C:\applicat\yahoo\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\applicat\yahoo\yahoomessenger.exe |
"UDP Query User{C3DA2722-E2A9-4AC7-A216-4F4994214780}D:\games\warcraft3\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft3\war3.exe |
"UDP Query User{D387BDA8-8348-4192-B08A-447B3BD1C9D5}D:\games\heroes5\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=d:\games\heroes5\heroes of might and magic v\bin\h5_game.exe |
"UDP Query User{D488FE6D-CF43-4FEF-8D21-2519BA985DE8}D:\games\silverfalldemo\silverfall.exe" = protocol=17 | dir=in | app=d:\games\silverfalldemo\silverfall.exe |
"UDP Query User{D84711B2-8954-45DD-A08F-5AFF2CD86689}D:\games\ea games\eadm\core.exe" = protocol=17 | dir=in | app=d:\games\ea games\eadm\core.exe |
"UDP Query User{DBDB4CD2-DD3B-4D80-B5B2-708D85B8C7B2}D:\games\ut3\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\games\ut3\binaries\ut3.exe |
"UDP Query User{DD38CBF3-DD92-4B4E-B93D-40136CCD5943}D:\games\re-volt\rev.exe" = protocol=17 | dir=in | app=d:\games\re-volt\rev.exe |
"UDP Query User{E8263F2A-61A7-4763-84BA-A82B191C8D03}D:\games\heroes3\heroes3.exe" = protocol=17 | dir=in | app=d:\games\heroes3\heroes3.exe |
"UDP Query User{E9CF2F57-B953-4E2A-8752-BB22694AA864}C:\applicat\seamonkey\seamonkey.exe" = protocol=17 | dir=in | app=c:\applicat\seamonkey\seamonkey.exe |
"UDP Query User{EADDBB09-B223-4289-B4FC-C740E45D7557}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{ED3EA777-126A-4410-8D5F-2F8BFA7ABA5B}C:\applicat\opera\opera.exe" = protocol=17 | dir=in | app=c:\applicat\opera\opera.exe |
"UDP Query User{EE2F0254-DAE3-4100-BEE1-6F4A7B81BD15}D:\games\aoe2\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=d:\games\aoe2\age2_x1\age2_x1.icd |
"UDP Query User{F1F2B458-0028-461D-8B20-8DF975AA4310}D:\games\aoe2\empires2.icd" = protocol=17 | dir=in | app=d:\games\aoe2\empires2.icd |
"UDP Query User{F36369BC-E245-42F3-87B0-7E2BAD790C26}D:\games\madden2005\updater.exe" = protocol=17 | dir=in | app=d:\games\madden2005\updater.exe |
"UDP Query User{FD362E89-4DB2-443A-8910-08C7C568D8AF}D:\games\bf1942\bf1942.exe" = protocol=17 | dir=in | app=d:\games\bf1942\bf1942.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_inmm" = _inmm.dll 2.35
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00DEB00E-B24F-4FB8-BC31-6853979FBCC8}" = The Great Escape
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{059689BF-89A3-4FE5-B459-6EAB2903124F}" = Hoyle Puzzle Games 2007
"{06217230-08B8-4953-88BF-176EAD76E70C}" = Turok Evolution
"{06EDD7A6-BA2C-452D-B148-F79B426AFA72}" = XMP Community Bonus Pack Final Release
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0C7880D0-B759-43A2-BFA9-64E208B9535B}" = Hearts of Iron
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{10631C28-62E5-477C-9B40-40C5EA8219BE}" = Black & White® 2 Battle of the Gods
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{119f7269-5981-4a23-b392-c35d2fc0a1ae}.sdb" = MyAppFixes
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{17D8DD6D-E1F9-F2CC-7CB4-6589129923CE}" = Catalyst Control Center Graphics Previews Vista
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}" = FOCMapEditor
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{202B35E4-D56A-4DCE-AB17-89F5A5B38F2E}" = RSI IDL 6.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{26B5AD79-EE99-4E17-93A6-AF215E3A81E9}" = VC90_CRT_x86
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2ABC904F-6915-40AC-8CF8-B48743698CEC}" = 3132-W-R
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2D6F0BB0-2832-4C88-B82B-9CA543A81B6D}" = The Day After
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{31034EBB-00BB-4703-00AB-3EB127F9EEDB}" = Madden NFL 2005
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3DCA6119-DBCF-4AB4-808C-C5214C50D2F6}" = Intel(R) Desktop Utilities
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{3F0A33B3-8A07-4ED2-868A-BAAE69877D70}" = Civ3Conquestsv121Update
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{465DE3B1-1207-4BBA-828A-0F3ABED81603}" = Disney's Treasure Planet: Battle at Procyon
"{47836B39-2465-4F39-9D7E-52F70A1C3D72}" = Axis & Allies
"{47D511E4-CF3F-45D4-90A0-B02E086A889C}" = Aliens vs. Predator 2 Tools
"{49D4FCCF-45D6-11D4-8F73-0050DA0F6297}" = The Sims Livin' it up
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{50CE6FB8-23DF-42B1-98CE-AA17A0905C7A}" = Learning QuickBooks 2009
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{544DB849-AB59-4C12-A333-2F214E24870F}" = Commandos Strike Force
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Family Pack 5
"{55D1BF8E-EA8F-4969-82B9-B577010CFBCD}" = Microsoft Baseline Security Analyzer 2.1
"{56848C4D-4C6F-4783-B625-F5C4BC3AE4D2}" = WebPAM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{61879398-F35C-4628-AC95-2B84B859FE93}" = nrg2iso
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{63B263C2-1B61-11D4-8B6D-00C0F01F6881}" = B17 - The Mighty Eighth
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{664FF9A8-7E44-4E17-AD40-D10E15504C49}" = Tom Clancy's Rainbow Six 3: Athena Sword 1.10.016
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{671D7AB6-8118-4C41-B602-3001A5A949AA}" = ER Viewer 7.1
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C677A88-ACCE-41F6-ADFA-E48C30718CEB}" = Tiger Woods PGA TOUR 2002
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion
"{781D316B-77BA-48C3-8310-42EAFB61ED31}" = Shattered Union
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = The Sims Unleashed
"{7FC80C69-D3F0-4736-B3EA-981F2CB7B4CD}" = Unreal II Special Edition
"{7FF95D80-7FEA-11D3-BDE9-0050DA1AB3B9}" = UltraPlayer
"{81521545-BE95-4869-92FA-CC2E276C790E}" = Tom Clancy's Rainbow Six 3: Iron Wrath 1.00.000
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
"{85092B90-AEB2-2E30-0EF1-432EC61F6BD1}" = Catalyst Control Center InstallProxy
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate(TM) II - Shadows of Amn(TM)
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth (tm)
"{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}" = Enter The Matrix
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A483F88A-41E9-45B2-AAC9-A823DD9B4873}" = PC DUAL SHOCK
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}" = UT3 Domination (CBP Edition)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}" = Civilization III - Play the World v1.27F
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.0
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP2
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{C7EA1AF1-F908-0832-AA52-5EDBE128FD6B}" = ccc-core-static
"{C982FAE0-9E75-0BB0-933D-69046512C216}" = ATI AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall
"{D17A4122-8888-4E87-8591-C8B8B463DC58}" = LocoTrains Eurostar & GNER White Rose
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0
"{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb" = X-Wing & TIE Fighter 95 Compatibility Fix
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E4E3E62E-16D7-425E-009C-DCB5E64F5955}" = FIFA 2005
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E8650C8D-CCB2-496E-816C-ECC54A7EE411}" = Civilization III Play the World
"{E9D4FBA9-FB46-A5CE-F52F-516C4B8F0373}" = ccc-utility
"{EA2BD6CF-2EB7-4BE4-9CAC-471F351BF24D}" = Hoyle Board Games 2007
"{EB0E062C-575D-8154-2682-C84EF432CCF0}" = Catalyst Control Center Graphics Previews Common
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ECB4D56B-E365-4922-AC0F-70CF770443A3}" = EAWMapEditor
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
"{EEA54973-AFC8-21C8-1414-246AA9435890}" = CCC Help English
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{EF57B24A-76A3-43CE-814F-DBB7A55548D9}" = Jane's Attack Squadron
