Here they all are.... [b] In - Log - m520b8acd

Here they all are....
[b]
Info: [/b]
[code]info.txt logfile of random's system information tool 1.06 2010-02-09 16:40:01

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
183082-->MsiExec.exe /X{33B39446-C34C-4552-BE88-FE217D79C868}
3ivx MPEG-4 5.0.3 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe"
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acrobat.com-->MsiExec.exe /I{27F00C63-449B-2FAB-CBE8-24AB80E17449}
ActivePerl 5.10.0 Build 1005-->MsiExec.exe /I{FD025150-EEA0-4CAC-BED1-B9837783FCC8}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9  /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9  /remove
AIM 6-->C:\Program Files\AIM6\uninst.exe
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Any Video Converter 2.7.9-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom NetXtreme II Driver Installer-->MsiExec.exe /I{70C5AEBE-FAF7-4C58-80D2-B3C4B7179D5D}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Canon iP1800 series User Registration-->C:\Program Files\Canon\IJEREG\iP1800 series\UNINST.EXE
Canon iP1800 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Creative Live! Cam Doodling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9  /remove
Creative Live! Cam Video IM Pro Driver (1.03.02.00)-->C:\Windows\CtDrvIns.exe -uninstall -script VF0230.uns -unsext NT -plugin V0230Pin.dll -pluginres CtCamPin.crl
Dell Dock-->"C:\ProgramData\{7322D736-AA5F-4DD0-8E33-EA48318CC276}\delldock.exe" REMOVE=TRUE MODIFY=FALSE
Dell Dock-->C:\ProgramData\{7322D736-AA5F-4DD0-8E33-EA48318CC276}\delldock.exe
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Video Chat (remove only)-->C:\Program Files\Dell Video Chat\uninst.exe
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9  /remove
DELL Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9  /remove
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
Google Gears-->MsiExec.exe /I{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Integrated Webcam Driver (1.03.02.0919)  -->C:\Windows\CtDrvIns.exe -uninstall -script OA001.uns -plugin OA001Pin.dll -pluginres OA001Pin.crl -nodisconprompt -langid 0x0409
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
ITECIR Driver-->C:\Program Files\InstallShield Installation Information\{FCED9B62-34FF-4C15-8A23-F65221F7874D}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013F0}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LimeWire 5.2.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.4 (remove only)-->"C:\Program Files\ManyCam 2.4\uninstall.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
muvee Plugin 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82CA0A0C-A3EC-4167-B694-909205B2EDEC}\setup.exe" -l0x9
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
QuickSet-->MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.2.1 beta-->"C:\Program Files\WinSCP\unins000.exe"
YouTube Account Creator-->MsiExec.exe /I{4D28A974-F0D8-4C8E-B5DD-980D8D3663EE}
z2 Remote2PC 1.3 Build 1323-->C:\Program Files\z2 Remote2PC\uninst.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1       www.007guard.com
127.0.0.1       007guard.com
127.0.0.1       008i.com
127.0.0.1       www.008k.com
127.0.0.1       008k.com
127.0.0.1       www.00hq.com
127.0.0.1       00hq.com
127.0.0.1       010402.com
127.0.0.1       www.032439.com
127.0.0.1       032439.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Santa-PC2
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 33848
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20090407004343.000000-000
Event Type: Warning
User:

Computer Name: Santa-PC2
Event Code: 7
Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 38 seconds since the last report.
Record Number: 33868
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090407033439.502000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Santa-PC2
Event Code: 7
Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 38 seconds since the last report.
Record Number: 33869
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20090407033439.502000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Santa-PC2
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
Record Number: 33929
Source Name: k57nd60x
Time Written: 20090407170225.734923-000
Event Type: Warning
User:

Computer Name: Santa-PC2
Event Code: 6008
Message: The previous system shutdown at 11:41:07 PM on 4/6/2009 was unexpected.
Record Number: 33934
Source Name: EventLog
Time Written: 20090407170251.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Santa-PC2
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 252434
Source Name: SideBySide
Time Written: 20100210004035.000000-000
Event Type: Error
User:

Computer Name: Santa-PC2
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 252435
Source Name: SideBySide
Time Written: 20100210004042.000000-000
Event Type: Error
User:

Computer Name: Santa-PC2
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 252436
Source Name: SideBySide
Time Written: 20100210004049.000000-000
Event Type: Error
User:

Computer Name: Santa-PC2
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 252437
Source Name: SideBySide
Time Written: 20100210004056.000000-000
Event Type: Error
User:

Computer Name: Santa-PC2
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 252438
Source Name: SideBySide
Time Written: 20100210004103.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Santa-PC2
Event Code: 4688
Message: A new process has been created.

Subject:
        Security ID:            S-1-5-21-1864734467-1502112414-1167469204-1014
        Account Name:           Guest User
        Account Domain:         Santa-PC2
        Logon ID:               0x35746

Process Information:
        New Process ID:         0x1874
        New Process Name:       C:\Program Files\Internet Explorer\iexplore.exe
        Token Elevation Type:   TokenElevationTypeDefault (1)
        Creator Process ID:     0xec8

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 63045
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100209085933.072025-000
Event Type: Audit Success
User:

Computer Name: Santa-PC2
Event Code: 4696
Message: A primary token was assigned to process.

Subject:
        Security ID:            S-1-5-21-1864734467-1502112414-1167469204-1014
        Account Name:           Guest User
        Account Domain:         Santa-PC2
        Logon ID:               0x35746

Process Information:
        Process ID:     0xec8
        Process Name:   C:\Program Files\Internet Explorer\iexplore.exe

Target Process:
        Target Process ID:      0x1874
        Target Process Name:    C:\Program Files\Internet Explorer\iexplore.exe

New Token Information:
        Security ID:            S-1-5-21-1864734467-1502112414-1167469204-1014
        Account Name:           Guest User
        Account Domain:         Santa-PC2
        Logon ID:               0x35746
Record Number: 63046
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100209085933.073025-000
Event Type: Audit Success
User:

Computer Name: Santa-PC2
Event Code: 4688
Message: A new process has been created.

Subject:
        Security ID:            S-1-5-21-1864734467-1502112414-1167469204-1014
        Account Name:           Guest User
        Account Domain:         Santa-PC2
        Logon ID:               0x35746

Process Information:
        New Process ID:         0x1584
        New Process Name:       C:\Program Files\Java\jdk1.6.0_11\bin\bin\ssvagent.exe
        Token Elevation Type:   TokenElevationTypeDefault (1)
        Creator Process ID:     0x1874

Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.

Type 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.

Type 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.

Type 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Record Number: 63047
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100209085936.045025-000
Event Type: Audit Success
User:

Computer Name: Santa-PC2
Event Code: 4689
Message: A process has exited.

Subject:
        Security ID:            S-1-5-21-1864734467-1502112414-1167469204-1014
        Account Name:           Guest User
        Account Domain:         Santa-PC2
        Logon ID:               0x35746

Process Information:
        Process ID:     0x1584
        Process Name:   C:\Program Files\Java\jdk1.6.0_11\bin\bin\ssvagent.exe
        Exit Status:    0x0
Record Number: 63048
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100209085937.146025-000
Event Type: Audit Success
User:

Computer Name: Santa-PC2
Event Code: 4689
Message: A process has exited.

Subject:
        Security ID:            S-1-5-21-1864734467-1502112414-1167469204-1014
        Account Name:           Guest User
        Account Domain:         Santa-PC2
        Logon ID:               0x35746

Process Information:
        Process ID:     0x1d70
        Process Name:   C:\Windows\System32\SearchProtocolHost.exe
        Exit Status:    0x0
Record Number: 63049
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100209090047.697025-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;c:\Program Files\Microsoft SQL Server\100\Tools\Binn;c:\Program Files\Microsoft SQL Server\100\DTS\Binn;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jdk1.6.0_11\bin\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jdk1.6.0_11\bin\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------
[/code]

[b]Log:[/b]
[code]
Logfile of random's system information tool 1.06 (written by random/random)
Run by Santa at 2010-02-09 16:39:16
Microsoft� Windows Vista� Home Premium  Service Pack 1
System drive C: has 148 GB (65%) free of 228 GB
Total RAM: 3061 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:53 PM, on 2/9/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jdk1.6.0_11\bin\bin\jusched.exe
C:\Windows\V0230Mon.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Santa\Desktop\RSIT.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\Santa.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jdk1.6.0_11\bin\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jdk1.6.0_11\bin\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1864734467-1502112414-1167469204-1014\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Guest User')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - ALWIL Software - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9af2a4ed18150) (gupdate1c9af2a4ed18150) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\Windows\System32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: z2 Remote2PC Server (z2 R2PC Server) - z2 Software - C:\Program Files\z2 Remote2PC\R2PCServ.exe