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA11D411-AD5B-4223-89C0-E9D65E1C1F1C}" = BEST v4.0.5
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"7-Zip" = 7-Zip 4.52 beta
"Activision_CivCTPUninstallKey" = Civilization: Call To Power
"Activision_CTP2UninstallKey" = Call To Power 2
"Activision_HG2UninstallKey" = Heavy Gear 2
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"ALchemy" = Creative ALchemy
"Ancient China Map" = Ancient China Map
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Control Panel
"beam-4" = beam-4
"Blade Runner" = Blade Runner
"Boiler House Map" = Boiler House Map
"BRS HQ Update v2" = BRS HQ Update v2
"BRS v4.1" = BRS v4.1
"BRS v4.4" = BRS v4.4
"BRS v4.5 update patch." = BRS v4.5 update patch.
"BRSet v4" = BRSet v4
"BRSet v4 bugfix" = BRSet v4 bugfix
"BSPlayer1" = BSPlayer
"burnatonce_is1" = burnatonce
"C.O.R.E." = C.O.R.E.
"Caesar 3" = Caesar 3
"Call of Duty - United Offensive Map and Mod Tools" = Call of Duty - United Offensive Map and Mod Tools
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"Carnivores Ice Age" = Carnivores Ice Age
"CCleaner" = CCleaner (remove only)
"ChrisTrains for Locomotion V1.2.0" = ChrisTrains for Locomotion V1.2.0
"CoffeeCup Free FTP 4.3.2" = CoffeeCup Free FTP
"Console Launcher" = Creative Console Launcher
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.11.02.00)
"Creative VF0420" = Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00)
"Creative Volume Panel" = Volume Panel
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dark Reign 2" = Dark Reign 2
"DDump + Frontend" = DDump 1.10 + Frontend 1.4.1 (remove only)
"DesertCombat_Public_Alpha__0.2" = DesertCombat 0.6F
"EADM" = EA Download Manager
"EditPad Lite" = JGsoft EditPad Lite 6.3.0
"ER Mapper Image Compressor 7.2" = ER Mapper Image Compressor 7.2
"Fighting Steel" = Fighting Steel
"GetRight_is1" = GetRight
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.10.13 rev a (remove only)
"Hardwar" = Hardwar
"Hardwood Spades" = Hardwood Spades
"HECI" = Intel(R) Management Engine Interface
"Heroes of Annihilated Empires_is1" = Heroes of Annihilated Empires
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HighSpeedPack Reloaded V1.0.0" = HighSpeedPack Reloaded V1.0.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HQ update 1 of the BRS" = HQ update 1 of the BRS
"IE7Pro" = IE7Pro
"IE7ProSpellCheckDictionary_is1" = Spelling Check Dictionary From OpenOffice.org
"Indeo® Software" = Indeo® Software
"Indoor Swmimming Bath" = Indoor Swmimming Bath
"InstallShield_{06217230-08B8-4953-88BF-176EAD76E70C}" = Turok Evolution
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{202B35E4-D56A-4DCE-AB17-89F5A5B38F2E}" = RSI IDL 6.1
"InstallShield_{2D6F0BB0-2832-4C88-B82B-9CA543A81B6D}" = The Day After
"InstallShield_{3DCA6119-DBCF-4AB4-808C-C5214C50D2F6}" = Intel(R) Desktop Utilities
"InstallShield_{56848C4D-4C6F-4783-B625-F5C4BC3AE4D2}" = WebPAM
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"InstallShield_{97573806-3C00-4CE0-9D31-3925DD845DCE}" = Freedom Force® vs The 3rd Reich
"InstallShield_{9E9BDBA6-8EA4-4850-8DC9-0AAD8D18CBDC}" = The Day After patch 1.2
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"International Super Patch 1.0 - Fifa 2005" = International Super Patch 1.0 - Fifa 2005
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.77 Standard
"Learning QuickBooks 2009" = Learning QuickBooks 2009
"Loco Mania Demo" = Loco Mania Demo 1.0
"LocoTrains Eurostar & GNER White Rose" = LocoTrains Eurostar & GNER White Rose
"LocoTrains Vossloh G2000 for Locomotion" = LocoTrains Vossloh G2000 for Locomotion
"LucasArts' TIE Fighter" = LucasArts' TIE Fighter
"LucasArts' XvT: Flight School" = LucasArts' XvT: Flight School
"LucasArts' X-Wing" = LucasArts' X-Wing
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Master of Orion 3" = Master of Orion 3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Monopoly Star Wars" = Monopoly Star Wars
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"msaudio" = Windows Media Audio ACM CODEC v8.0
"Need For Speed II SE" = Need For Speed II SE
"Network Play System (Patching)" = Network Play System (Patching)
"NG Track with Diagonals" = NG Track with Diagonals
"NIS" = Norton Internet Security
"OpenAL" = OpenAL
"Opera 11.10.2092" = Opera 11.10
"Panzer General 2" = Panzer General 2
"Panzer General 3D" = Panzer General 3D
"Parkan 2_is1" = Parkan 2
"PGIII Scorched Earth" = PGIII Scorched Earth
"PHARAOHEDITOR_is1" = MAX's HTML Beauty++ 2004
"Pidgin" = Pidgin
"PolyView" = PolyView 4.41
"PolyView Canon CRW Support" = PolyView Canon CRW Support
"PolyView MrSID Support" = PolyView MrSID Support
"Ports Of Call - classic - Windows" = Ports Of Call - classic - Windows
"Ports Of Call XXL" = Ports Of Call XXL
"ProjectZoo" = Project Zoo (remove only)
"PROSetDX" = Intel(R) Network Connections 15.3.68.0
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealPlayer 6.0" = RealPlayer
"RETMetro.nl for Locomotion Pack V1.0.0" = RETMetro.nl for Locomotion Pack V1.0.0
"Re-Volt" = Re-Volt
"Revolution" = Revolution
"Revolution Patch 1.1" = Revolution Patch 1.1
"RvC v3.0 Map Pack" = RvC v3.0 Map Pack
"Sacred Underworld_is1" = Sacred Underworld
"SeaMonkey (2.0.1)" = SeaMonkey (2.0.1)
"SFBM" = SoundFont Bank Manager
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Sid Meier's Railroads! Scenario: Holiday Scenario" = Sid Meier's Railroads! Scenario: Holiday Scenario 1.0
"SimCity 3000" = SimCity 3000
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Smart Recorder" = Creative Smart Recorder
"SMBus" = Intel(R) SMBus
"Space Shuttle" = Space Shuttle
"SpellForce" = SpellForce
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST5UNST #1" = RVOrganise
"ST6UNST #1" = Car Manager 1.0
"ST6UNST #2" = Wrapper for Locotool
"Starcraft" = Starcraft
"Starfleet Command II" = Starfleet Command II
"Starfleet Command II Patcher" = Starfleet Command II Patcher
"Steam App 10500" = Empire: Total War
"Steam App 10603" = Empire: Total War - USS Constitution Unit
"Steam App 34350" = Total War: SHOGUN 2 Demo
"TagScanner_is1" = TagScanner 5.0 build 515b
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Test Of Time" = Civ II : Test Of Time
"Test of Time Patch" = Test of Time Patch
"TGZ TDM Map Pack 1" = TGZ TDM Map Pack 1
"The Time Threat Mystery" = The Time Threat Mystery
"Tortuga - Two Treasures_is1" = Tortuga - Two Treasures
"UT2004" = Unreal Tournament 2004
"UT3 CBP3 Vol 1" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 1
"UT3 CBP3 Vol 2" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 2
"UT3 CBP3 Vol 3" = Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3
"Vliv" = Vliv 2.3.5
"Warcraft III" = Warcraft III
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinZip" = WinZip
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XAce Plus v2.6" = XAce Plus v2.6
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-770899019-1359692399-3537158434-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Defender of the Crown" = Defender of the Crown
"Facebook Plug-In" = Facebook Plug-In
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Third Age - Total War 1.0 Part1" = Third Age - Total War 1.0 Part1
"Third Age - Total War 1.0 Part2" = Third Age - Total War 1.0 Part2
"Third Age - Total War Hotfix1" = Third Age - Total War Hotfix1
"Third Age - Total War Patch 1.1" = Third Age - Total War Patch 1.1
"Third Age - Total War Patch 1.2" = Third Age - Total War Patch 1.2
"Third Age - Total War Patch 1.3" = Third Age - Total War Patch 1.3
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2009 1:57:11 AM | Computer Name = SPORKO4 | Source = EventSystem | ID = 4621
Description =