--
End of file - 9778 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864734467-1502112414-1167469204-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864734467-1502112414-1167469204-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-08 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-08 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jdk1.6.0_11\bin\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} -  []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-08 263280]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-11-17 3810304]
"SunJavaUpdateSched"=C:\Program Files\Java\jdk1.6.0_11\bin\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"V0230Mon.exe"=C:\Windows\V0230Mon.exe [2006-09-07 32768]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-10 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"Google Update"=C:\Users\Santa\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-01 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2009-05-18 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\DellTPad\Apoint.exe [2008-06-30 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\Windows\system32\WLTRAY.exe [2008-11-17 3810304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-10-16 1197648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-10-04 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2008-03-10 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2008-03-10 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\MediaDirect\PCMService.exe [2008-01-14 132392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2008-03-10 133656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
C:\Program Files\Dell Video Chat\DellVideoChat.exe [2008-08-15 4812664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jdk1.6.0_11\bin\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-10 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray.exe [2008-08-29 442460]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0230Mon.exe]
C:\Windows\V0230Mon.exe [2006-09-07 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
C:\PROGRA~1\Dell\QuickSet\quickset.exe [2008-05-02 1211472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Santa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
C:\PROGRA~1\Dell\DellDock\DellDock.exe [2009-10-19 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Santa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-12-10 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-10 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open -

======List of files/folders created in the last 1 months======

2010-02-09 16:39:16 ----D---- C:\rsit
2010-02-09 16:39:16 ----D---- \rsit
2010-02-09 16:20:44 ----A---- C:\RootRepeal report 02-09-10 (16-20-44).txt
2010-02-09 16:20:44 ----A---- \RootRepeal report 02-09-10 (16-20-44).txt
2010-02-09 15:49:04 ----A---- C:\RootRepeal report 02-09-10 (15-49-04).txt
2010-02-09 15:49:04 ----A---- \RootRepeal report 02-09-10 (15-49-04).txt
2010-02-09 15:48:23 ----A---- C:\RootRepeal report 02-09-10 (15-48-23).txt
2010-02-09 15:48:23 ----A---- \RootRepeal report 02-09-10 (15-48-23).txt
2010-02-08 14:41:23 ----D---- C:\Program Files\iPod
2010-02-08 14:41:19 ----D---- C:\Program Files\iTunes
2010-02-06 22:34:40 ----D---- C:\Avenger
2010-02-06 22:34:40 ----D---- \Avenger
2010-02-06 22:34:39 ----A---- C:\avenger.txt
2010-02-06 22:34:39 ----A---- \avenger.txt
2010-02-06 19:34:25 ----A---- C:\Windows\ntbtlog.txt
2010-02-03 23:04:15 ----A---- C:\ComboFix.txt
2010-02-03 23:04:15 ----A---- \ComboFix.txt
2010-02-03 22:55:03 ----SHD---- C:\$RECYCLE.BIN
2010-02-03 22:55:03 ----SHD---- \$RECYCLE.BIN
2010-02-03 22:28:12 ----A---- C:\Windows\MBR.exe
2010-02-03 22:28:11 ----A---- C:\Windows\zip.exe
2010-02-03 22:28:11 ----A---- C:\Windows\SWSC.exe
2010-02-03 22:28:11 ----A---- C:\Windows\SWREG.exe
2010-02-03 22:28:11 ----A---- C:\Windows\sed.exe
2010-02-03 22:28:11 ----A---- C:\Windows\PEV.exe
2010-02-03 22:28:11 ----A---- C:\Windows\NIRCMD.exe
2010-02-03 22:28:11 ----A---- C:\Windows\grep.exe
2010-02-03 22:22:13 ----D---- C:\Qoobox
2010-02-03 22:22:13 ----D---- \Qoobox
2010-02-03 22:21:52 ----A---- C:\Windows\SWXCACLS.exe
2010-02-01 19:34:43 ----A---- C:\Windows\wininit.ini
2010-02-01 19:15:59 ----D---- C:\Program Files\TrendMicro
2010-02-01 19:12:00 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-01 18:57:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-27 16:58:05 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-01-23 01:09:07 ----D---- C:\Adobe CS4
2010-01-23 01:09:07 ----D---- \Adobe CS4
2010-01-23 00:12:55 ----D---- C:\Program Files\Common Files\Akamai
2010-01-22 22:33:20 ----SHD---- C:\Windows\system32\%APPDATA%
2010-01-22 19:31:52 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 19:31:51 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 19:31:49 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 19:31:49 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 19:31:48 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 19:31:48 ----A---- C:\Windows\system32\occache.dll
2010-01-22 19:31:48 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 19:31:47 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 19:31:47 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 19:31:46 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 19:31:46 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 19:31:46 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 19:31:46 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 19:31:46 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 19:31:46 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 19:31:46 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 19:31:46 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-22 19:31:45 ----A---- C:\Windows\system32\iernonce.dll
2010-01-12 20:47:26 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 20:47:25 ----A---- C:\Windows\system32\fontsub.dll

======List of files/folders modified in the last 1 months======

2010-02-09 16:39:53 ----D---- C:\Program Files\Trend Micro
2010-02-09 16:39:33 ----D---- C:\Windows\Prefetch
2010-02-09 16:39:25 ----D---- C:\Windows\Temp
2010-02-09 16:13:24 ----D---- C:\Windows\Tasks
2010-02-09 15:49:37 ----D---- C:\Windows\system32\drivers
2010-02-09 11:50:16 ----D---- C:\Windows\System32
2010-02-09 11:50:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-09 11:50:15 ----D---- C:\Windows\inf
2010-02-09 11:43:53 ----D---- C:\Program Files\z2 Remote2PC
2010-02-09 11:42:20 ----D---- C:\Windows\system32\catroot2
2010-02-09 00:33:34 ----SHD---- C:\Windows\Installer
2010-02-09 00:33:34 ----D---- C:\Config.Msi
2010-02-09 00:33:34 ----D---- \Config.Msi
2010-02-08 14:41:23 ----D---- C:\Program Files
2010-02-08 14:41:23 ----D---- \Program Files
2010-02-08 14:41:21 ----D---- C:\Program Files\Common Files\Apple
2010-02-07 01:07:37 ----D---- C:\Windows
2010-02-07 01:07:37 ----D---- \Windows
2010-02-06 20:02:37 ----D---- C:\Program Files\Mozilla Firefox
2010-02-03 23:02:10 ----D---- C:\Windows\ERDNT
2010-02-03 22:55:07 ----A---- C:\Windows\system.ini
2010-02-03 22:37:43 ----D---- C:\Windows\AppPatch
2010-02-03 22:37:38 ----D---- C:\Program Files\Common Files
2010-02-03 16:02:06 ----D---- C:\Windows\PCHEALTH
2010-02-02 16:42:43 ----D---- C:\Windows\Icons
2010-02-01 19:34:44 ----D---- C:\Program Files\Free Offers from Freeze.com
2010-02-01 19:12:00 ----D---- C:\ProgramData
2010-02-01 19:12:00 ----D---- \ProgramData
2010-01-29 18:49:39 ----RD---- C:\Users
2010-01-29 18:49:39 ----RD---- \Users
2010-01-29 03:00:15 ----D---- C:\Windows\winsxs
2010-01-29 03:00:15 ----D---- C:\Program Files\Internet Explorer
2010-01-27 17:38:52 ----SHD---- C:\System Volume Information
2010-01-27 17:38:52 ----SHD---- \System Volume Information
2010-01-27 17:07:52 ----D---- C:\Program Files\Adobe
2010-01-27 17:06:10 ----D---- C:\Program Files\Common Files\Adobe
2010-01-27 17:04:17 ----RSD---- C:\Windows\Fonts
2010-01-26 14:17:40 ----D---- C:\Windows\system32\catroot
2010-01-25 14:16:13 ----D---- C:\Windows\system32\Tasks
2010-01-23 03:15:44 ----D---- C:\Windows\system32\migration
2010-01-22 22:31:12 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-22 22:11:10 ----D---- C:\Program Files\CCleaner
2010-01-22 22:09:10 ----D---- C:\Windows\Debug
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-14 03:02:36 ----D---- C:\Program Files\Windows Mail
2010-01-12 20:02:47 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-12 20:02:24 ----D---- C:\Program Files\Creative
2010-01-12 19:42:46 ----RSD---- C:\Windows\assembly
2010-01-12 19:42:25 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2010-01-12 19:42:25 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-12 19:35:56 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-05-28 130080]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-05-28 28704]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 25208]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-03-10 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-03-10 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2008-03-10 38400]
R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-12-10 113664]
R2 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-11-22 446664]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-06-30 170032]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-11-17 1331192]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-10 2302976]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-10 111616]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2008-03-14 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-03-10 203264]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2009-10-04 115312]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-01-07 19160]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA001Ufd.sys [2008-10-05 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver; C:\Windows\system32\DRIVERS\OA001Vid.sys [2008-10-05 277440]
R3 radpms;Driver for RADPMS Device; C:\Windows\system32\DRIVERS\radpms.sys [2008-07-24 12192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-08-29 382976]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys []
S1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys []
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
S1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-20 179712]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-11-17 18424]
S3 catchme;catchme; \??\C:\Windows\TEMP\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Santa\AppData\Local\Temp\FKOF70.tmp []
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\Windows\system32\drivers\libusb0.sys [2007-03-20 28672]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 ntkvpn;Loki VPN Driver Service; C:\Windows\system32\DRIVERS\ntkvpn.sys []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-01 2028032]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device; C:\Windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]
S3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS []
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2008-11-19 25216]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2009-09-15 32768]
S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 7680]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 V0230Vfx;V0230Vfx; C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 6272]
S3 V0230VID;Live! Cam Video IM Pro; C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 509760]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-07 94992]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [2008-08-29 73728]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 476528]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-10-04 201968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [2008-08-29 225362]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WindowBlinds;Stardock WindowBlinds; C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe [2008-08-29 230648]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-11-17 26112]
R2 z2 R2PC Server;z2 Remote2PC Server; C:\Program Files\z2 Remote2PC\R2PCServ.exe [2007-08-26 512000]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 gupdate1c9af2a4ed18150;Google Update Service (gupdate1c9af2a4ed18150); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-27 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 190448]
S2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe -service []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-27 655624]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-12-10 16680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------
[/code]