Error - 12/19/2009 4:52:55 PM | Computer Name = SPORKO4 | Source = Windows Search Service | ID = 3013
Description =

Error - 12/22/2009 2:34:23 AM | Computer Name = SPORKO4 | Source = EventSystem | ID = 4621
Description =

Error - 12/23/2009 2:32:30 PM | Computer Name = SPORKO4 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/23/2009 11:29:24 PM | Computer Name = SPORKO4 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/24/2009 3:26:31 AM | Computer Name = SPORKO4 | Source = EventSystem | ID = 4621
Description =

Error - 12/24/2009 4:41:10 PM | Computer Name = SPORKO4 | Source = EventSystem | ID = 4621
Description =

Error - 12/24/2009 9:39:58 PM | Computer Name = SPORKO4 | Source = VSS | ID = 8194
Description =

Error - 12/25/2009 4:02:20 PM | Computer Name = SPORKO4 | Source = Windows Search Service | ID = 3013
Description =

Error - 12/26/2009 11:18:25 PM | Computer Name = SPORKO4 | Source = Application Error | ID = 1000
Description = Faulting application Oblivion.exe, version 1.2.0.416, time stamp 0x215a5750,
faulting module Oblivion.exe, version 1.2.0.416, time stamp 0x215a5750, exception
code 0xc0000005, fault offset 0x0033a5e8, process id 0xf2c, application start time
0x01ca869ad3a6f419.

[ System Events ]
Error - 5/5/2011 1:26:00 AM | Computer Name = SPORKO4 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:43:12 AM on 5/5/2011 was unexpected.

Error - 5/5/2011 1:26:42 AM | Computer Name = SPORKO4 | Source = Service Control Manager | ID = 7026
Description =

Error - 5/5/2011 9:39:08 AM | Computer Name = SPORKO4 | Source = Service Control Manager | ID = 7026
Description =

Error - 5/5/2011 12:24:33 PM | Computer Name = SPORKO4 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.55 for the Network Card with network
address 0019D1EB01D8 has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 5/5/2011 12:35:50 PM | Computer Name = SPORKO4 | Source = bowser | ID = 8003
Description =

Error - 5/5/2011 12:55:29 PM | Computer Name = SPORKO4 | Source = bowser | ID = 8003
Description =

Error - 5/5/2011 2:47:52 PM | Computer Name = SPORKO4 | Source = bowser | ID = 8003
Description =

Error - 5/5/2011 2:52:32 PM | Computer Name = SPORKO4 | Source = bowser | ID = 8003
Description =

Error - 5/5/2011 6:22:53 PM | Computer Name = SPORKO4 | Source = netbt | ID = 4321
Description = The name "SPORKO4 :0" could not be registered on the interface
with IP address 192.168.1.67. The computer with the IP address 192.168.1.77 did
not allow the name to be claimed by this computer.

Error - 5/5/2011 6:22:53 PM | Computer Name = SPORKO4 | Source = netbt | ID = 4321
Description = The name "SPORKO4 :0" could not be registered on the interface
with IP address 192.168.1.67. The computer with the IP address 192.168.1.77 did
not allow the name to be claimed by this computer.

< End of report >

Does the fact that neither ComboFix nor dds will run mean something's blocking them? Or is it just my system config?

broni · 2011/05/05

Does the fact that neither ComboFix nor dds will run mean something's blocking them? Or is it just my system config?
Click to expand...

Possibly the latter, but we'll keep checking...

=====================================================

Drive C: | 117.19 Gb Total Space | 4.63 Gb Free Space | 3.95% Space Free
Click to expand...

You're running very low on C drive free space.
You have to start moving some stuff out.

====================================================

You're running two AV programs, WebrootSecurity and Norton.
One of them has to go.
If Norton, make sure to use Norton Removal Tool to uninstall it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

====================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- -- (AWService)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{c2c5621f-9a51-11de-9576-0019d1eb01d8}\Shell - " " = AutoRun
O33 - MountPoints2\{c2c5621f-9a51-11de-9576-0019d1eb01d8}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -a
O33 - MountPoints2\{e60156d7-73d7-11dc-bc11-0019d1eb01d8}\Shell - " " = AutoRun
O33 - MountPoints2\{e60156d7-73d7-11dc-bc11-0019d1eb01d8}\Shell\AutoRun\command - " " = G:\LaunchU3.exe
O33 - MountPoints2\G\Shell - " " = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - " " = G:\LaunchU3.exe
O37 - HKU\S-1-5-21-770899019-1359692399-3537158434-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

Xd23bgt · 2011/05/06

New OTL log:

All processes killed
========== OTL ==========
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
Service AWService stopped successfully!
Service AWService deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2c5621f-9a51-11de-9576-0019d1eb01d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2c5621f-9a51-11de-9576-0019d1eb01d8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2c5621f-9a51-11de-9576-0019d1eb01d8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2c5621f-9a51-11de-9576-0019d1eb01d8}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e60156d7-73d7-11dc-bc11-0019d1eb01d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e60156d7-73d7-11dc-bc11-0019d1eb01d8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e60156d7-73d7-11dc-bc11-0019d1eb01d8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e60156d7-73d7-11dc-bc11-0019d1eb01d8}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_USERS\S-1-5-21-770899019-1359692399-3537158434-1000_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-770899019-1359692399-3537158434-1000_Classes\comfile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
C:\ProgramData\xmlAD05.tmp deleted successfully.
C:\ProgramData\xmlB1F8.tmp deleted successfully.
C:\ProgramData\xmlB360.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: GOLIATH
->Temp folder emptied: 4649780 bytes
->Temporary Internet Files folder emptied: 7726125 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 42644242 bytes
->Flash cache emptied: 790 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10632020 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb

[EMPTYFLASH]

User: Default

User: GOLIATH
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05062011_122527

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\Jetty__8443__promise\webapp\WEB-INF\lib\activation.jar scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Jetty__8443__promise\webapp\WEB-INF\lib\j2ee.jar scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Jetty__8443__promise\webapp\WEB-INF\lib\jdom.jar scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Jetty__8443__promise\webapp\WEB-INF\lib\junit.jar scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Jetty__8443__promise\webapp\WEB-INF\lib\mail.jar scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Jetty__8443__promise\webapp\WEB-INF\lib\unittest.jar scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Jetty__8443__promise\webapp\WEB-INF\lib\xerces.jar scheduled to be moved on reboot.
File\Folder C:\Windows\temp\hsperfdata_SYSTEM\2328 not found!

Registry entries deleted on Reboot...

As for the other things, Java has been upgraded from version 24 to version 25. The crowded hard drives were already in the process of being resolved. F: is a 2nd physical hard disk and is just a copy of D: at present, so as soon as I uninstall some more things from D:, I'm going to rename F: to D: and then repartition C: to take up the entire 1st disk (at present it consists of C: and D. As soon as my computer is clean, problem will be resolved. SpySweeper has 2 versions, an Antispyware only version and an Antispyware plus Antivirus version. I'm running the Antispyware only version, and have been for more than 5 years. No conflicts with Norton Antivirus have occurred.

broni · 2011/05/06

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
Click to expand...

......

Xd23bgt · 2011/05/06

Oops. Sorry I missed the last line of your post. Here's the OTL quick scan log:

Part 1 of 2

OTL logfile created on: 5/6/2011 8:23:53 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\GOLIATH\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.19 Gb Total Space | 6.48 Gb Free Space | 5.53% Space Free | Partition Type: NTFS
Drive D: | 255.36 Gb Total Space | 14.91 Gb Free Space | 5.84% Space Free | Partition Type: NTFS
Drive F: | 372.61 Gb Total Space | 139.32 Gb Free Space | 37.39% Space Free | Partition Type: NTFS

Computer Name: SPORKO4 | User Name: GOLIATH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 21:15:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GOLIATH\Desktop\OTL.exe
PRC - [2011/05/04 10:01:34 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2011/04/20 09:33:48 | 006,515,800 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2011/03/22 10:14:10 | 000,165,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2011/01/26 18:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/26 18:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\ccsvchst.exe
PRC - [2009/06/04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/22 18:18:54 | 001,649,152 | ---- | M] (Intel(R) Corporation) -- C:\HARDWARE\INTEL\IDU\iptray.exe
PRC - [2009/01/22 18:18:52 | 000,124,928 | ---- | M] (Intel(R) Corporation) -- C:\HARDWARE\INTEL\IDU\iduServ.exe
PRC - [2008/10/01 21:43:08 | 000,708,608 | ---- | M] (Shaun Ivory) -- C:\GRAPHICS\PANORAMA\Panorama.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\HARDWARE\Creative\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/02/20 15:58:44 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
PRC - [2008/01/19 03:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2008/01/13 19:27:34 | 000,081,952 | ---- | M] () -- C:\APPLICAT\DrvGleam\DriveGLEAM105.exe
PRC - [2007/03/12 07:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 07:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/14 18:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\HARDWARE\PROMISE\WebPAM\_jvm\bin\java.exe
PRC - [2005/10/05 18:19:00 | 000,131,072 | ---- | M] () -- C:\HARDWARE\SYBA\3132-W-R\SATARaid5ConfigService.exe
PRC - [2003/09/29 08:30:08 | 000,110,592 | ---- | M] () -- C:\HARDWARE\PROMISE\WebPAM\jetty\extra\win32\Wrapper.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\HARDWARE\Creative\DVDAudio\CTDVDDET.exe
PRC - [1998/10/02 00:13:04 | 000,069,632 | ---- | M] (Spicey Programs) -- C:\UTILITY\sc.exe
PRC - [1996/05/17 08:20:58 | 000,198,656 | ---- | M] () -- C:\APPLICAT\TRAYICON\TRAYICON.EXE

========== Modules (SafeList) ==========

MOD - [2011/05/05 21:15:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GOLIATH\Desktop\OTL.exe
MOD - [2011/04/19 01:49:30 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcr90.dll
MOD - [2011/04/19 01:49:30 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\msvcp90.dll
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\asoehook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (PromiseWebPAM)
SRV - [2011/05/04 10:01:34 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2011/02/28 19:49:20 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/26 18:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/10/07 11:23:18 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\APPLICAT\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/09/14 15:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/05/07 22:34:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/22 18:18:52 | 000,124,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\HARDWARE\INTEL\IDU\iduServ.exe -- (IduService) Intel(R)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\DIAGS\Sandra\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/15 22:48:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/10/05 18:19:00 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\HARDWARE\SYBA\3132-W-R\SATARaid5ConfigService.exe -- (SATARaid5 Config Service)