[b]RootRepeal:[/b]
[code]ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/02/09 15:49
Program Version:                Version 1.3.5.0
Windows Version:                Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8A90A000     Size: 815104    File Visible: No        Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB3777000     Size: 49152     File Visible: No        Signed: -
Status: -

Name: spmt.sys
Image Path: C:\Windows\System32\Drivers\spmt.sys
Address: 0x80694000     Size: 1048576   File Visible: No        Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000     Size: 0 File Visible: No        Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{ace728af-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ace728ca-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ace72928-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ace72960-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ace729a1-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ace729d5-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ace72a14-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ace72a3e-ead1-11de-bb25-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{be2989c4-e5f3-11de-835b-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f85c0137-f3d5-11de-97b3-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f85c0168-f3d5-11de-97b3-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f85c019d-f3d5-11de-97b3-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f85c01f6-f3d5-11de-97b3-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5a1401ac-f764-11de-9216-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7201103f-e647-11de-8870-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7201105b-e647-11de-8870-002219d9fde2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$I7KHDVO.dat
Status: Visible to the Windows API, but not on disk.

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$I9B31E5.dmp
Status: Visible to the Windows API, but not on disk.

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$IWUDRLF.txt
Status: Visible to the Windows API, but not on disk.

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$R7KHDVO.dat
Status: Visible to the Windows API, but not on disk.

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$R9B31E5.dmp
Status: Visible to the Windows API, but not on disk.

Path: C:\$RECYCLE.BIN\S-1-5-21-1864734467-1502112414-1167469204-1000\$RWUDRLF.txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\ProgramData\Microsoft\Windows Defender\Quarantine
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\drivers\sfi.dat
Status: Locked to the Windows API!

Path: c:\windows\temp\dwdd703.tmp\rootrepeal.exe.hu.kdmp
Status: Allocation size mismatch (API: 26476544, Raw: 0)

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1833_none_d08b763a442c70c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.1833_none_4dddbf6711947267.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_03c84dcc205e88fb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1833_none_516c26fb0f4a960b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_cbf00aee470f5fb7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.1833_none_d1c5318643596706.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_49ed4131141912ee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.1833_none_4db05f807dd45954.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-aero_31bf3856ad364e35_6.0.6001.18000_none_abe3118b19699649\aero.msstyles.vgorg
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll.vgorg
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_84fe96731b81293b\themeui.dll.vgorg
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.0.6001.18000_none_a5e49ad4068f9b12\uxtheme.dll.vgorg
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_c8512a7445976b57\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18865_none_474fb235c4186a78\$$DeleteMe.ieframe.dll.01ca9c1d67aaec80.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18865_none_2a50efefa27d9172\$$DeleteMe.iertutil.dll.01ca9c1d67a08c40.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fdd9371aff\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641ef282ae74\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9d654a956\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182ef8367ab\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.16708_none_23cb592eb6e076f6\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_c5e14f032f533a9c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_c6260b1e48a51cb0\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_c7643be32cc49731\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.18096_none_254e460eb451d38b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.22208_none_263b349fcd24a7b1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_4180b46a5c473b6d\_SMSVC~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_h_31bf3856ad36Processes
-------------------
Path: System
PID: 4  Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1388       Status: Locked to the Windows API!

SSDT
-------------------
#: 012  Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe00fa

#: 021  Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe10a8

#: 022  Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe02e0

#: 054  Function Name: NtConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf472

#: 060  Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5660d8

#: 064  Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d584aa6

#: 071  Function Name: NtCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf150

#: 075  Function Name: NtCreateSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdfb0c

#: 077  Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe0d7e

#: 078  Function Name: NtCreateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abded16

#: 122  Function Name: NtDeleteFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d566f9a

#: 123  Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5864bc

#: 126  Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d585db2

#: 129  Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdea78

#: 165  Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe0a00

#: 166  Function Name: NtLoadKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d586e86

#: 167  Function Name: NtLoadKey2
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5870c4

#: 168  Function Name: NtLoadKeyEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d587576

#: 174  Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf6f6

#: 186  Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d566a8c

#: 194  Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abde7a8

#: 197  Function Name: NtOpenSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf986

#: 201  Function Name: NtOpenThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abde920

#: 267  Function Name: NtRenameKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d58830c

#: 268  Function Name: NtReplaceKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d587840

#: 276  Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf26e

#: 280  Function Name: NtRestoreKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d587f4c

#: 286  Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe079c

#: 301  Function Name: NtSetInformationFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5673a4

#: 314  Function Name: NtSetSecurityObject
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d588894

#: 317  Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe0bae

#: 324  Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9d5854d6

#: 326  Function Name: NtShutdownSystem
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf690

#: 332  Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf87a

#: 334  Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdf01a

#: 335  Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abdeee8

#: 382  Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8abe03ec

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x859181f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_CREATE]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_CLOSE]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_READ]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_WRITE]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_SET_INFORMATION]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_QUERY_EA]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_SET_EA]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_SHUTDOWN]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_CLEANUP]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: fastfat&#45142;&#1037;&#19782;&#27763;&#61953;`&#12580;&#45865;&#12580;&#45865;&#36872;&#34390;&#12536;&#45865;&#54108;&#33462;&#56824;&#39673;, IRP_MJ_PNP]
Process: System Address: 0xb058e1f8     Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x869e8500     Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x869e8500     Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869e8500     Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869e8500     Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x869e8500     Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x869e8500     Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x869e8500     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_CREATE]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_CLOSE]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_READ]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_WRITE]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_POWER]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: cdrom&#65535;&#65535;&#65535;&#1439;&#28755;&#25716;&#36872;&#34193;, IRP_MJ_PNP]
Process: System Address: 0x86a2a4d0     Size: 121

Object: Hidden Code [Driver: Smb&#21069;&#25668;&#8299;&#55296;&#40190;&#24128;&#34430;�&#4618;, IRP_MJ_CREATE]
Process: System Address: 0x870c1500     Size: 121

Object: Hidden Code [Driver: Smb&#21069;&#25668;&#8299;&#55296;&#40190;&#24128;&#34430;�&#4618;, IRP_MJ_CLOSE]
Process: System Address: 0x870c1500     Size: 121

Object: Hidden Code [Driver: Smb&#21069;&#25668;&#8299;&#55296;&#40190;&#24128;&#34430;�&#4618;, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x870c1500     Size: 121

Object: Hidden Code [Driver: Smb&#21069;&#25668;&#8299;&#55296;&#40190;&#24128;&#34430;�&#4618;, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x870c1500     Size: 121

Object: Hidden Code [Driver: Smb&#21069;&#25668;&#8299;&#55296;&#40190;&#24128;&#34430;�&#4618;, IRP_MJ_CLEANUP]
Process: System Address: 0x870c1500     Size: 121