========== Driver Services (SafeList) ==========

DRV - [2011/04/15 16:29:05 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/31 09:35:05 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110506.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 09:35:05 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110506.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/22 10:14:22 | 000,176,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2011/03/22 10:14:22 | 000,029,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2011/03/22 10:14:22 | 000,023,176 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110506.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/01/26 19:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/01/26 19:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/26 18:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/17 08:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010/09/06 19:41:52 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/06 19:21:51 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/06 05:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/26 02:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2010/03/24 01:47:26 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/14 18:46:05 | 000,015,352 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\osaio.sys -- (osaio)
DRV - [2010/01/20 23:47:54 | 000,836,384 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/08/29 20:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/07/25 16:25:22 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/07/03 10:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/01/22 18:18:44 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/01/15 10:15:26 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) USBCCGP filter driver (dc3d)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\DIAGS\Sandra\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/10/29 22:56:04 | 000,217,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3132r5.sys -- (Si3132r5)
DRV - [2008/10/29 22:56:04 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/10/29 22:56:04 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008/02/25 04:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2008/02/25 04:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2008/02/25 04:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2008/02/25 04:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2008/02/25 04:41:06 | 000,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2008/02/25 04:41:02 | 000,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2008/02/25 04:40:56 | 000,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2008/02/25 04:40:52 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2008/02/05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008/01/12 16:20:12 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/01/12 16:20:12 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/07/18 05:32:14 | 000,154,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2007/05/31 10:32:34 | 000,099,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420)
DRV - [2007/03/12 03:59:00 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WMP54GSx86.sys -- (BCM43XX)
DRV - [2007/02/15 20:42:34 | 000,155,032 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\fttxr52p.sys -- (fttxr52P)
DRV - [2006/12/28 06:57:00 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2006/11/07 17:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2003/11/03 11:39:10 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMBios.sys -- (SMBios) Intel (R)
DRV - [1999/09/10 07:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-type: "${8} "
FF - prefs.js..extensions.enabledItems: cards@clav.mozdev.org:0.98
FF - prefs.js..extensions.enabledItems: ErrorZillaMod@jaybaldwin:0.41
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: goup@clav.mozdev.org:1.0
FF - prefs.js..extensions.enabledItems: hashcolouredtabs@bristol.ac.uk:0.4.23
FF - prefs.js..extensions.enabledItems: launchy@gemal.dk:4.4.0
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: {2485990f-d3b0-4e57-bd0f-5abdffa70773}:1.4.8
FF - prefs.js..extensions.enabledItems: {31822e53-540b-415c-94cd-d8ff2b143a8e}:0.3.4
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {3474c305-9dad-11d8-9207-00055d74c2e4}:0.4.2
FF - prefs.js..extensions.enabledItems: {349ce370-12e8-11d9-9669-0800200c9a66}:0.3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {3acc3b91-1e3c-4d0d-aefe-f82dead71816}:1.2.3
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {5A32C460-12D9-11D9-9669-0800200C9A66}:0.2.4
FF - prefs.js..extensions.enabledItems: {5B700FEA-FF2A-4746-BB2D-9D26A8EB056D}:1.6.4
FF - prefs.js..extensions.enabledItems: {5ed572bf-9878-43b3-be69-feb67cb4080e}:0.9.5.0
FF - prefs.js..extensions.enabledItems: {61D0D7AF-4FF6-476a-B68F-6531F613A6D8}:0.2.2
FF - prefs.js..extensions.enabledItems: {61FD08D8-A2CB-46c0-B36D-3F531AC53C12}:2.0.2011040501
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.02
FF - prefs.js..extensions.enabledItems: {68E5DD30-A659-4987-99F9-EAF21F9D4140}:3.0t3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:1.0.0
FF - prefs.js..extensions.enabledItems: {8B41860E-5D30-4e96-BB09-CE22F491A481}:0.6.8.4
FF - prefs.js..extensions.enabledItems: {8e117890-a33f-424b-a2ea-deb272731365}:0.2.0.20060116
FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1
FF - prefs.js..extensions.enabledItems: {909409b9-2e3b-4682-a5d1-71ca80a76456}:0.2.1.031
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: {99ec6690-8bb1-11da-a72b-0800200c9a66}:0.3
FF - prefs.js..extensions.enabledItems: {9b84cce7-a817-45d7-865e-9e6e8da1c388}:1.0.6
FF - prefs.js..extensions.enabledItems: {AA052FD6-366A-4771-A591-0D8DC551585D}:1.1.21
FF - prefs.js..extensions.enabledItems: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}:2.0.1.1
FF - prefs.js..extensions.enabledItems: {af5b81c7-2587-4206-8b57-41e384facaba}:1.9
FF - prefs.js..extensions.enabledItems: {c4d362ec-1cff-4ca0-9031-99a8fad7995a}:1.14.2011050202
FF - prefs.js..extensions.enabledItems: {cd2b821e-19f9-40a7-ac5c-08d6c197fc43}:0.8.6
FF - prefs.js..extensions.enabledItems: {CE49E315-575E-44df-8E4B-A8CD28A48B9D}:0.4.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {d176c86a-1eac-2cce-1757-bc0dbc6c526c}:0.993
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.7.82
FF - prefs.js..extensions.enabledItems: {D580BE35-9342-4622-A635-08F640066C97}:1.4.2
FF - prefs.js..extensions.enabledItems: {e22068c8-faf8-4620-b0d6-e2811a82e84b}:3.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {e3a1bec3-1cc1-4d20-875b-a10587471a5e}:0.8.2
FF - prefs.js..extensions.enabledItems: {ea702e71-fcda-4c39-93bb-fea2b543b58c}:0.7.0.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: {f65bf62a-5ffc-4317-9612-38907a779583}:1.3.0
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}:0.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: apollo@www.spuler.us:3.5
FF - prefs.js..extensions.enabledItems: icandyjr@www.spuler.us:3.5
FF - prefs.js..extensions.enabledItems: neptune@www.spuler.us:3.5
FF - prefs.js..extensions.enabledItems: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}:3.6
FF - prefs.js..extensions.enabledItems: {26bf010a-c934-4f38-868d-e8419d9e82ff}:2.0.0.8
FF - prefs.js..extensions.enabledItems: {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}:1.8.72
FF - prefs.js..extensions.enabledItems: {86b1f2a0-1790-11db-ac5d-0800200c9a66}:2.4.4
FF - prefs.js..extensions.enabledItems: {88060a48-addf-4060-87db-c9aec3e5615a}:1.5.915
FF - prefs.js..extensions.enabledItems: {9dd2ef0a-f6f2-4f54-ad61-611181226d56}:2.0.0.6
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {ded0fc70-7215-4802-afeb-b2982d3e7225}:3.6
FF - prefs.js..extensions.enabledItems: {E800A8D5-6B36-4854-9F21-443F8CBFF835}:2.0.3
FF - prefs.js..extensions.enabledItems: {FD40BF8D-5859-4f95-866A-F59FF99ECF59}:2.6
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/12 16:28:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/09/06 19:57:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/09/06 19:31:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\APPLICAT\Firefox\components [2011/05/04 10:27:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\APPLICAT\Firefox\plugins [2011/05/06 12:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.14\extensions\\Components: C:\APPLICAT\SeaMonkey\components [2011/04/29 11:01:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.14\extensions\\Plugins: C:\APPLICAT\SeaMonkey\plugins [2011/04/29 11:01:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender2008\tbextension