Object: Hidden Code [Driver: Smb&#21069;&#25668;&#8299;&#55296;&#40190;&#24128;&#34430;�&#4618;, IRP_MJ_PNP]
Process: System Address: 0x870c1500     Size: 121

Object: Hidden Code [Driver: netbt&#34533;, IRP_MJ_CREATE]
Process: System Address: 0x86f5c500     Size: 121

Object: Hidden Code [Driver: netbt&#34533;, IRP_MJ_CLOSE]
Process: System Address: 0x86f5c500     Size: 121

Object: Hidden Code [Driver: netbt&#34533;, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f5c500     Size: 121

Object: Hidden Code [Driver: netbt&#34533;, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f5c500     Size: 121

Object: Hidden Code [Driver: netbt&#34533;, IRP_MJ_CLEANUP]
Process: System Address: 0x86f5c500     Size: 121

Object: Hidden Code [Driver: netbt&#34533;, IRP_MJ_PNP]
Process: System Address: 0x86f5c500     Size: 121

Object: Hidden Code [Driver: iScsiPrt&#1038;&#27981;&#25676;&#45104;&#34465;&#64752;&#34475;&#45568;&#37269;, IRP_MJ_CREATE]
Process: System Address: 0x86a26458     Size: 121

Object: Hidden Code [Driver: iScsiPrt&#1038;&#27981;&#25676;&#45104;&#34465;&#64752;&#34475;&#45568;&#37269;, IRP_MJ_CLOSE]
Process: System Address: 0x86a26458     Size: 121

Object: Hidden Code [Driver: iScsiPrt&#1038;&#27981;&#25676;&#45104;&#34465;&#64752;&#34475;&#45568;&#37269;, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a26458     Size: 121

Object: Hidden Code [Driver: iScsiPrt&#1038;&#27981;&#25676;&#45104;&#34465;&#64752;&#34475;&#45568;&#37269;, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86a26458     Size: 121

Object: Hidden Code [Driver: iScsiPrt&#1038;&#27981;&#25676;&#45104;&#34465;&#64752;&#34475;&#45568;&#37269;, IRP_MJ_POWER]
Process: System Address: 0x86a26458     Size: 121

Object: Hidden Code [Driver: iScsiPrt&#1038;&#27981;&#25676;&#45104;&#34465;&#64752;&#34475;&#45568;&#37269;, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86a26458     Size: 121

Object: Hidden Code [Driver: iScsiPrt&#1038;&#27981;&#25676;&#45104;&#34465;&#64752;&#34475;&#45568;&#37269;, IRP_MJ_PNP]
Process: System Address: 0x86a26458     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84b521f8     Size: 121

Object: Hidden Code [Driver: usbehci&#65535;&#1030;&#20294;&#22595;, IRP_MJ_CREATE]
Process: System Address: 0x869f9500     Size: 121

Object: Hidden Code [Driver: usbehci&#65535;&#1030;&#20294;&#22595;, IRP_MJ_CLOSE]
Process: System Address: 0x869f9500     Size: 121

Object: Hidden Code [Driver: usbehci&#65535;&#1030;&#20294;&#22595;, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869f9500     Size: 121

Object: Hidden Code [Driver: usbehci&#65535;&#1030;&#20294;&#22595;, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869f9500     Size: 121

Object: Hidden Code [Driver: usbehci&#65535;&#1030;&#20294;&#22595;, IRP_MJ_POWER]
Process: System Address: 0x869f9500     Size: 121

Object: Hidden Code [Driver: usbehci&#65535;&#1030;&#20294;&#22595;, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x869f9500     Size: 121

Object: Hidden Code [Driver: usbehci&#65535;&#1030;&#20294;&#22595;, IRP_MJ_PNP]
Process: System Address: 0x869f9500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_CREATE]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_CLOSE]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_READ]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_WRITE]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_QUERY_EA]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_SET_EA]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_CLEANUP]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_POWER]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: mrxsmb&#17152;&#39665;&#1030;&#29774;&#28262;&#1799;$, IRP_MJ_PNP]
Process: System Address: 0x85960500     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_CREATE]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_CLOSE]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_READ]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_WRITE]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_SET_INFORMATION]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_SHUTDOWN]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_CLEANUP]
Process: System Address: 0xb646c1f8     Size: 121

Object: Hidden Code [Driver: cdfs&#1029;&#29774;&#30822;, IRP_MJ_PNP]
Process: System Address: 0xb646c1f8     Size: 121

==EOF==
[/code]