[2010/01/09 13:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Extensions
[2010/01/09 13:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2007/08/12 05:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\1o01ngee.default\extensions
[2011/05/04 10:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions
[2009/07/25 15:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2011/05/04 10:21:50 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/09/14 20:07:00 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2010/02/14 00:34:26 | 000,000,000 | ---D | M] (Aeon Colors) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}
[2010/07/17 13:22:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/15 21:46:40 | 000,000,000 | ---D | M] (mozImage) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{2485990f-d3b0-4e57-bd0f-5abdffa70773}
[2007/10/20 09:11:04 | 000,000,000 | ---D | M] ( "Doodle Plastik ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{26bf010a-c934-4f38-868d-e8419d9e82ff}
[2007/08/14 13:22:18 | 000,000,000 | ---D | M] (Popup Count) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{31822e53-540b-415c-94cd-d8ff2b143a8e}
[2007/08/14 12:29:03 | 000,000,000 | ---D | M] ( "Adblock ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2007/08/14 12:30:54 | 000,000,000 | ---D | M] (Bookmark Backup) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}
[2007/08/14 13:21:24 | 000,000,000 | ---D | M] ( "Print It! ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{349ce370-12e8-11d9-9669-0800200c9a66}
[2011/05/04 10:21:50 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2007/08/14 12:39:17 | 000,000,000 | ---D | M] ( "Extended Link Properties ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{3acc3b91-1e3c-4d0d-aefe-f82dead71816}
[2010/11/04 19:52:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/14 00:40:19 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2007/08/14 12:48:48 | 000,000,000 | ---D | M] ( "Gcache ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{5A32C460-12D9-11D9-9669-0800200C9A66}
[2009/07/25 15:32:09 | 000,000,000 | ---D | M] (Fetch Text URL) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{5B700FEA-FF2A-4746-BB2D-9D26A8EB056D}
[2007/10/20 09:11:11 | 000,000,000 | ---D | M] ( "View formatted source ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{5ed572bf-9878-43b3-be69-feb67cb4080e}
[2007/10/20 09:11:11 | 000,000,000 | ---D | M] ( "Stop-or-Reload Button ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{61D0D7AF-4FF6-476a-B68F-6531F613A6D8}
[2011/05/04 10:21:50 | 000,000,000 | ---D | M] ( "Popup ALT Attribute ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}
[2008/09/15 22:07:21 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2010/11/04 19:52:25 | 000,000,000 | ---D | M] (View Source Chart) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2011/05/04 10:21:49 | 000,000,000 | ---D | M] (LastTab) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{68E5DD30-A659-4987-99F9-EAF21F9D4140}
[2011/05/04 10:24:42 | 000,000,000 | ---D | M] ( "Nautipolis for Firefox ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}
[2011/05/04 10:24:50 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/25 15:21:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/05/04 10:21:46 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2007/10/20 09:11:06 | 000,000,000 | ---D | M] ( ""glowyblue" ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{86b1f2a0-1790-11db-ac5d-0800200c9a66}
[2007/10/20 09:11:09 | 000,000,000 | ---D | M] ( "Phoenity ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{88060a48-addf-4060-87db-c9aec3e5615a}
[2007/10/20 09:11:03 | 000,000,000 | ---D | M] ( "Bookmarks LinkChecker ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{8B41860E-5D30-4e96-BB09-CE22F491A481}
[2007/08/14 13:07:48 | 000,000,000 | ---D | M] ( "Mozilla Calendar ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{8e117890-a33f-424b-a2ea-deb272731365}
[2010/07/17 13:23:00 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2007/08/14 13:25:44 | 000,000,000 | ---D | M] ( "SessionSaver .2 ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2010/02/14 00:40:35 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010/02/14 00:40:38 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2007/10/20 09:11:11 | 000,000,000 | ---D | M] ( "Unread Tabs ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{99ec6690-8bb1-11da-a72b-0800200c9a66}
[2008/09/15 21:40:08 | 000,000,000 | ---D | M] (Neo Diggler) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{9b84cce7-a817-45d7-865e-9e6e8da1c388}
[2007/10/20 09:11:04 | 000,000,000 | ---D | M] ( "Doodle Classic ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{9dd2ef0a-f6f2-4f54-ad61-611181226d56}
[2010/04/03 21:09:31 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011/05/04 10:21:31 | 000,000,000 | ---D | M] (Calculator) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}
[2008/09/15 21:40:08 | 000,000,000 | ---D | M] ( "OpenBook ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2010/02/14 00:40:39 | 000,000,000 | ---D | M] (Bork Bork Bork!) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{af5b81c7-2587-4206-8b57-41e384facaba}
[2011/05/04 10:24:51 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
[2007/10/20 09:11:06 | 000,000,000 | ---D | M] ( "FLST ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{cd2b821e-19f9-40a7-ac5c-08d6c197fc43}
[2007/08/14 13:24:32 | 000,000,000 | ---D | M] ( "Show Image ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{CE49E315-575E-44df-8E4B-A8CD28A48B9D}
[2011/05/04 10:21:30 | 000,000,000 | ---D | M] ( "CoolPreviews ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2008/09/15 21:40:08 | 000,000,000 | ---D | M] (XE.com Universal Currency Converter ®) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{d176c86a-1eac-2cce-1757-bc0dbc6c526c}
[2011/05/04 10:21:28 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2007/10/20 09:11:06 | 000,000,000 | ---D | M] ( "MAB ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{D580BE35-9342-4622-A635-08F640066C97}
[2010/02/14 00:33:47 | 000,000,000 | ---D | M] (Aeon) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}
[2008/09/15 21:40:07 | 000,000,000 | ---D | M] (NeedleSearch) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{e22068c8-faf8-4620-b0d6-e2811a82e84b}
[2009/09/14 19:24:01 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2007/10/20 09:11:09 | 000,000,000 | ---D | M] ( "Preferential ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
[2007/08/14 03:37:18 | 000,000,000 | ---D | M] (Modern Pinball) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2007/08/14 13:24:58 | 000,000,000 | ---D | M] (Sort Bookmarks) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{ea702e71-fcda-4c39-93bb-fea2b543b58c}
[2011/05/04 10:21:14 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2011/05/04 10:24:51 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/02/14 00:41:16 | 000,000,000 | ---D | M] ( "infoRSS ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{f65bf62a-5ffc-4317-9612-38907a779583}
[2011/05/04 10:21:08 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2008/11/09 14:58:55 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2008/03/28 15:28:23 | 000,000,000 | ---D | M] (FormalGnome) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{FD40BF8D-5859-4f95-866A-F59FF99ECF59}
[2007/08/14 13:27:58 | 000,000,000 | ---D | M] ( "Wayback ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{FDC1470B-8F74-4660-A7A0-2E367DA9CA6C}
[2010/02/14 00:34:06 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2009/07/25 15:54:40 | 000,000,000 | ---D | M] (Apollo) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\apollo@www.spuler.us
[2007/10/20 09:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\cards@clav.mozdev.org
[2011/05/04 10:22:14 | 000,000,000 | ---D | M] (ErrorZilla Mod) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\ErrorZillaMod@jaybaldwin
[2011/05/04 10:22:09 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\firebug@software.joehewitt.com
[2007/10/20 09:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\goup@clav.mozdev.org
[2010/04/03 21:09:10 | 000,000,000 | ---D | M] (HashColouredTabs+) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\hashcolouredtabs@bristol.ac.uk
[2009/07/25 15:11:24 | 000,000,000 | ---D | M] (iCandy Junior) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\icandyjr@www.spuler.us
[2010/02/14 00:40:18 | 000,000,000 | ---D | M] (Launchy) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\launchy@gemal.dk
[2009/07/25 15:11:51 | 000,000,000 | ---D | M] (Neptune) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\neptune@www.spuler.us
[2010/04/03 21:09:37 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\noia2_option@kk.noia
[2009/02/11 21:54:52 | 000,000,000 | ---D | M] ( "Broadband Speed Test and Diagnostics ") -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\speedtest@gotomyhelp.com
[2009/07/25 15:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\apollo@www.spuler.us\chrome\browser\extensions
[2009/07/25 15:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\apollo@www.spuler.us\chrome\browser\extensions\icons
[2009/07/25 15:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\apollo@www.spuler.us\chrome\mozapps\extensions
[2009/07/25 15:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\icandyjr@www.spuler.us\chrome\browser\extensions
[2009/07/25 15:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\icandyjr@www.spuler.us\chrome\browser\extensions\icons
[2009/07/25 15:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\icandyjr@www.spuler.us\chrome\mozapps\extensions
[2009/07/25 15:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\neptune@www.spuler.us\chrome\browser\extensions
[2009/07/25 15:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\neptune@www.spuler.us\chrome\browser\extensions\icons
[2009/07/25 15:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Firefox\Profiles\que7xrx0.default\extensions\neptune@www.spuler.us\chrome\mozapps\extensions
[2011/05/06 10:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions
[2010/07/01 22:37:38 | 000,000,000 | ---D | M] (googlebar) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2010/01/09 13:21:22 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010/01/09 13:26:52 | 000,000,000 | ---D | M] (Preferential) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{e3a1bec3-1cc1-4d20-875b-a10587471a5e}
[2011/04/16 18:34:14 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010/01/09 13:22:35 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011/05/04 10:18:59 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\Profiles\default\yxq44fay.slt\extensions\coralietab@mozdev.org
[2010/01/09 13:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GOLIATH\AppData\Roaming\Mozilla\SeaMonkey\Profiles\m9fdspen.default\extensions
[2010/10/07 10:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\APPLICAT\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/27 15:42:04 | 000,000,000 | ---D | M] (Java Console) -- C:\APPLICAT\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/04/12 16:28:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2010/09/06 19:31:44 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN
[2010/09/06 19:57:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN

Hosts file not found
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\APPLICAT\IE7Pro\IEPro.dll (IE7Pro.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\APPLICAT\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLICAT\SpybotSD\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\DIAGS\NortonInternetSecurity\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\HARDWARE\Creative\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTXFIREG] C:\Windows\System32\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ipTray.exe] C:\HARDWARE\INTEL\IDU\ipTray.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\HARDWARE\Creative\SoundBlasterX-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

Xd23bgt · 2011/05/06

Part 2 of 2

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DriveGLEAM] C:\APPLICAT\DrvGleam\DriveGLEAM105.exe ()
O8 - Extra context menu item: Download with GetRight - C:\APPLICAT\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\APPLICAT\GetRight\GRBrowse.htm ()
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\APPLICAT\IE7Pro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\APPLICAT\IE7Pro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\APPLICAT\MSOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\APPLICAT\MSOffice\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\APPLICAT\MSOffice\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\APPLICAT\SpybotSD\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1303237921162 (MUCatalogWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\APPLICAT\QuickBooks2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\GOLIATH\Documents\Melissa\cf8768ea-be8d-4132-b14a-67b9c2e9cda7.jpg
O24 - Desktop BackupWallPaper: C:\Users\GOLIATH\Documents\Melissa\cf8768ea-be8d-4132-b14a-67b9c2e9cda7.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 20:23:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\GOLIATH\Desktop\OTL.exe
[2011/05/06 12:25:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/06 12:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/05 00:41:07 | 000,000,000 | --SD | C] -- C:\jacksprat
[2011/05/05 00:40:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/05 00:12:37 | 000,000,000 | --SD | C] -- C:\maxsmyth
[2011/05/04 22:31:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/04 22:31:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/04 22:31:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/04 22:31:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/04 22:29:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/04 13:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programming
[2011/05/03 22:50:08 | 000,000,000 | ---D | C] -- C:\Users\GOLIATH\AppData\Roaming\Malwarebytes
[2011/05/03 22:49:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/03 22:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/03 22:49:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/28 22:34:34 | 000,000,000 | -HSD | C] -- C:\Users\GOLIATH\Documents\%APPDATA%
[2011/04/28 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\GOLIATH\AppData\Local\CutePDF Writer
[2011/04/28 22:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011/04/28 22:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/04/20 14:28:47 | 000,000,000 | ---D | C] -- C:\TMP2
[2011/04/20 12:02:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CoffeeCup Software
[2011/04/20 12:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CoffeeCup Software
[2011/04/18 23:36:43 | 001,563,024 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2011/04/18 23:36:43 | 000,000,000 | ---D | C] -- C:\Users\GOLIATH\AppData\Roaming\Webroot
[2011/04/18 23:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/04/18 23:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/06/04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/05/06 18:28:39 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 18:28:39 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/06 12:36:47 | 000,607,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/06 12:36:47 | 000,106,018 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/06 12:28:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/06 12:28:24 | 3487,301,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/06 12:26:53 | 000,054,928 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000007-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/05/06 12:26:53 | 000,054,928 | ---- | M] () -- C:\Windows\System32\BMXState-{00000007-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/05/06 12:26:53 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000007-00000000-00000001-00001102-00000005-00211102}.rfx
[2011/05/05 21:15:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GOLIATH\Desktop\OTL.exe
[2011/05/05 11:00:04 | 000,001,684 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L2F338C82EDAD44F4941FC0E2065D7828.job
[2011/05/04 10:00:39 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2011/05/03 22:40:12 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - GOLIATH - Full System Scan.job
[2011/04/20 14:00:31 | 000,157,696 | ---- | M] () -- C:\Users\GOLIATH\AppData\Roaming\SharedSettings.ccs
[2011/04/20 09:34:48 | 001,563,024 | ---- | M] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2011/04/19 02:05:00 | 000,423,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/18 23:46:31 | 000,317,191 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.bak

========== Files Created - No Company Name ==========

[2011/05/05 00:32:15 | 3487,301,632 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/04 22:31:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/04 22:31:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/04 22:31:14 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/04 22:31:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/04 22:31:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/28 22:31:56 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/04/18 23:46:25 | 000,001,684 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L2F338C82EDAD44F4941FC0E2065D7828.job
[2011/03/22 10:14:16 | 000,031,104 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2011/03/22 10:14:10 | 000,016,256 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2011/01/04 17:40:08 | 000,001,940 | ---- | C] () -- C:\Users\GOLIATH\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/20 22:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/17 12:00:44 | 000,227,587 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/30 14:56:29 | 000,000,089 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/07/11 20:27:17 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/05/13 21:26:44 | 000,157,696 | ---- | C] () -- C:\Users\GOLIATH\AppData\Roaming\SharedSettings.ccs
[2010/05/13 21:23:56 | 000,000,192 | ---- | C] () -- C:\Windows\System32\xpysys.dll
[2010/01/09 14:29:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/09 14:29:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/12/11 15:49:46 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/11/29 19:19:28 | 000,000,025 | ---- | C] () -- C:\Windows\OUTSTACKER.INI
[2009/08/19 18:34:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/25 22:11:39 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/06/04 00:36:30 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009/06/04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/04/11 15:12:42 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/02/17 22:09:04 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/02/17 20:08:38 | 008,507,392 | ---- | C] () -- C:\ProgramData\sandra.mda
[2008/12/28 21:24:49 | 000,516,505 | ---- | C] () -- C:\Windows\C.O.R.E. Uninstaller.exe
[2008/10/10 23:20:44 | 000,000,107 | ---- | C] () -- C:\Windows\System32\apsett.ini
[2008/09/30 20:38:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/16 19:41:56 | 001,746,360 | ---- | C] () -- C:\Windows\System32\CTAA1.DAT
[2008/07/14 19:30:55 | 000,022,328 | ---- | C] () -- C:\Users\GOLIATH\AppData\Roaming\PnkBstrK.sys
[2008/07/14 19:30:39 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008/07/11 15:40:54 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2008/07/11 15:40:54 | 000,056,509 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2008/04/10 09:07:33 | 000,691,545 | ---- | C] () -- C:\Windows\unins000.exe
[2008/04/10 09:07:33 | 000,002,541 | ---- | C] () -- C:\Windows\unins000.dat
[2008/02/20 16:00:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2008/02/20 15:58:46 | 000,037,888 | ---- | C] () -- C:\Windows\System32\PSCONV.EXE
[2008/02/20 15:46:20 | 000,149,838 | ---- | C] () -- C:\Windows\System32\CTBAS2W.DAT
[2008/02/20 15:44:34 | 000,274,587 | ---- | C] () -- C:\Windows\System32\CTSBAS2W.DAT
[2008/02/20 15:44:26 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2008/02/20 15:44:26 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2008/02/20 15:44:10 | 000,313,207 | ---- | C] () -- C:\Windows\System32\CTSTATIC.DAT
[2008/02/20 15:44:10 | 000,053,932 | ---- | C] () -- C:\Windows\System32\CTDAUGHT.DAT
[2008/01/12 16:13:21 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/01/12 16:13:13 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007/12/09 10:29:48 | 000,000,119 | ---- | C] () -- C:\Windows\civ.ini
[2007/12/08 07:12:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007/12/08 07:12:18 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2007/12/08 07:12:11 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2007/10/14 08:11:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2007/10/02 07:16:32 | 000,061,678 | ---- | C] () -- C:\Users\GOLIATH\AppData\Roaming\PFP110JPR.{PB
[2007/10/02 07:16:32 | 000,012,358 | ---- | C] () -- C:\Users\GOLIATH\AppData\Roaming\PFP110JCM.{PB
[2007/09/30 13:14:50 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2007/09/27 10:24:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/09/27 10:24:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/09/27 10:24:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/09/26 19:44:12 | 000,000,501 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/09/24 14:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\EAREMOVE.INI
[2007/09/24 11:31:05 | 000,000,000 | ---- | C] () -- C:\Windows\ins.INI
[2007/09/23 14:50:23 | 000,000,785 | ---- | C] () -- C:\Windows\DR2.ini
[2007/09/15 04:51:11 | 000,202,240 | ---- | C] () -- C:\Windows\patchw32.dll
[2007/09/11 18:03:04 | 000,047,109 | ---- | C] () -- C:\Windows\War3Unin.dat
[2007/09/11 17:42:52 | 000,029,384 | ---- | C] () -- C:\Windows\scunin.dat
[2007/09/11 06:40:58 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/09/11 03:49:39 | 000,000,095 | ---- | C] () -- C:\Users\GOLIATH\AppData\Local\fusioncache.dat
[2007/09/10 12:58:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/09/10 11:25:29 | 000,158,720 | ---- | C] () -- C:\Windows\RefUinst.exe
[2007/09/10 05:49:39 | 000,000,767 | ---- | C] () -- C:\Windows\BZII.INI
[2007/09/10 04:29:49 | 000,000,489 | ---- | C] () -- C:\Windows\Disney.ini
[2007/09/10 04:29:42 | 000,000,305 | ---- | C] () -- C:\Windows\EReg515.dat
[2007/09/09 18:22:54 | 000,000,676 | ---- | C] () -- C:\Windows\EReg072.dat
[2007/09/02 09:19:22 | 000,000,799 | ---- | C] () -- C:\Windows\CoDUO.INI
[2007/09/02 09:10:34 | 000,000,754 | ---- | C] () -- C:\Windows\CoD.INI
[2007/08/22 14:20:16 | 000,002,333 | ---- | C] () -- C:\Windows\eReg.dat
[2007/08/18 05:35:40 | 000,049,152 | ---- | C] () -- C:\Windows\Iniexpander.exe
[2007/08/18 05:30:21 | 000,000,228 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/08/13 15:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2007/08/13 08:40:40 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/13 08:40:21 | 000,118,784 | ---- | C] () -- C:\Windows\GREUninstall.exe
[2007/08/13 08:40:18 | 000,005,395 | ---- | C] () -- C:\Windows\mozver.dat
[2007/08/10 03:17:50 | 000,000,219 | ---- | C] () -- C:\Windows\RomeTW.ini
[2007/08/07 08:38:29 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2007/08/07 08:29:35 | 000,023,552 | ---- | C] () -- C:\Users\GOLIATH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/07 07:38:15 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/08/07 06:42:38 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2007/08/07 06:42:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2007/08/07 06:38:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/08/01 11:07:52 | 000,001,356 | ---- | C] () -- C:\Users\GOLIATH\AppData\Local\d3d9caps.dat
[2007/07/25 22:53:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/07/25 22:49:28 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/03/22 21:33:00 | 000,516,096 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,423,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,020 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,018 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/07/20 12:31:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\_inmm.dll
[2003/02/07 14:31:48 | 000,000,260 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI

========== LOP Check ==========

[2010/10/22 23:17:47 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\.minecraft
[2009/08/14 00:48:58 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\.purple
[2008/01/12 16:20:53 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Ascaron Entertainment
[2007/11/25 20:14:48 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Bioshock
[2009/02/11 11:59:34 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\BitDefender
[2007/11/18 14:27:11 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Bluecave Software
[2011/04/20 12:02:22 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\CoffeeCup Software
[2010/02/14 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Facebook
[2010/06/12 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\FreeAudioPack
[2009/03/15 16:46:20 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\gtk-2.0
[2007/08/09 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\JGsoft
[2007/08/10 12:08:45 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Leadertech
[2007/08/31 18:05:55 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\LucasArts
[2009/10/09 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\My Battle for Middle-earth Files
[2007/12/14 12:42:14 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2007/08/07 19:42:29 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\My Games
[2007/12/16 07:18:35 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
[2009/12/11 22:51:23 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\PACE Anti-Piracy
[2007/08/31 18:06:35 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Petroglyph
[2010/08/27 21:50:19 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\PolyView
[2007/11/10 09:23:02 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Seven Zip
[2007/08/13 17:08:53 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\Smart Recorder
[2010/02/14 00:20:35 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\SystemRequirementsLab
[2011/02/28 20:46:39 | 000,000,000 | ---D | M] -- C:\Users\GOLIATH\AppData\Roaming\The Creative Assembly
[2011/05/06 12:26:47 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/05 11:00:04 | 000,001,684 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L2F338C82EDAD44F4941FC0E2065D7828.job

========== Purity Check ==========

< End of report >

Thanks for your patience. I really appreciate your help.

broni · 2011/05/06

Any current issues?

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Log in or Sign up

Solved Log files for review

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Log files for review

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Xd23bgt Inactive Thread Starter

Xd23bgt Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches