Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely elusive Trojan-PSW.Win32.Agent.pew


  • This topic is locked This topic is locked
11 replies to this topic

#1 Swayvo

Swayvo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 17 March 2010 - 05:03 PM

None of my virus scanners have found this virus, what actually found it was my World of Warcraft launcher.
Before i can log in i get the message:
"'100211-Trojan-PSW.Win32.Agent.pew' has been detected on your computer. Running this program may compromise the security of your computer and jeopardize your ability to play World Of Warcraft. It is highly advised that you correct this problem before playing the game."
The only problem is that i cannot get rid of this trojan!
I've run AVG, a-squared, Comod, and TrojanHunter.
None of them found it, even when run in Safe Mode.

Here is my DDS Log, and i'll attach the Attach.txt file.

DDS log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by RAC at 14:17:35.79 on Wed 03/17/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1022.270 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\TrojanHunter 5.3\THGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CreataCard\Gold\FMRemind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Users\RAC\AppData\Local\Apps\2.0\2G8ARJW3.A64\BADTVBLR.0DP\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Windows\System32\wscript.exe
C:\Users\RAC\Desktop\dds.scr
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://qwest.live.com
uWindow Title = Windows Internet Explorer provided by Qwest
uSearch Bar =
mStart Page = hxxp://qwest.live.com
mDefault_Page_URL = hxxp://qwest.live.com
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [ctfmon.exe] c:\windows\system32\rundll32.exe c:\users\rac\appdata\local\temp\28927sys.dll,S
mRun: [QuickCare] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [THGuard] "c:\program files\trojanhunter 5.3\THGuard.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
StartupFolder: c:\users\rac\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\rac\appdata\roaming\micros~1\windows\startm~1\programs\startup\imvu.lnk - c:\users\rac\appdata\roaming\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\creata~1.lnk - c:\program files\creatacard\gold\FMRemind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\rac\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: mhcontemporary.com\www
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/PopularScreenSaversFWBInitialSetup1.0.1.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: {A0F8CDF2-4D71-4D52-B393-5B9BA3C1D307} = 205.171.3.25,205.171.2.25
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\rac\appdata\roaming\mozilla\firefox\profiles\plvhg580.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-7 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-7 27784]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-7-26 23096]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-03-16 20:51:12 0 ----a-w- c:\users\rac\defogger_reenable
2010-03-16 07:09:53 0 d-----w- c:\users\rac\appdata\roaming\TrojanHunter
2010-03-15 22:07:40 0 d-----w- c:\program files\TrojanHunter 5.3
2010-03-11 10:02:30 14848 ----a-w- c:\windows\system32\iisreset.exe
2010-03-11 10:02:29 8192 ----a-w- c:\windows\system32\iisrstap.dll
2010-03-11 10:02:28 148480 ----a-w- c:\windows\system32\iisRtl.dll
2010-03-11 10:02:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 10:02:13 51200 ----a-w- c:\windows\system32\admwprox.dll
2010-03-11 10:02:04 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 10:02:03 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 10:01:57 10752 ----a-w- c:\windows\system32\wamregps.dll
2010-03-11 06:13:04 0 d-----w- c:\programdata\XoftSpySE
2010-03-10 23:00:08 0 d--h--w- C:\Sandbox
2010-03-10 22:58:22 0 d-----w- c:\programdata\COMODO
2010-03-10 22:57:57 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-10 22:33:53 0 d-----w- c:\program files\COMODO
2010-03-10 21:21:48 0 d-----w- c:\programdata\Comodo Downloader
2010-03-08 00:43:51 0 d-----w- c:\program files\a-squared Free
2010-02-24 13:48:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 13:47:29 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 13:47:28 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 13:47:27 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 13:47:25 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 13:47:23 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 13:47:22 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 13:47:18 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 13:47:18 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 13:47:18 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-20 03:09:02 0 d-----w- c:\program files\Starcraft
2010-02-16 07:48:34 0 d-----w- c:\program files\Gmask 1.70 English

==================== Find3M ====================

2010-03-14 22:43:18 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-14 22:43:18 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-14 22:43:18 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-02 08:55:00 141289 ----a-w- c:\windows\hpoins14.dat
2010-01-11 14:27:35 1322 ----a-w- c:\users\rac\appdata\roaming\wklnhst.dat
2009-12-28 12:36:21 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:48 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34:29 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34:24 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30:47 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30:47 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-18 12:52:36 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48:23 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:46:10 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45:07 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-04-12 10:15:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-12 12:30:46 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-29 22:14:01 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-29 22:14:01 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-29 22:14:01 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-11 12:27:57 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-03-11 12:27:57 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-03-11 12:27:57 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-03-08 17:20:31 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:21:18.43 ===============

I cannot post a GMER log due to the fact that every time i run GMER, my computer freezes during the scan. -_-

As i previously stated, the Attach.txt file created by DDS is attached.

Thank you in advance for any help you can provide. smile.gif



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 PM

Posted 20 March 2010 - 11:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Swayvo

Swayvo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 20 March 2010 - 07:37 PM

OTL.txt:
OTL logfile created on: 3/20/2010 4:51:43 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\RAC\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 553.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 11.95 Gb Free Space | 8.60% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.09 Gb Free Space | 60.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMS
Current User Name: RAC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/20 16:50:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\RAC\Desktop\OTL.exe
PRC - [2010/03/15 14:52:08 | 001,068,192 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.3\THGuard.exe
PRC - [2010/02/12 19:23:32 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
PRC - [2009/09/04 13:16:54 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/08/27 08:05:04 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/08/27 08:05:04 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/17 08:03:27 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/17 08:03:12 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/20 19:52:31 | 000,091,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 18:32:40 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/31 08:11:04 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
PRC - [2008/04/09 18:30:20 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/08/29 10:55:54 | 001,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/12 01:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [1998/08/31 03:00:00 | 000,189,952 | ---- | M] (Micrografx, Inc.) -- C:\Program Files\CreataCard\Gold\FMRemind.exe


========== Modules (SafeList) ==========

MOD - [2010/03/20 16:50:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\RAC\Desktop\OTL.exe
MOD - [2010/03/09 19:28:29 | 000,115,224 | ---- | M] (Blizzard Entertainment) -- C:\Users\RAC\AppData\Local\Temp\28927sys.dll
MOD - [2009/08/17 08:03:27 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/05/31 08:11:08 | 000,116,000 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Qwest\Quickcare\bin\sprthook.dll
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/20 16:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/02/20 16:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/02/12 19:23:32 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/08/27 08:05:04 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/17 08:03:12 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/18 12:22:44 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2007/01/16 20:02:28 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/07 12:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2009/08/17 08:03:27 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/17 08:03:27 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/24 07:58:56 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MusCAudio.sys -- (MusCAudio)
DRV - [2008/12/16 23:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 22:53:44 | 002,686,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/07/23 09:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 09:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 09:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/03/08 10:20:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/03/08 10:20:30 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/03/08 10:20:30 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/22 15:56:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/11/02 01:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 00:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 00:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/01 13:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/10/24 21:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/17 14:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/06/19 14:26:50 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\System32\mdmxsdk.dll -- (mdmxsdk)
DRV - [2004/03/19 17:11:22 | 000,090,968 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM31b.sys -- (ZSMC301b)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
IE - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 09:44:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/06/22 09:04:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/15 10:35:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/15 10:35:05 | 000,000,000 | ---D | M]

[2009/08/13 01:15:36 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\mozilla\Extensions
[2008/05/06 17:50:27 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009/08/13 01:15:36 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/03/26 14:45:28 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/03/20 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions
[2009/04/01 11:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2008/10/18 13:42:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/24 00:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/04/29 23:47:46 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/10/27 12:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/21 16:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/19 02:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/03/22 20:01:09 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2008/10/06 20:24:36 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\moveplayer@movenetworks.com
[2008/10/07 09:09:48 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\npmozax@real.com
[2008/07/01 14:26:45 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\OberonGameHost@OberonGames.com
[2010/02/21 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\plvhg580.default\extensions\staged-xpis
[2009/04/29 23:47:33 | 000,002,038 | ---- | M] () -- C:\Users\RAC\AppData\Roaming\Mozilla\FireFox\Profiles\plvhg580.default\searchplugins\AIM Search.xml
[2008/12/12 11:23:54 | 000,002,158 | ---- | M] () -- C:\Users\RAC\AppData\Roaming\Mozilla\FireFox\Profiles\plvhg580.default\searchplugins\MySpace.xml
[2009/03/21 19:00:10 | 000,009,895 | ---- | M] () -- C:\Users\RAC\AppData\Roaming\Mozilla\FireFox\Profiles\plvhg580.default\searchplugins\mywebsearch.xml
[2009/03/22 20:01:07 | 000,003,915 | ---- | M] () -- C:\Users\RAC\AppData\Roaming\Mozilla\FireFox\Profiles\plvhg580.default\searchplugins\sweetim.xml
[2009/05/03 22:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/12 09:11:45 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Program Files\Mozilla Firefox\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/09/12 09:11:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/03 22:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\npmozax@real.com
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/03/30 17:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll
[2008/08/31 17:20:02 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.3\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000..\Run: [ctfmon.exe] C:\Users\RAC\AppData\Local\Temp\28927sys.DLL (Blizzard Entertainment)
O4 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\RAC\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..Trusted Domains: mhcontemporary.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2138957976-3906981958-2417775570-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.0.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{79204c44-b997-11de-9591-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{79204c44-b997-11de-9591-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8c1bb395-15b1-11dd-9b25-00038a000015}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{998fdd2f-3bfc-11de-8ed2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{998fdd2f-3bfc-11de-8ed2-00038a000015}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 04:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CLPSLS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: msliksurserv.sys - File not found
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: CLPSLS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: msliksurserv.sys - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SupportSoft RemoteAssist - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{488C67A4-9FD9-4D6E-863E-144084A20A7D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/20 16:50:06 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\RAC\Desktop\OTL.exe
[2010/03/17 14:09:08 | 000,000,000 | ---D | C] -- C:\Users\RAC\Desktop\gmer
[2010/03/16 00:09:53 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Roaming\TrojanHunter
[2010/03/15 15:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3
[2010/03/11 03:02:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iisreset.exe
[2010/03/11 03:02:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iisrstap.dll
[2010/03/11 03:02:28 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iisRtl.dll
[2010/03/11 03:02:21 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 03:02:13 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admwprox.dll
[2010/03/11 03:02:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/11 03:01:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wamregps.dll
[2010/03/10 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010/03/10 16:00:08 | 000,000,000 | -H-D | C] -- C:\Sandbox
[2010/03/10 15:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/03/10 15:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/03/10 14:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/03/07 17:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/02/24 06:48:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 06:47:29 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 06:47:28 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 06:47:27 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 06:47:25 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 06:47:23 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 06:47:22 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 06:47:18 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 06:47:18 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 06:47:18 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/19 20:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft
[2004/01/28 00:59:00 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2003/12/09 21:17:00 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 17:00:02 | 000,000,274 | -H-- | M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2010/03/20 16:58:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/20 16:54:27 | 006,291,456 | -HS- | M] () -- C:\Users\RAC\ntuser.dat
[2010/03/20 16:52:37 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/20 16:52:37 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/20 16:50:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\RAC\Desktop\OTL.exe
[2010/03/20 16:13:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/20 09:55:36 | 057,417,231 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/19 20:13:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/19 12:33:09 | 000,141,289 | ---- | M] () -- C:\Windows\hpoins14.dat
[2010/03/19 12:31:17 | 000,000,631 | ---- | M] () -- C:\Windows\win.ini
[2010/03/19 02:58:28 | 000,755,410 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/19 02:58:28 | 000,648,302 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/19 02:58:28 | 000,111,476 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/18 20:14:02 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/03/17 21:18:50 | 077,597,126 | ---- | M] () -- C:\Users\RAC\Desktop\AVA_LOVE.zip
[2010/03/17 14:52:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/17 14:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/17 14:08:24 | 000,284,915 | ---- | M] () -- C:\Users\RAC\Desktop\gmer.zip
[2010/03/17 13:56:28 | 000,525,824 | ---- | M] () -- C:\Users\RAC\Desktop\dds.scr
[2010/03/16 13:51:12 | 000,000,000 | ---- | M] () -- C:\Users\RAC\defogger_reenable
[2010/03/16 13:14:04 | 000,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2010/03/16 13:12:10 | 003,550,026 | -H-- | M] () -- C:\Users\RAC\AppData\Local\IconCache.db
[2010/03/16 11:28:14 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2010/03/16 01:14:56 | 000,001,356 | ---- | M] () -- C:\Users\RAC\AppData\Local\d3d9caps.dat
[2010/03/15 15:08:07 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll
[2010/03/15 15:08:02 | 000,000,776 | ---- | M] () -- C:\Users\RAC\Desktop\TrojanHunter.lnk
[2010/03/10 08:45:06 | 000,000,136 | ---- | M] () -- C:\Users\RAC\Desktop\Purble Place - Shortcut.lnk
[2010/03/07 22:26:50 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/03 17:13:26 | 000,000,721 | ---- | M] () -- C:\Windows\KA.INI
[2010/03/01 16:30:22 | 000,000,881 | ---- | M] () -- C:\Users\RAC\Desktop\YouTube Downloader.lnk
[2010/02/27 12:15:09 | 000,155,960 | ---- | M] () -- C:\Users\RAC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/25 06:59:53 | 000,484,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/20 16:55:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wamregps.dll
[2010/02/20 16:54:40 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/20 16:52:01 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iisRtl.dll
[2010/02/20 16:52:01 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iisrstap.dll
[2010/02/20 16:51:43 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/20 16:50:18 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admwprox.dll
[2010/02/20 14:46:39 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iisreset.exe
[2010/02/20 12:46:25 | 000,000,778 | ---- | M] () -- C:\Users\RAC\Desktop\StarCraft.lnk
[2010/02/18 19:11:21 | 000,000,000 | ---- | M] () -- C:\Users\RAC\.gtk-bookmarks
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/20 14:38:52 | 000,133,120 | ---- | C] () -- C:\Users\RAC\Desktop\LOIC.exe
[2010/03/17 20:15:01 | 077,597,126 | ---- | C] () -- C:\Users\RAC\Desktop\AVA_LOVE.zip
[2010/03/17 14:08:32 | 000,284,915 | ---- | C] () -- C:\Users\RAC\Desktop\gmer.zip
[2010/03/17 13:56:41 | 000,525,824 | ---- | C] () -- C:\Users\RAC\Desktop\dds.scr
[2010/03/16 13:51:12 | 000,000,000 | ---- | C] () -- C:\Users\RAC\defogger_reenable
[2010/03/15 15:08:02 | 000,000,776 | ---- | C] () -- C:\Users\RAC\Desktop\TrojanHunter.lnk
[2010/03/15 15:07:42 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2010/03/10 15:57:57 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010/03/10 08:45:06 | 000,000,136 | ---- | C] () -- C:\Users\RAC\Desktop\Purble Place - Shortcut.lnk
[2010/03/07 22:26:50 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/20 12:46:25 | 000,000,778 | ---- | C] () -- C:\Users\RAC\Desktop\StarCraft.lnk
[2009/09/23 10:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/06/17 20:13:34 | 000,000,004 | ---- | C] () -- C:\Users\RAC\AppData\Roaming\CA0FA4
[2009/06/17 20:13:33 | 000,870,128 | ---- | C] () -- C:\Users\RAC\AppData\Roaming\mcs.rma
[2009/06/09 16:12:08 | 000,000,000 | ---- | C] () -- C:\Windows\Edmark.ini
[2009/06/09 16:12:04 | 000,000,519 | ---- | C] () -- C:\Windows\pipeline.ini
[2009/04/20 23:47:44 | 000,081,110 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/11 21:01:25 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/09 12:29:40 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/03/17 16:08:36 | 000,020,420 | ---- | C] () -- C:\Users\RAC\AppData\Local\slot1.mm1
[2009/01/08 23:33:21 | 000,000,384 | ---- | C] () -- C:\Windows\MSREGUSR.INI
[2009/01/08 23:32:48 | 000,302,592 | ---- | C] () -- C:\Windows\System32\pgp.dll
[2009/01/08 23:32:48 | 000,070,656 | ---- | C] () -- C:\Windows\System32\simple.dll
[2009/01/08 23:32:47 | 000,306,688 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2009/01/08 23:32:47 | 000,095,232 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2009/01/08 23:32:47 | 000,093,184 | ---- | C] () -- C:\Windows\System32\keydb.dll
[2009/01/08 23:32:47 | 000,065,024 | ---- | C] () -- C:\Windows\System32\bn.dll
[2008/12/25 09:26:09 | 000,000,046 | ---- | C] () -- C:\Windows\QTW.INI
[2008/12/25 09:25:35 | 000,000,081 | ---- | C] () -- C:\Windows\CANDYLND.INI
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/11/21 14:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/21 14:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/21 14:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/21 14:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/09/19 15:51:44 | 000,000,599 | ---- | C] () -- C:\Windows\videoimp.ini
[2008/09/19 15:51:40 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008/09/19 13:21:26 | 000,036,864 | ---- | C] () -- C:\Windows\JPGL.DLL
[2008/09/19 13:21:26 | 000,032,768 | ---- | C] () -- C:\Windows\DIV_IYUV.DLL
[2008/08/24 12:20:19 | 000,023,888 | ---- | C] () -- C:\Users\RAC\AppData\Roaming\UserTile.png
[2008/08/19 22:48:12 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008/07/18 22:12:24 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/07/18 07:02:24 | 000,001,356 | ---- | C] () -- C:\Users\RAC\AppData\Local\d3d9caps.dat
[2008/07/18 03:47:19 | 000,126,464 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/06/09 22:07:42 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2008/05/28 14:38:15 | 000,000,139 | ---- | C] () -- C:\Windows\mb4.ini
[2008/04/17 09:58:23 | 000,000,721 | ---- | C] () -- C:\Windows\KA.INI
[2008/04/03 22:25:07 | 000,001,322 | ---- | C] () -- C:\Users\RAC\AppData\Roaming\wklnhst.dat
[2008/04/02 22:43:13 | 000,000,060 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2008/03/30 22:43:20 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/03/29 23:06:19 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/29 22:10:46 | 000,013,579 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/02/26 22:22:12 | 000,000,271 | ---- | C] () -- C:\Windows\disney.ini
[2008/02/25 02:17:24 | 000,000,643 | ---- | C] () -- C:\Windows\lexstat.ini
[2008/02/25 02:17:21 | 000,328,704 | ---- | C] () -- C:\Windows\System32\dosfnt32.dll
[2008/02/14 19:34:39 | 000,058,368 | ---- | C] () -- C:\Users\RAC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/08 10:20:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/03/08 02:46:28 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2006/11/07 12:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\logevent.dll
[2006/11/02 01:43:04 | 000,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003/10/21 16:40:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1998/03/10 08:10:54 | 000,009,317 | ---- | C] () -- C:\Windows\Froggersetup.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 02:46:03 | 000,061,952 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,061,952 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\logevent.dll
[2006/11/02 02:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/06/20 19:15:28 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2007/03/08 10:20:01 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007/03/08 10:20:01 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007/03/08 10:20:01 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007/03/08 10:20:01 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007/03/08 10:20:30 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007/03/08 10:20:30 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\drivers\atapi.sys
[2007/03/08 10:20:30 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007/03/08 10:20:30 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/01/18 22:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/18 22:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/18 21:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006/11/02 02:46:03 | 000,061,952 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: LOGEVENT.DLL >
[2006/11/02 02:46:03 | 000,061,952 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2007/01/05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Drivers\system\r148912\nvstor.sys
[2007/01/05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\AppPatch\Custom\Custom] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8342.tmp\ZAP8342.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\temp\temp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.1\CONFLICT.1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.10\CONFLICT.10] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.11\CONFLICT.11] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.12\CONFLICT.12] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.13\CONFLICT.13] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.14\CONFLICT.14] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.15\CONFLICT.15] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.16\CONFLICT.16] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.17\CONFLICT.17] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.18\CONFLICT.18] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.19\CONFLICT.19] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.2\CONFLICT.2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.20\CONFLICT.20] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.21\CONFLICT.21] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.22\CONFLICT.22] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.23\CONFLICT.23] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.24\CONFLICT.24] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.25\CONFLICT.25] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.26\CONFLICT.26] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.27\CONFLICT.27] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.28\CONFLICT.28] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.29\CONFLICT.29] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.3\CONFLICT.3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.30\CONFLICT.30] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.31\CONFLICT.31] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.32\CONFLICT.32] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.33\CONFLICT.33] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.34\CONFLICT.34] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.35\CONFLICT.35] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.36\CONFLICT.36] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.37\CONFLICT.37] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.38\CONFLICT.38] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.39\CONFLICT.39] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.4\CONFLICT.4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.40\CONFLICT.40] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.41\CONFLICT.41] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.42\CONFLICT.42] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.43\CONFLICT.43] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.5\CONFLICT.5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.6\CONFLICT.6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.7\CONFLICT.7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.8\CONFLICT.8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Downloaded Program Files\CONFLICT.9\CONFLICT.9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ehome\CreateDisc\style\style] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ftpcache\ftpcache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Globalization\Globalization] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Help\Corporate\Corporate] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\inf\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\341AFAF514BAAAA438FF893232671C5B\3.20.0\3.20.0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Microsoft.NET\authman\authman] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\msdownld.tmp\msdownld.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\nap\configuration\configuration] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Panther\setup.exe\setup.exe] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Pixart\PXIINST-32\PXIINST-32] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\PLA\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SchCache\SchCache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\security\templates\templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\048167a0e1ade3ad1df23834faa1532e\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16922_none_c5603d92a849343f\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16922_none_c5603d92a849343f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\048167a0e1ade3ad1df23834faa1532e\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.21122_none_c5e9b27fc167074b\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.21122_none_c5e9b27fc167074b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\048167a0e1ade3ad1df23834faa1532e\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.18326_none_c74a7d60a56c2a8c\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.18326_none_c74a7d60a56c2a8c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\048167a0e1ade3ad1df23834faa1532e\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.22515_none_c7ddebb3be829235\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.22515_none_c7ddebb3be829235] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\048167a0e1ade3ad1df23834faa1532e\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6002.18106_none_c9469106a28244f5\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6002.18106_none_c9469106a28244f5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\048167a0e1ade3ad1df23834faa1532e\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6002.22218_none_c9c75e79bba6335e\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6002.22218_none_c9c75e79bba6335e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\0ed8525cd34c2e596682ba760f74f197\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16960_none_f06101a86e846151\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16960_none_f06101a86e846151] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\0ed8525cd34c2e596682ba760f74f197\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21162_none_f0ec772987a0670b\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21162_none_f0ec772987a0670b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\0ed8525cd34c2e596682ba760f74f197\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18364_none_f24b41766ba7579e\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18364_none_f24b41766ba7579e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\0ed8525cd34c2e596682ba760f74f197\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22564_none_f2d4e02784c4f48f\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22564_none_f2d4e02784c4f48f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\0ed8525cd34c2e596682ba760f74f197\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18146_none_f44955b068bba4b5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18146_none_f44955b068bba4b5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\0ed8525cd34c2e596682ba760f74f197\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22268_none_f4bf533781e7af0f\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22268_none_f4bf533781e7af0f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16939_none_b3c27d2921dd6669\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16939_none_b3c27d2921dd6669] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21142_none_b43a20243b09a405\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21142_none_b43a20243b09a405] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18344_none_b598ea711f109498\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18344_none_b598ea711f109498] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22544_none_b6228922382e3189\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22544_none_b6228922382e3189] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18124_none_b794fe171c26af01\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18124_none_b794fe171c26af01] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22247_none_b80bfbe83551d2b2\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22247_none_b80bfbe83551d2b2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\19dcb4d7ce20e97b7a9f6c3ca4d2bfdf\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a0b7baeebffa6ce5672fb92bf0f43c5\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_6a4b28f6b6fb9243\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_6a4b28f6b6fb9243] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a0b7baeebffa6ce5672fb92bf0f43c5\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_6ad49de3d019654f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a0b7baeebffa6ce5672fb92bf0f43c5\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_6c34687ab41f6f39\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_6c34687ab41f6f39] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a0b7baeebffa6ce5672fb92bf0f43c5\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_6c6c8757cd796d3e\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_6c6c8757cd796d3e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a0b7baeebffa6ce5672fb92bf0f43c5\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc25a6eb1887137\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_6dc25a6eb1887137] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1a0b7baeebffa6ce5672fb92bf0f43c5\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_6e402703caaf139b\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_6e402703caaf139b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6000.16977_none_01ab47d21332f233\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6000.16977_none_01ab47d21332f233] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6000.21179_none_0236bd532c4ef7ed\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6000.21179_none_0236bd532c4ef7ed] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.18381_none_0380b4d01067070b\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.18381_none_0380b4d01067070b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22581_none_040a53812984a3fc\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22581_none_040a53812984a3fc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6002.18164_none_057fc9540d7a6d79\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6002.18164_none_057fc9540d7a6d79] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6002.22286_none_05f5c6db26a677d3\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6002.22286_none_05f5c6db26a677d3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16977_none_d7cc82f8f97f7351\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16977_none_d7cc82f8f97f7351] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.21179_none_d857f87a129b790b\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.21179_none_d857f87a129b790b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18381_none_d9a1eff6f6b38829\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18381_none_d9a1eff6f6b38829] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22581_none_da2b8ea80fd1251a\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22581_none_da2b8ea80fd1251a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.18164_none_dba1047af3c6ee97\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.18164_none_dba1047af3c6ee97] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1dc2d41245f49047c99f8babfdb535d0\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.22286_none_dc1702020cf2f8f1\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6002.22286_none_dc1702020cf2f8f1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1df7d45bfe4092a6feec08ab0388603c\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21175_none_cb80fde046b653e3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1df7d45bfe4092a6feec08ab0388603c\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22577_none_cd6966de43dae167] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1df7d45bfe4092a6feec08ab0388603c\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1df7d45bfe4092a6feec08ab0388603c\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1df7d45bfe4092a6feec08ab0388603c\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1df7d45bfe4092a6feec08ab0388603c\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1df7d45bfe4092a6feec08ab0388603c\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\1df7d45bfe4092a6feec08ab0388603c\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\314d1960fdc02e1aa92ca6823a499413\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.17002_none_f0a3b9e66e521f9b\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.17002_none_f0a3b9e66e521f9b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\314d1960fdc02e1aa92ca6823a499413\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21203_none_f12e58e1876ed5e3\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21203_none_f12e58e1876ed5e3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\314d1960fdc02e1aa92ca6823a499413\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18404_none_f28c22e46b76ad1f\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18404_none_f28c22e46b76ad1f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\314d1960fdc02e1aa92ca6823a499413\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22605_none_f316c1df84936367\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22605_none_f316c1df84936367] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\314d1960fdc02e1aa92ca6823a499413\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18184_none_f41c156c68dde1cb\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18184_none_f41c156c68dde1cb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\314d1960fdc02e1aa92ca6823a499413\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22311_none_f4ee62b381c56f20\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22311_none_f4ee62b381c56f20] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\37967479ddfb920bfbc3ce0ecc48ed41\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.16913_none_22dff16cc5023274] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\37967479ddfb920bfbc3ce0ecc48ed41\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.21113_none_23696659de200580\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6000.21113_none_23696659de200580] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\37967479ddfb920bfbc3ce0ecc48ed41\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18315_none_24c830a6c226f613\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18315_none_24c830a6c226f613] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\37967479ddfb920bfbc3ce0ecc48ed41\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.22504_none_255b9ef9db3d5dbc\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.22504_none_255b9ef9db3d5dbc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\37967479ddfb920bfbc3ce0ecc48ed41\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6002.18096_none_26592378bf8d4416\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6002.18096_none_26592378bf8d4416] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\37967479ddfb920bfbc3ce0ecc48ed41\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6002.22208_none_27461209d860183c\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6002.22208_none_27461209d860183c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehepg_31bf3856ad364e35_6.0.6000.16919_none_d9bb3268d1c1d4a1\msil_ehepg_31bf3856ad364e35_6.0.6000.16919_none_d9bb3268d1c1d4a1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehepg_31bf3856ad364e35_6.0.6000.21119_none_da44a755eadfa7ad\msil_ehepg_31bf3856ad364e35_6.0.6000.21119_none_da44a755eadfa7ad] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehepg_31bf3856ad364e35_6.0.6001.18322_none_db8f9f1ccef6d022\msil_ehepg_31bf3856ad364e35_6.0.6001.18322_none_db8f9f1ccef6d022] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehepg_31bf3856ad364e35_6.0.6001.22511_none_dc230d6fe80d37cb\msil_ehepg_31bf3856ad364e35_6.0.6001.22511_none_dc230d6fe80d37cb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehepg_31bf3856ad364e35_6.0.6002.18103_none_dd8cb30ccc0c03e2\msil_ehepg_31bf3856ad364e35_6.0.6002.18103_none_dd8cb30ccc0c03e2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehepg_31bf3856ad364e35_6.0.6002.22215_none_de0d807fe52ff24b\msil_ehepg_31bf3856ad364e35_6.0.6002.22215_none_de0d807fe52ff24b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehexthost_31bf3856ad364e35_6.0.6000.16919_none_bd00af1ec1b137ec\msil_ehexthost_31bf3856ad364e35_6.0.6000.16919_none_bd00af1ec1b137ec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehexthost_31bf3856ad364e35_6.0.6000.21119_none_bd8a240bdacf0af8\msil_ehexthost_31bf3856ad364e35_6.0.6000.21119_none_bd8a240bdacf0af8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehiextens_31bf3856ad364e35_6.0.6000.16919_none_fbe3b60309b695e1\msil_ehiextens_31bf3856ad364e35_6.0.6000.16919_none_fbe3b60309b695e1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehiextens_31bf3856ad364e35_6.0.6000.21119_none_fc6d2af022d468ed\msil_ehiextens_31bf3856ad364e35_6.0.6000.21119_none_fc6d2af022d468ed] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehrecobj_31bf3856ad364e35_6.0.6000.16919_none_88f94fd24b0cabe6\msil_ehrecobj_31bf3856ad364e35_6.0.6000.16919_none_88f94fd24b0cabe6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehrecobj_31bf3856ad364e35_6.0.6000.21119_none_8982c4bf642a7ef2\msil_ehrecobj_31bf3856ad364e35_6.0.6000.21119_none_8982c4bf642a7ef2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehrecobj_31bf3856ad364e35_6.0.6001.18322_none_8acdbc864841a767\msil_ehrecobj_31bf3856ad364e35_6.0.6001.18322_none_8acdbc864841a767] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehrecobj_31bf3856ad364e35_6.0.6001.22511_none_8b612ad961580f10\msil_ehrecobj_31bf3856ad364e35_6.0.6001.22511_none_8b612ad961580f10] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehrecobj_31bf3856ad364e35_6.0.6002.18103_none_8ccad0764556db27\msil_ehrecobj_31bf3856ad364e35_6.0.6002.18103_none_8ccad0764556db27] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehrecobj_31bf3856ad364e35_6.0.6002.22215_none_8d4b9de95e7ac990\msil_ehrecobj_31bf3856ad364e35_6.0.6002.22215_none_8d4b9de95e7ac990] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehshell_31bf3856ad364e35_6.0.6000.16919_none_89ae4da9447562f3\msil_ehshell_31bf3856ad364e35_6.0.6000.16919_none_89ae4da9447562f3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehshell_31bf3856ad364e35_6.0.6000.21119_none_8a37c2965d9335ff\msil_ehshell_31bf3856ad364e35_6.0.6000.21119_none_8a37c2965d9335ff] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehshell_31bf3856ad364e35_6.0.6001.18322_none_8b82ba5d41aa5e74\msil_ehshell_31bf3856ad364e35_6.0.6001.18322_none_8b82ba5d41aa5e74] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehshell_31bf3856ad364e35_6.0.6001.22511_none_8c1628b05ac0c61d\msil_ehshell_31bf3856ad364e35_6.0.6001.22511_none_8c1628b05ac0c61d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehshell_31bf3856ad364e35_6.0.6002.18103_none_8d7fce4d3ebf9234\msil_ehshell_31bf3856ad364e35_6.0.6002.18103_none_8d7fce4d3ebf9234] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_ehshell_31bf3856ad364e35_6.0.6002.22215_none_8e009bc057e3809d\msil_ehshell_31bf3856ad364e35_6.0.6002.22215_none_8e009bc057e3809d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_mcstore_31bf3856ad364e35_6.0.6000.16919_none_c3b09a0a40ad4247\msil_mcstore_31bf3856ad364e35_6.0.6000.16919_none_c3b09a0a40ad4247] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_mcstore_31bf3856ad364e35_6.0.6000.21119_none_c43a0ef759cb1553\msil_mcstore_31bf3856ad364e35_6.0.6000.21119_none_c43a0ef759cb1553] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_mcstore_31bf3856ad364e35_6.0.6001.18322_none_c58506be3de23dc8\msil_mcstore_31bf3856ad364e35_6.0.6001.18322_none_c58506be3de23dc8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_mcstore_31bf3856ad364e35_6.0.6001.22511_none_c618751156f8a571\msil_mcstore_31bf3856ad364e35_6.0.6001.22511_none_c618751156f8a571] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_mcstore_31bf3856ad364e35_6.0.6002.18103_none_c7821aae3af77188\msil_mcstore_31bf3856ad364e35_6.0.6002.18103_none_c7821aae3af77188] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_mcstore_31bf3856ad364e35_6.0.6002.22215_none_c802e821541b5ff1\msil_mcstore_31bf3856ad364e35_6.0.6002.22215_none_c802e821541b5ff1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16919_none_4eabf16098b9d989\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16919_none_4eabf16098b9d989] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.21119_none_4f35664db1d7ac95\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.21119_none_4f35664db1d7ac95] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.18322_none_50805e1495eed50a\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.18322_none_50805e1495eed50a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.22511_none_5113cc67af053cb3\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6001.22511_none_5113cc67af053cb3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.18103_none_527d7204930408ca\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.18103_none_527d7204930408ca] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.22215_none_52fe3f77ac27f733\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6002.22215_none_52fe3f77ac27f733] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16919_none_313a40105a0dd6a3\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16919_none_313a40105a0dd6a3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.21119_none_31c3b4fd732ba9af\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.21119_none_31c3b4fd732ba9af] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18322_none_330eacc45742d224\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18322_none_330eacc45742d224] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22511_none_33a21b17705939cd\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22511_none_33a21b17705939cd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.18103_none_350bc0b4545805e4\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.18103_none_350bc0b4545805e4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.22215_none_358c8e276d7bf44d\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6002.22215_none_358c8e276d7bf44d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16919_none_23959903cf2642b9\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16919_none_23959903cf2642b9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.21119_none_241f0df0e84415c5\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.21119_none_241f0df0e84415c5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.18322_none_256a05b7cc5b3e3a\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.18322_none_256a05b7cc5b3e3a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.22511_none_25fd740ae571a5e3\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6001.22511_none_25fd740ae571a5e3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.18103_none_276719a7c97071fa\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.18103_none_276719a7c97071fa] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.22215_none_27e7e71ae2946063\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6002.22215_none_27e7e71ae2946063] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6000.16919_none_b4272457a51e9088\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6000.16919_none_b4272457a51e9088] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6000.21119_none_b4b09944be3c6394\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6000.21119_none_b4b09944be3c6394] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6001.18322_none_b5fb910ba2538c09\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6001.18322_none_b5fb910ba2538c09] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6001.22511_none_b68eff5ebb69f3b2\x86_microsoft-windows-directshow-mpeg2_31bf3856ad364e35_6.0.6001.22511_none_b68eff5ebb69f3b2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.16919_none_cc3b9dbbcca0c455\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.16919_none_cc3b9dbbcca0c455] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.21119_none_ccc512a8e5be9761\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6000.21119_none_ccc512a8e5be9761] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.18322_none_ce100a6fc9d5bfd6\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.18322_none_ce100a6fc9d5bfd6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.22511_none_cea378c2e2ec277f\x86_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.0.6001.22511_none_cea378c2e2ec277f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16919_none_2df5b0db851b701f\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16919_none_2df5b0db851b701f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.21119_none_2e7f25c89e39432b\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.21119_none_2e7f25c89e39432b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16919_none_2d53d4336cfb74fa\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16919_none_2d53d4336cfb74fa] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.21119_none_2ddd492086194806\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.21119_none_2ddd492086194806] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18322_none_2f2840e76a30707b\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18322_none_2f2840e76a30707b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22511_none_2fbbaf3a8346d824\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22511_none_2fbbaf3a8346d824] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6000.16919_none_2bd15bd5bbe22a69\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6000.16919_none_2bd15bd5bbe22a69] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6000.21119_none_2c5ad0c2d4fffd75\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6000.21119_none_2c5ad0c2d4fffd75] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.18322_none_2da5c889b91725ea\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.18322_none_2da5c889b91725ea] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.22511_none_2e3936dcd22d8d93\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6001.22511_none_2e3936dcd22d8d93] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.18103_none_2fa2dc79b62c59aa\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.18103_none_2fa2dc79b62c59aa] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.22215_none_3023a9eccf504813\x86_microsoft-windows-ehome-ehplayer_31bf3856ad364e35_6.0.6002.22215_none_3023a9eccf504813] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16919_none_5023fdaf535192a0\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16919_none_5023fdaf535192a0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.21119_none_50ad729c6c6f65ac\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.21119_none_50ad729c6c6f65ac] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.18322_none_51f86a6350868e21\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.18322_none_51f86a6350868e21] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.22511_none_528bd8b6699cf5ca\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6001.22511_none_528bd8b6699cf5ca] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.18103_none_53f57e534d9bc1e1\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.18103_none_53f57e534d9bc1e1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.22215_none_54764bc666bfb04a\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6002.22215_none_54764bc666bfb04a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16919_none_36d4c2db16b955b5\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16919_none_36d4c2db16b955b5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.21119_none_375e37c82fd728c1\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.21119_none_375e37c82fd728c1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16919_none_ccdc1605cc4128ba\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16919_none_ccdc1605cc4128ba] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.21119_none_cd658af2e55efbc6\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.21119_none_cd658af2e55efbc6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18322_none_ceb082b9c976243b\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18322_none_ceb082b9c976243b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22511_none_cf43f10ce28c8be4\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22511_none_cf43f10ce28c8be4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16919_none_3a23083c2e16dd5c\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16919_none_3a23083c2e16dd5c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.21119_none_3aac7d294734b068\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.21119_none_3aac7d294734b068] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.16919_none_4980b80557951a97\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.16919_none_4980b80557951a97] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.21119_none_4a0a2cf270b2eda3\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6000.21119_none_4a0a2cf270b2eda3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.18322_none_4b5524b954ca1618\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.18322_none_4b5524b954ca1618] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22511_none_4be8930c6de07dc1\x86_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.0.6001.22511_none_4be8930c6de07dc1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16919_none_de90102a91400756\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16919_none_de90102a91400756] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.21119_none_df198517aa5dda62\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.21119_none_df198517aa5dda62] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18322_none_e0647cde8e7502d7\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18322_none_e0647cde8e7502d7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\471f83cd4b9c2294c1f02fbc9be65d35\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22511_none_e0f7eb31a78b6a80\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22511_none_e0f7eb31a78b6a80] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\5f98c3af36be372ab214b9f263efe97a\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\5f98c3af36be372ab214b9f263efe97a\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.20966_none_87d10496e317a014\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.20966_none_87d10496e317a014] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\5f98c3af36be372ab214b9f263efe97a\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\5f98c3af36be372ab214b9f263efe97a\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.22319_none_87a7ba94e36d7a9b\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.22319_none_87a7ba94e36d7a9b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\5f98c3af36be372ab214b9f263efe97a\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16782_none_8df276136273e58e\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.16782_none_8df276136273e58e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\5f98c3af36be372ab214b9f263efe97a\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.20966_none_7722737b7c1d79bb\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6000.20966_none_7722737b7c1d79bb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\5f98c3af36be372ab214b9f263efe97a\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.18175_none_8dcd2d3962c62571\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.18175_none_8dcd2d3962c62571] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\5f98c3af36be372ab214b9f263efe97a\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.22319_none_76f929797c735442\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6001.22319_none_76f929797c735442] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6000.16932_none_10ba5ae17a3c63eb\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6000.16932_none_10ba5ae17a3c63eb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6000.21134_none_1145d062935869a5\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6000.21134_none_1145d062935869a5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.18336_none_12a49aaf775f5a38\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.18336_none_12a49aaf775f5a38] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.22536_none_132e3960907cf729\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6001.22536_none_132e3960907cf729] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6000.16932_none_6a6083ca5313cd52\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6000.16932_none_6a6083ca5313cd52] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6000.21134_none_6aebf94b6c2fd30c\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6000.21134_none_6aebf94b6c2fd30c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.18336_none_6c4ac3985036c39f\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.18336_none_6c4ac3985036c39f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.22536_none_6cd4624969546090\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6001.22536_none_6cd4624969546090] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6002.18116_none_6e46d73e4d4cde08\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6002.18116_none_6e46d73e4d4cde08] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\72f350f63bdbd0c0e8d4ddab02a0321d\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6002.22240_none_6eaa02896688399b\x86_microsoft-windows-rastls_31bf3856ad364e35_6.0.6002.22240_none_6eaa02896688399b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\7cca38c9b701be6c1367780ab4d569e0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16977_none_f05d33c26e862ea3\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16977_none_f05d33c26e862ea3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\7cca38c9b701be6c1367780ab4d569e0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21179_none_f0e8a94387a2345d\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21179_none_f0e8a94387a2345d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\7cca38c9b701be6c1367780ab4d569e0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18381_none_f232a0c06bba437b\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18381_none_f232a0c06bba437b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\7cca38c9b701be6c1367780ab4d569e0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22581_none_f2bc3f7184d7e06c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22581_none_f2bc3f7184d7e06c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\7cca38c9b701be6c1367780ab4d569e0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18164_none_f431b54468cda9e9\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18164_none_f431b54468cda9e9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\7cca38c9b701be6c1367780ab4d569e0\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22286_none_f4a7b2cb81f9b443\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22286_none_f4a7b2cb81f9b443] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\836334a92fd3736aa3e03cdeacc745a2\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16973_none_6a017a16b7328888\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16973_none_6a017a16b7328888] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\836334a92fd3736aa3e03cdeacc745a2\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21175_none_6a8cef97d04e8e42\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21175_none_6a8cef97d04e8e42] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\836334a92fd3736aa3e03cdeacc745a2\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18377_none_6bebb9e4b4557ed5\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18377_none_6bebb9e4b4557ed5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\836334a92fd3736aa3e03cdeacc745a2\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22577_none_6c755895cd731bc6\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22577_none_6c755895cd731bc6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\836334a92fd3736aa3e03cdeacc745a2\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18160_none_6dd5fb98b17a03ce\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18160_none_6dd5fb98b17a03ce] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\836334a92fd3736aa3e03cdeacc745a2\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22283_none_6e4cf969caa5277f\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22283_none_6e4cf969caa5277f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16945_none_a9beee47f5c5e2eb\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16945_none_a9beee47f5c5e2eb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21148_none_aa4b64130ee101fc\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21148_none_aa4b64130ee101fc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16945_none_29e95462681e73c6\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16945_none_29e95462681e73c6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21148_none_2a75ca2d813992d7\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21148_none_2a75ca2d813992d7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16945_none_6295f56db1145e44\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16945_none_6295f56db1145e44] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21148_none_63226b38ca2f7d55\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21148_none_63226b38ca2f7d55] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18349_none_6480353bae375491\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18349_none_6480353bae375491] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22550_none_64f60166c7652964\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22550_none_64f60166c7652964] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18130_none_6668765bab5da6dc\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18130_none_6668765bab5da6dc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22252_none_66de73e2c489b136\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22252_none_66de73e2c489b136] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.16945_none_690c38b28a505b1b\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.16945_none_690c38b28a505b1b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.21148_none_6998ae7da36b7a2c\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.21148_none_6998ae7da36b7a2c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.18349_none_6af6788087735168\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.18349_none_6af6788087735168] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.22550_none_6b6c44aba0a1263b\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.22550_none_6b6c44aba0a1263b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16945_none_461c7235465a19ef\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16945_none_461c7235465a19ef] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21148_none_46a8e8005f753900\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21148_none_46a8e8005f753900] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16945_none_11369b6a251ed017\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16945_none_11369b6a251ed017] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21148_none_11c311353e39ef28\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21148_none_11c311353e39ef28] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18349_none_1320db382241c664\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18349_none_1320db382241c664] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22550_none_1396a7633b6f9b37\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22550_none_1396a7633b6f9b37] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18130_none_15091c581f6818af\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18130_none_15091c581f6818af] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22252_none_157f19df38942309\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22252_none_157f19df38942309] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16945_none_588f083467335c20\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16945_none_588f083467335c20] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21148_none_591b7dff804e7b31\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21148_none_591b7dff804e7b31] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16945_none_e68f61ec9497b27c\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16945_none_e68f61ec9497b27c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21148_none_e71bd7b7adb2d18d\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21148_none_e71bd7b7adb2d18d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16945_none_c3c43df2616e9e69\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16945_none_c3c43df2616e9e69] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21148_none_c450b3bd7a89bd7a\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21148_none_c450b3bd7a89bd7a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16945_none_0b379708d712722e\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16945_none_0b379708d712722e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\85dc77698f1ff67433d88b59e5524424\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21148_none_0bc40cd3f02d913f\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21148_none_0bc40cd3f02d913f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91a9b8f920315471a87cc9055727dc6b\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16926_none_f09243146e5e8997\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16926_none_f09243146e5e8997] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91a9b8f920315471a87cc9055727dc6b\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21126_none_f11bb801877c5ca3\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21126_none_f11bb801877c5ca3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91a9b8f920315471a87cc9055727dc6b\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18330_none_f267b0126b929e6f\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18330_none_f267b0126b929e6f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91a9b8f920315471a87cc9055727dc6b\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22521_none_f2fd1ef984a738c6\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22521_none_f2fd1ef984a738c6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91a9b8f920315471a87cc9055727dc6b\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18111_none_f464c40268a7d22f\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18111_none_f464c40268a7d22f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\91a9b8f920315471a87cc9055727dc6b\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22224_none_f4e691bf81cad9ef\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22224_none_f4e691bf81cad9ef] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a99eb937227b1356499ce4c07f79734a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16939_none_11456c7e25131982\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16939_none_11456c7e25131982] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a99eb937227b1356499ce4c07f79734a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21142_none_11bd0f793e3f571e\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21142_none_11bd0f793e3f571e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a99eb937227b1356499ce4c07f79734a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18344_none_131bd9c6224647b1\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18344_none_131bd9c6224647b1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a99eb937227b1356499ce4c07f79734a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22544_none_13a578773b63e4a2\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22544_none_13a578773b63e4a2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a99eb937227b1356499ce4c07f79734a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18124_none_1517ed6c1f5c621a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18124_none_1517ed6c1f5c621a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\a99eb937227b1356499ce4c07f79734a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22247_none_158eeb3d388785cb\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22247_none_158eeb3d388785cb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21125_none_395fe8aa98b803ee\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21125_none_395fe8aa98b803ee] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22518_none_3b5421de95d38ed8\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22518_none_3b5421de95d38ed8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22223_none_3d2ac2689306813a\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22223_none_3d2ac2689306813a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16926_none_7abd15c3656ef988\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16926_none_7abd15c3656ef988] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21125_none_7b458a667e8db33d\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21125_none_7b458a667e8db33d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18330_none_7c9282c162a30e60\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18330_none_7c9282c162a30e60] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22518_none_7d39c39a7ba93e27\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22518_none_7d39c39a7ba93e27] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18111_none_7e8f96b15fb84220\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18111_none_7e8f96b15fb84220] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22223_none_7f10642478dc3089\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22223_none_7f10642478dc3089] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\cbd5036f9b9ae5acef10d317a308b436\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6000.16942_none_8d9cb465c6c1faf5\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6000.16942_none_8d9cb465c6c1faf5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\cbd5036f9b9ae5acef10d317a308b436\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6000.21145_none_8e292a30dfdd1a06\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6000.21145_none_8e292a30dfdd1a06] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\cbd5036f9b9ae5acef10d317a308b436\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6001.18347_none_8f87f47dc3e40a99\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6001.18347_none_8f87f47dc3e40a99] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\cbd5036f9b9ae5acef10d317a308b436\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6001.22547_none_9011932edd01a78a\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6001.22547_none_9011932edd01a78a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\cbd5036f9b9ae5acef10d317a308b436\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6002.18127_none_91840823c0fa2502\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6002.18127_none_91840823c0fa2502] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\cbd5036f9b9ae5acef10d317a308b436\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6002.22250_none_91e63324da36673e\x86_microsoft-windows-timedate_31bf3856ad364e35_6.0.6002.22250_none_91e63324da36673e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16916_none_a9e05e55f5aca86f\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16916_none_a9e05e55f5aca86f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21116_none_aa69d3430eca7b7b\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21116_none_aa69d3430eca7b7b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16916_none_2a0ac4706805394a\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16916_none_2a0ac4706805394a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21116_none_2a94395d81230c56\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21116_none_2a94395d81230c56] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16916_none_62b7657bb0fb23c8\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16916_none_62b7657bb0fb23c8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21116_none_6340da68ca18f6d4\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21116_none_6340da68ca18f6d4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18319_none_64a0a4ffae1f00be\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18319_none_64a0a4ffae1f00be] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22508_none_65341352c7356867\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22508_none_65341352c7356867] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18100_none_6688e61fab455309\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.18100_none_6688e61fab455309] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22212_none_6709b392c4694172\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6002.22212_none_6709b392c4694172] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.16916_none_692da8c08a37209f\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.16916_none_692da8c08a37209f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.21116_none_69b71dada354f3ab\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6000.21116_none_69b71dada354f3ab] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.18319_none_6b16e844875afd95\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.18319_none_6b16e844875afd95] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.22508_none_6baa5697a071653e\x86_microsoft-windows-ie-htmlconverter_31bf3856ad364e35_6.0.6001.22508_none_6baa5697a071653e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16916_none_463de2434640df73\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16916_none_463de2434640df73] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21116_none_46c757305f5eb27f\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21116_none_46c757305f5eb27f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16916_none_11580b782505959b\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16916_none_11580b782505959b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21116_none_11e180653e2368a7\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21116_none_11e180653e2368a7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18319_none_13414afc22297291\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18319_none_13414afc22297291] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22508_none_13d4b94f3b3fda3a\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22508_none_13d4b94f3b3fda3a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18100_none_15298c1c1f4fc4dc\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18100_none_15298c1c1f4fc4dc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22212_none_15aa598f3873b345\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22212_none_15aa598f3873b345] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16916_none_58b07842671a21a4\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16916_none_58b07842671a21a4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21116_none_5939ed2f8037f4b0\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21116_none_5939ed2f8037f4b0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16916_none_e6b0d1fa947e7800\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16916_none_e6b0d1fa947e7800] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21116_none_e73a46e7ad9c4b0c\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21116_none_e73a46e7ad9c4b0c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16916_none_c3e5ae00615563ed\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16916_none_c3e5ae00615563ed] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21116_none_c46f22ed7a7336f9\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21116_none_c46f22ed7a7336f9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16916_none_0b590716d6f937b2\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16916_none_0b590716d6f937b2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d465720e0e6d39d4c8c1f6d80acfbc81\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21116_none_0be27c03f0170abe\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21116_none_0be27c03f0170abe] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d8177af1b817fbf8d2321e7fde7213bc\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.16986_none_a4398148f0fb09a2\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.16986_none_a4398148f0fb09a2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d8177af1b817fbf8d2321e7fde7213bc\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.21188_none_a4c4f6ca0a170f5c\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6000.21188_none_a4c4f6ca0a170f5c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d8177af1b817fbf8d2321e7fde7213bc\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.18389_none_a622c0ccee1ee698\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.18389_none_a622c0ccee1ee698] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d8177af1b817fbf8d2321e7fde7213bc\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.22590_none_a6988cf8074cbb6b\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6001.22590_none_a6988cf8074cbb6b] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d8177af1b817fbf8d2321e7fde7213bc\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6002.18158_none_a828a414eb2dcbb9\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6002.18158_none_a828a414eb2dcbb9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\d8177af1b817fbf8d2321e7fde7213bc\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6002.22295_none_a8840052046e8f42\x86_microsoft-windows-directshow-core_31bf3856ad364e35_6.0.6002.22295_none_a8840052046e8f42] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\dbf6dd457152dd2efc92c21feb9a4687\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.17020_none_f08c197a6e6424cf\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.17020_none_f08c197a6e6424cf] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\dbf6dd457152dd2efc92c21feb9a4687\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21225_none_f11ab99d877d4073\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21225_none_f11ab99d877d4073] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\dbf6dd457152dd2efc92c21feb9a4687\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18426_none_f27883a06b8517af\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18426_none_f27883a06b8517af] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\dbf6dd457152dd2efc92c21feb9a4687\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22635_none_f2f6521b84abb73a\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22635_none_f2f6521b84abb73a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\dbf6dd457152dd2efc92c21feb9a4687\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18208_none_f47697da689964c6\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18208_none_f47697da689964c6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\dbf6dd457152dd2efc92c21feb9a4687\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22340_none_f4ccf2a581dea99c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22340_none_f4ccf2a581dea99c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e299352e102f0c24faf167d1ff954d68\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22522_none_044c3353295315ad\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6001.22522_none_044c3353295315ad] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e299352e102f0c24faf167d1ff954d68\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6000.16927_none_d7f7c2a8f95f038d\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6000.16927_none_d7f7c2a8f95f038d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e299352e102f0c24faf167d1ff954d68\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6000.21127_none_d8813796127cd699\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6000.21127_none_d8813796127cd699] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e299352e102f0c24faf167d1ff954d68\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.18331_none_d9cd2fa6f6931865\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.18331_none_d9cd2fa6f6931865] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e299352e102f0c24faf167d1ff954d68\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.22522_none_da629e8e0fa7b2bc\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6001.22522_none_da629e8e0fa7b2bc] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e299352e102f0c24faf167d1ff954d68\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.18112_none_dbca4396f3a84c25\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.18112_none_dbca4396f3a84c25] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e299352e102f0c24faf167d1ff954d68\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.22225_none_dc4c11540ccb53e5\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6002.22225_none_dc4c11540ccb53e5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.21103_none_87147d71b2caa7d1\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.21103_none_87147d71b2caa7d1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22492_none_8898945fb03ae7a2\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22492_none_8898945fb03ae7a2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18087_none_8a053ada9436ffbe\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18087_none_8a053ada9436ffbe] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22196_none_8a83076fad5da222\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.22196_none_8a83076fad5da222] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16903_none_868ac42c99ad21a8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.21103_none_87143919b2caf4b4\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.21103_none_87143919b2caf4b4] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22492_none_88985007b03b3485\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22492_none_88985007b03b3485] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18087_none_8a04f68294374ca1\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.18087_none_8a04f68294374ca1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e46c934496bf8631cc4eed6952b15a78\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.22196_none_8a82c317ad5def05\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6002.22196_none_8a82c317ad5def05] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e545866d232596fd32cfa6a95e64756b\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e545866d232596fd32cfa6a95e64756b\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e545866d232596fd32cfa6a95e64756b\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e545866d232596fd32cfa6a95e64756b\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e545866d232596fd32cfa6a95e64756b\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e545866d232596fd32cfa6a95e64756b\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6000.16951_en-us_10da107fd946a243\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6000.16951_en-us_10da107fd946a243] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6000.21154_en-us_1166864af261c154\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6000.21154_en-us_1166864af261c154] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6001.18356_en-us_12c55097d668b1e7\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6001.18356_en-us_12c55097d668b1e7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6001.22556_en-us_134eef48ef864ed8\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6001.22556_en-us_134eef48ef864ed8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6002.18136_en-us_14c1643dd37ecc50\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6002.18136_en-us_14c1643dd37ecc50] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6002.22258_en-us_153761c4ecaad6aa\x86_microsoft-windows-http.resources_31bf3856ad364e35_6.0.6002.22258_en-us_153761c4ecaad6aa] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.16951_none_aaa5b4031bdbf8a8\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.16951_none_aaa5b4031bdbf8a8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21154_none_ab3229ce34f717b9\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21154_none_ab3229ce34f717b9] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18356_none_ac90f41b18fe084c\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18356_none_ac90f41b18fe084c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22556_none_ad1a92cc321ba53d\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22556_none_ad1a92cc321ba53d] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18136_none_ae8d07c1161422b5\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18136_none_ae8d07c1161422b5] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22258_none_af0305482f402d0f\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22258_none_af0305482f402d0f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.16951_none_f390f4b9a04ce563\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.16951_none_f390f4b9a04ce563] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21154_none_f41d6a84b9680474\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21154_none_f41d6a84b9680474] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18356_none_f57c34d19d6ef507\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18356_none_f57c34d19d6ef507] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22556_none_f605d382b68c91f8\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22556_none_f605d382b68c91f8] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18136_none_f77848779a850f70\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18136_none_f77848779a850f70] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22258_none_f7ee45feb3b119ca\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22258_none_f7ee45feb3b119ca] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.16951_none_7191de9e777b7949\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.16951_none_7191de9e777b7949] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21154_none_721e54699096985a\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21154_none_721e54699096985a] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18356_none_737d1eb6749d88ed\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18356_none_737d1eb6749d88ed] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22556_none_7406bd678dbb25de\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22556_none_7406bd678dbb25de] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18136_none_7579325c71b3a356\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18136_none_7579325c71b3a356] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\e5714d593b88012159cc710921e85968\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22258_none_75ef2fe38adfadb0\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22258_none_75ef2fe38adfadb0] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16971_none_8673a36b4e7ff0f7\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16971_none_8673a36b4e7ff0f7] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21173_none_86ff18ec679bf6b1\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21173_none_86ff18ec679bf6b1] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18375_none_885de3394ba2e744\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18375_none_885de3394ba2e744] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22575_none_88e781ea64c08435\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22575_none_88e781ea64c08435] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18158_none_8a5cf7bd48b64db2\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18158_none_8a5cf7bd48b64db2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22281_none_8abf22be61f28fee\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22281_none_8abf22be61f28fee] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21173_none_893582fea5f32a22\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21173_none_893582fea5f32a22] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16971_none_7d608517542eb295\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16971_none_7d608517542eb295] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21173_none_7debfa986d4ab84f\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21173_none_7debfa986d4ab84f] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18375_none_7f4ac4e55151a8e2\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18375_none_7f4ac4e55151a8e2] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22575_none_7fd463966a6f45d3\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22575_none_7fd463966a6f45d3] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18158_none_8149d9694e650f50\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18158_none_8149d9694e650f50] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\eb8aa708912af7fb366a6ae57d0ac4f0\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22281_none_81ac046a67a1518c\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22281_none_81ac046a67a1518c] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f01c4bbfa608298ce96317823815654c\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6000.16838_none_f831274072c7bd51\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6000.16838_none_f831274072c7bd51] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f01c4bbfa608298ce96317823815654c\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6000.21033_none_f8b59abb8bea11aa\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6000.21033_none_f8b59abb8bea11aa] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f01c4bbfa608298ce96317823815654c\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6001.18234_none_fa1364be6ff1e8e6\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6001.18234_none_fa1364be6ff1e8e6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f01c4bbfa608298ce96317823815654c\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6001.22403_none_fabc72e988f818ad\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6001.22403_none_fabc72e988f818ad] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f01c4bbfa608298ce96317823815654c\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6002.18034_none_fbf9d88c6d183b31\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6002.18034_none_fbf9d88c6d183b31] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\Download\f01c4bbfa608298ce96317823815654c\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6002.22131_none_fc80747986388ef6\x86_microsoft-windows-wmspdmod_31bf3856ad364e35_6.0.6002.22131_none_fc80747986388ef6] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\ScanFile\ScanFile] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\History\Results\Results] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\RtSigs\Data\Data] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\SxsTemp\SxsTemp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\tracing\tracing] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\twain_32\snpstd\snpstd] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\winsxs\Temp\PendingRenames\PendingRenames] -> \Device\__max++>\^ -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CB182372
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:072F1F69
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F3239111
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:AAA4166E
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:387B402D
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:16695B12
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:15A63ACD
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:4FE42FFC
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:28CDD861
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:182786D9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E86244EA
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:404390E0
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:1A4138A0
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:09A43199
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:E0F561FE
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:42CCBD47
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:02A77963
@Alternate Data Stream - 326 bytes -> C:\ProgramData\TEMP:B9502C3B
@Alternate Data Stream - 299 bytes -> C:\ProgramData\TEMP:B59658A8
@Alternate Data Stream - 298 bytes -> C:\ProgramData\TEMP:54ECDCF4
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:EE1F3AC9
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:641C3888
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:CAFA2B66
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:B3A1E064
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:5F91AB27
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:9FC5F43A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:F69BB936
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CA4300C6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:DD2A808F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:6B46EF3B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DE4B5886
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4C4BD503
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ABDDBC11
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0E11E400
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FD5FB170
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:37C8DB03
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EB42AC3C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:9AF9C79E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:38D53DB8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1C4D3509
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:13ABD3EC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FF3DA68B
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F6E0ED6E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C8A0BC27
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4025876E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2871B698
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D88F83CD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8A8B2585
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:71B00D9A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:89117BDE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3DAC3B29
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F9D83120
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:851F7DE0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:79AC0D92
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2320420B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F6424B89
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:F44D3C53
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B31F805F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:6425A235
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:60B211FF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:417B6FAC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3DD2AE2E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:38760F1C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0A79F77B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:047BC9DD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EBD8123D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:9EB7AC80
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F321F01E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E07EA07E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D6CC3E51
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8401B6D5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3539CD43
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:256D39D9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C6D0EC31
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BBA245E5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:71BCDC6D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D7D575C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A688EF17
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8FC4D5E3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7BB82651
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:638DF261
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:63596073
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3BE7E50E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2881AFC0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E8B5993B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B8F55F6A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A3251D01
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9371B810
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8C065E0D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:59FC1BE7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2F6462DF
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E39052E1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:7AF9CAEB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:60B38AF3
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EA28756E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E6F859C9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D3EFD0C3
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A51C9924
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:78CC8F21
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BADEA6EA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8CCA8DB4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:51F17BB8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:178D4338
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9A00FBCA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:517B507A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:14859C24
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:07258B96
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8BB2EC84
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7D9D2CAF
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:7C7AA745
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:72ABE5B6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:D09AEE3D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:BDE8ABEA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:435657D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E717F65C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DF0BC727
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D936299C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:CC5913E6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7C477099
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5E7801FF
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2550BC9D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:13FB6DB8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB9AF090
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B85E5267
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:A234C49E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:55EFEB27
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A09C2EEE
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:C6798065
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:90A19D42
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:8DC48A72
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:6CA8BD9A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:52747E44
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:313C5814
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:25EFDD27
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:69C58877
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F4F4A435
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:BD27B7FC
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:AFE4982F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9D59097E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:876B6C70
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8511DA13
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7E6454EB
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7A0F364C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:75A098F6
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:38CEAA1E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F14D1F80
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:E3F37A7D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C6FB18EA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:9DF07E8F
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF76F21
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:2032CC2B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:09064307
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BAEDC81B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:09CEBED1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:D650D56C
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:7D9568BA
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4AC9B4B7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E5C6753
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:11DA80B5
< End of report >

Here is the Extra.txt. (It wouldn't let me post both in one reply, it said it was too long).


Extras.txt:
OTL Extras logfile created on: 3/20/2010 4:51:43 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\RAC\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 553.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 11.95 Gb Free Space | 8.60% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.09 Gb Free Space | 60.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMS
Current User Name: RAC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2138957976-3906981958-2417775570-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B2B5335-87D2-4384-835A-62DCAE1AD035}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{20697330-2200-4683-8BBC-816204156139}" = lport=6881 | protocol=6 | dir=in | name=wow3 |
"{2AF87823-365D-459E-A60F-CB52384E83D8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B644738-046E-46DC-8B95-F70A4F6A115E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3054570A-ACFD-4247-B045-4D7D9A4193C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{346519C6-9248-4DF9-935A-F0545D01BA5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3483212B-89F2-487E-AC48-40AA615CCC7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{432B009F-3824-472F-B2F6-C6E10779F4EE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4867127A-DD27-4155-8785-50983A3654E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D8500B7-E6B4-4E02-ABC0-7FAF9E29635F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E8F7617-5925-4853-85F5-EA8561B7AEB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{532EBE6A-D3D5-4E0D-8C7E-4891E37207EC}" = lport=6112 | protocol=6 | dir=in | name=world of warcraft |
"{640A1CF6-5AB5-42EC-8AB4-E351FD9FE38C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6497E7EC-0B3E-4504-AE76-E98511898AD8}" = lport=10244 | protocol=6 | dir=in | app=system |
"{6609709A-E20E-4448-8445-8B29F0A6E39C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{67E6F28C-0994-42AA-AE7D-DC9D2386227E}" = lport=3724 | protocol=6 | dir=in | name=wow1 |
"{6992AA87-DCDE-418D-8FD2-CD456510722C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70438F3D-DDC9-4D93-98AC-2DFB9EF5FE8F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74B15EBA-086A-447C-B92B-9CDB916364FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78D83797-DF81-4B51-8EE5-52187FF56A72}" = lport=3724 | protocol=17 | dir=in | name=world of warcraft |
"{8129D773-F144-47CC-813A-70345C702BEF}" = lport=6112 | protocol=6 | dir=in | name=wow2 |
"{83A27319-3AAF-4058-ACA8-D93AEDF09F87}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{95C7ADE7-37EC-455D-A97D-69DD54AA7DA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A99DDF0-6908-483F-B6FD-0DF95CF4E642}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9C4580CC-6898-4819-B42D-372BABDA53E2}" = lport=1119 | protocol=6 | dir=in | name=world of warcraft |
"{9CB59183-7AFE-448E-BD7A-E6DD930F3503}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FDA96A9-95CC-430F-A967-3E7CDFDE43EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A533BCCA-B121-4C89-9404-00E72DF31230}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9D6D25E-D68B-433D-9103-F2FB408FB386}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFEC4870-29BB-40C5-B6CA-9F2CC71D6562}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B941C3E6-A593-4F31-9490-2EA481CB87D8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B95ADF41-F0E4-47C2-948E-C964A2F19206}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{C0489D63-7C5D-48A0-B1F7-5B57EF42C9AA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C28B1CBF-4C13-4F61-86A5-CA1CA6299CCA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C6D3FADE-5F11-4CBC-BB32-915AE2C2A0EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4577B8E-1F03-4DEF-BEE3-29D0E67208FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D504216E-3A1E-4E4C-A14B-338C1E1742B8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D9B4A5A5-D4F5-41C4-AD62-75FA7E73E86A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E55555E8-9156-47A4-82C0-6F44FF828ADC}" = rport=10244 | protocol=6 | dir=out | app=system |
"{E5DF3B9C-A02C-496A-BA19-8B750B473DC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008B535C-897F-4CF1-BE66-286A4F5E7C16}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{01A8FED0-79AF-4515-9F94-94D5919DE831}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{06421388-3CF5-436F-AF98-CEA66B8B7E22}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{066F660E-D75A-4D50-B7A7-7EA3F043CBC0}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{0CC83224-059A-471B-B744-5C465DFB2AD2}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{1352215D-FA39-4A76-9C2C-C308BCC4D912}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{19E55DD7-F92E-4E25-A895-9808744EC06D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{1C2DBE88-46E3-44D1-9307-0E127BC2AAD3}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{1D0280C5-2D5E-478C-B196-D52DF241AEB6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{1E80753C-B466-4024-B191-4843F8BDC424}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{2EF08575-86C0-4C53-A8DF-06A8AC60396A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{32CA2BFF-7872-4083-B3FC-D23FFE286A7C}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{36F7832E-05C0-4D04-BB01-C847FF750788}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{399C2CB6-DF6A-42C0-A19A-5B650CC0C621}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{39DA8459-2AB6-4563-B423-27AD16EEACCC}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{39F40CC8-875E-447E-8290-6E1AC31E0D4A}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{43525B14-AF30-4800-8FC3-F669CA1CB424}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{45025EA8-B32E-417F-ABAC-C379D48ACF08}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{496A7D57-16B8-429D-B8BE-0D1612DC3A64}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5021C4EA-66CA-4220-8956-0C0026D35926}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{57D480AE-5E3C-405A-BD95-ECB2F1A30584}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{5BABC42F-A48A-44A7-AC59-AE578DFE854B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D0F24F8-FEE5-4092-B784-297CF8139F4B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{621B6C9A-B73C-4C6D-8792-87C5540DF625}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{62DD709E-B006-4C71-A88F-B773D9A4B158}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{6424A462-6A15-4F26-8533-23F91C06F11B}" = protocol=6 | dir=out | app=system |
"{667B4D29-4BFC-4495-8887-B8FBC12E0127}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6CE03681-E228-4713-9B61-5480304DB47A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{703D66C6-1A6D-4B0E-BAA2-EFBFABCF4257}" = protocol=17 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{743201F1-80A3-4E68-9997-9FC50F3CD0C8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{76FE2E5A-B71D-4710-ACCD-E910A91C58FC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7836BB91-653E-48A2-AE52-F23B858B85AB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{7836C430-9EE7-4979-A2B2-AE30A59F4DBC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{79B9E6BD-FBD7-456A-A5B0-DF9E49E9CE29}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{8068B980-B4AD-4A67-AAAC-BB54C5DE8F11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{860D43ED-4018-4EEC-A37F-8255ED96FD8B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{89D2EB2B-CA61-4ECD-ACBC-8DC7F2F0109C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{8AD138CC-BF43-4D63-98CA-94BCEEF6BBC9}" = protocol=6 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{8EB84563-454C-4744-A394-ADCC361DC172}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F67FF09-9D88-45DE-8480-05995F1BC80E}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{927977CB-DE49-4517-878D-EEF5441C16DF}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{927F9B9D-7137-475D-AC54-1213F327F009}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{92C170CC-7401-4583-AFCC-F964AD0DC8E8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{98130FB3-C37F-458F-BA66-E539013BC6DA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9FEDB834-C77A-4D0C-9611-4773B9105295}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{A25DEC53-94CB-4C2B-9B77-86B9AA12A5A9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A641EC37-2600-4ADF-B55E-D2D9644E22DA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A6D9D6BA-C6BF-4502-AED2-62EC155926CF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{ABC0A8C2-17FE-47EB-AB16-A817223F92EB}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{ACF28FFB-331F-43D6-9854-67C4FE461DA6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B33CE97B-130B-45BF-8590-45164D35D4B9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B651CBE2-C936-4A6E-AA34-EE0F00BCFB1B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BDA480A7-7AC5-4ABF-A54C-127279C4F503}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{BDC46B0A-6289-4B24-8166-5749806E6D42}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{BE4FEB0D-03C0-4AFE-B1E4-1D704E28C41E}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{BE9820C0-30BC-4A65-ACCB-D9860C2BAE32}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{BEA028FD-0D6A-4811-AB79-461DFC57C5D9}" = protocol=17 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{C2A3F4AE-0BEF-429F-A7BA-8BEB0638BDB3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C2ED9A83-3EC5-4D17-81DE-76548009B4A4}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{C6108B7C-F308-45D1-8564-7DFF10CE7C4F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C6DA2F5B-BE52-436F-AE51-0BF9E896CADB}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{C86FF8A0-7BFC-45FC-8272-1483152326E7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D2C4C785-C311-4CB4-BFAD-DBEA2076D048}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D3B13AE6-7A81-4B2D-9424-385756CA5DBC}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{D72C76E1-41FE-4446-842F-09D9C14746F0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{D77327DB-E4A2-48C8-ACDA-BF5E1BE818B8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{D7EEB24B-522D-4F5B-9F7A-A2ACB86D6BFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DB625EE2-A942-4CF4-9D18-F68F11EB880B}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{DBDEEF9F-15CA-4BF8-B7EA-7F3A0FB56433}" = protocol=6 | dir=in | app=c:\program files\qwest\quickconnect\quickconnect.exe |
"{E065DD7E-B2C6-47AC-91EB-70AFDC716EFA}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E2735F89-9B76-41B6-B275-C6CA7BC95E71}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{E3A35AC5-23E5-48BC-93E3-25370B4E094A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{ED09D621-C5B6-4A38-B091-8BCCACC7E5A1}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{EF8B2165-09A9-494D-8AFF-7498324EA7FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F5809F0E-12C5-427A-9419-C5E2928260D9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{F5C7919E-BBBF-41F2-AFED-4DEA01F667E6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F5E89C41-72BD-429E-A06A-9FC443E6FD80}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{F8ADFC2A-57C0-4AEC-B3B4-80CF0D46274A}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{FEC64184-7CE1-45A7-8C98-2EF5658B8BA6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{14E95701-0267-4580-A0BA-1956E925B51D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{159D74D3-67EB-4D6C-AB62-8459E6A37FC5}C:\program files\novalogic\delta force\df.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force\df.exe |
"TCP Query User{1C791AF6-86EC-4466-AB59-A8260468C807}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{1E8214AB-FCEB-493A-BA4E-05508F5BED59}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1FD81517-563B-476F-BC3B-0C745FBDB23D}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{339E01FC-4EC6-4BBF-A8FA-E3B5C3FE5547}C:\program files\v cast music with rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"TCP Query User{400219A0-3E8B-41E1-B32A-AFD5E67B6FA8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{50DC9865-1234-493F-AA70-CBC14CB98DB0}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{553CDB27-170D-4414-B2EC-DE919BB75ED2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{705D65C5-DA29-4690-9345-E2C64D76047D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{829450FC-3616-4686-94B7-095285DCE135}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8CA62B43-67A6-4BEC-83F3-BEE34B873800}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{910F074C-7661-4222-B877-B93CB0A5D88F}C:\program files\ubi soft games\conquest frontier wars\conquest.exe" = protocol=6 | dir=in | app=c:\program files\ubi soft games\conquest frontier wars\conquest.exe |
"TCP Query User{A44602B0-5826-4CF6-BC5A-DEE93388BAD5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{AD1C8AE7-AD6E-4B2D-B8C9-807DB7F81423}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B6EA1988-AB62-467B-8D6E-ED62C226C604}C:\users\rac\appdata\local\temp\blizzard launcher temporary - 1e75eb40\launcher.exe" = protocol=6 | dir=in | app=c:\users\rac\appdata\local\temp\blizzard launcher temporary - 1e75eb40\launcher.exe |
"TCP Query User{B997B742-FD47-4BB9-A24E-EF4EDDE47B5A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D199B8B1-31A7-47CD-BB5E-267B13EE16DC}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{D46CDBAA-7730-4F16-AB2B-B81EE0B60741}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{D80762CC-F884-4BBC-B3E2-B84436FF05D9}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{FB41AEE9-64FB-4657-B65E-AE2B8EF39803}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{03C92C38-D7F8-41E6-8BE5-7F5257BCF812}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{08B009B6-B29C-4DA4-ADBA-E1E7B8B7A864}C:\program files\ubi soft games\conquest frontier wars\conquest.exe" = protocol=17 | dir=in | app=c:\program files\ubi soft games\conquest frontier wars\conquest.exe |
"UDP Query User{1D8B2EF3-5609-47FF-8140-5CE0918A6CC3}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{2C5F67F7-82BC-47B2-85D1-9502B73C64E3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{30A02BD9-EACA-440E-B9D7-CE29E576B293}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{32D7ACDA-F3D2-45CD-9A62-488CCF62DB70}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{36689882-0A00-45C3-AC35-84C7C52BE207}C:\users\rac\appdata\local\temp\blizzard launcher temporary - 1e75eb40\launcher.exe" = protocol=17 | dir=in | app=c:\users\rac\appdata\local\temp\blizzard launcher temporary - 1e75eb40\launcher.exe |
"UDP Query User{4137277A-F30E-4622-A1F7-A2A7D99DF60F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{4715613C-E43C-4D7F-BAC0-18556A31A046}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{5540ECDB-50EF-43F3-B9F0-31B7C72CFD76}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{62734055-A802-4445-9FA0-BBE0DD3B6769}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6D8353BB-5D58-491B-954C-98112F07660B}C:\program files\v cast music with rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\v cast music with rhapsody\rhapsody.exe |
"UDP Query User{6EEDC09A-09EF-4C48-B63C-DA8602371171}C:\program files\novalogic\delta force\df.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force\df.exe |
"UDP Query User{85E7258E-0A8E-4AAE-8D89-89DA26267E82}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A69DF379-AFA4-4384-8202-A9AE37DC7D88}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{B4AA80A4-D7E6-4A37-909E-43165AF205FD}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{D9E74DDE-5129-4192-9CFA-6BA5AD06AA4B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E002A71C-DE62-4631-BEE6-0A7E8D21E130}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E0ED2051-753A-4419-8040-AA76D62D6CB3}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E64121C0-3E9B-48CF-A735-2A12E2A2F18A}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{F2BB4580-9537-47C0-966F-0959934AB9E7}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1306C737-0AF4-46C7-B282-64E099304712}" = Smart Menus (Windows Live Toolbar)
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{377B2121-65F6-4C5F-998F-5284DEF41F3E}" = COMODO livePCsupport
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5FAFA143-AB41-4AAA-83FF-98232376C1B5}" = MHC Interactive: GED Integrated Online Solution
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{971B9FC4-84A4-4513-AAD0-E2898CBCD42E}" = QuickConnect
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = Game Service 4
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C6522325-92ED-4312-A45A-04E45896C130}" = WLTB Custom Buttons
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}" = ATI Catalyst Control Center Ex
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"3D Halloween Holiday Screensaver_is1" = 3D Halloween Holiday Screensaver 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aleks 3.9" = Aleks 3.9
"am-kurostm" = Kuros™
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CreataCard Gold 3" = CreataCard Gold 3
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"FG_1.5" = JumpStart 1st Grade v1.5
"FL Studio 9" = FL Studio 9
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Frogger" = Frogger v3.0e
"GIMPshop" = GIMPshop 2.2.8
"Gmask 1.70 English" = Gmask 1.70 English
"Google Updater" = Google Updater
"Hardcore" = Hardcore
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"InstallShield_{5FAFA143-AB41-4AAA-83FF-98232376C1B5}" = MHC Interactive: GED Integrated Online Solution
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"legacyqcam_11.10" = Logitech Legacy USB Camera Driver Package
"LimeWire" = LimeWire 5.1.2
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"PoiZone" = PoiZone
"PRC_1.0" = JumpStart Parent Resource Center v1.0
"PRSCHL99_2.0" = JumpStart Preschool v2.0
"QwestQuickCare_is1" = Qwest Quickcare 2.5
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Sawer" = Sawer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SimCopterv1.0" = SimCopter
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"TomTom HOME" = TomTom HOME 2.7.2.1825
"Toxic Biohazard" = Toxic Biohazard
"TrojanHunter_is1" = TrojanHunter 5.3
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2138957976-3906981958-2417775570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"QUICKMEDIACONVERTER" = Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2010 5:54:30 PM | Computer Name = Toms | Source = Application Error | ID = 1000
Description = Faulting application CurseClient.exe, version 4.0.0.10, time stamp
0x4b7b180f, faulting module 28927sys.dll, version 1.0.0.1, time stamp 0x4b8cf1b4,
exception code 0xc0000005, fault offset 0x00005cf0, process id 0xϐ< ϐ< , application
start time 0xϐ< ϐ< .

Error - 3/18/2010 11:48:11 AM | Computer Name = Toms | Source = VSS | ID = 8194
Description =

Error - 3/18/2010 11:50:33 AM | Computer Name = Toms | Source = VSS | ID = 8194
Description =

Error - 3/18/2010 1:57:46 PM | Computer Name = Toms | Source = Application Error | ID = 1000
Description = Faulting application mobsync.exe, version 6.0.6000.16386, time stamp
0x4549b06a, faulting module 28927sys.dll, version 1.0.0.1, time stamp 0x4b8cf1b4,
exception code 0xc0000005, fault offset 0x00005cf0, process id 0x1254, application
start time 0x01cac6c481c59027.

Error - 3/19/2010 5:58:09 AM | Computer Name = Toms | Source = Application Hang | ID = 1002
Description = The program TrojanHunter.exe version 5.3.0.994 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1f2c Start Time: 01cac74a7088e318 Termination Time: 0

Error - 3/19/2010 5:58:42 AM | Computer Name = Toms | Source = Application Hang | ID = 1002
Description = The program TrojanHunter.exe version 5.3.0.994 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1370 Start Time: 01cac74ab513da88 Termination Time: 12

Error - 3/19/2010 6:22:38 AM | Computer Name = Toms | Source = Application Error | ID = 1000
Description = Faulting application Mystify.scr, version 6.0.6000.16386, time stamp
0x4549b0cf, faulting module 28927sys.dll, version 1.0.0.1, time stamp 0x4b8cf1b4,
exception code 0xc0000005, fault offset 0x00005cf0, process id 0x1bd4, application
start time 0x01cac74e177f55f0.

Error - 3/19/2010 4:03:06 PM | Computer Name = Toms | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module 28927sys.dll, version 1.0.0.1, time stamp 0x4b8cf1b4,
exception code 0xc0000005, fault offset 0x00005cf0, process id 0x19cc, application
start time 0x01cac79f2fc43620.

Error - 3/20/2010 1:24:38 PM | Computer Name = Toms | Source = Application Error | ID = 1000
Description = Faulting application Mystify.scr, version 6.0.6000.16386, time stamp
0x4549b0cf, faulting module 28927sys.dll, version 1.0.0.1, time stamp 0x4b8cf1b4,
exception code 0xc0000005, fault offset 0x00005cf0, process id 0x1e94, application
start time 0x01cac85236b0bbd0.

Error - 3/20/2010 4:30:54 PM | Computer Name = Toms | Source = Application Hang | ID = 1002
Description = The program TrojanHunter.exe version 5.3.0.994 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 19dc Start Time: 01cac86c284a3700 Termination Time: 6

[ Media Center Events ]
Error - 5/22/2008 10:52:05 AM | Computer Name = Toms | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/24/2008 5:31:59 PM | Computer Name = Toms | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 2/27/2009 10:17:50 PM | Computer Name = Toms | Source = Mcx2Dvcs | ID = 405
Description =

Error - 2/27/2009 10:22:02 PM | Computer Name = Toms | Source = Mcx2Dvcs | ID = 405
Description =

Error - 10/11/2009 11:40:26 PM | Computer Name = Toms | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/16/2010 4:13:43 PM | Computer Name = Toms | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.

Error - 3/16/2010 4:13:43 PM | Computer Name = Toms | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 3/16/2010 4:15:47 PM | Computer Name = Toms | Source = Service Control Manager | ID = 7000
Description =

Error - 3/17/2010 5:14:18 PM | Computer Name = Toms | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:12:48 PM on 3/17/2010 was unexpected.

Error - 3/17/2010 5:15:17 PM | Computer Name = Toms | Source = Service Control Manager | ID = 7000
Description =

Error - 3/17/2010 5:19:33 PM | Computer Name = Toms | Source = Service Control Manager | ID = 7022
Description =

Error - 3/17/2010 5:29:03 PM | Computer Name = Toms | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:25:59 PM on 3/17/2010 was unexpected.

Error - 3/17/2010 5:30:28 PM | Computer Name = Toms | Source = Service Control Manager | ID = 7000
Description =

Error - 3/17/2010 5:52:21 PM | Computer Name = Toms | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:50:46 PM on 3/17/2010 was unexpected.

Error - 3/17/2010 5:53:52 PM | Computer Name = Toms | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 PM

Posted 21 March 2010 - 02:54 PM

Hi,

you are obviously infected.
Please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Swayvo

Swayvo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 21 March 2010 - 08:59 PM

Ran ComboFix, and here's a copy of the log it created afterwards:

ComboFix 10-03-21.02 - RAC 03/21/2010 18:22:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1022.434 [GMT -7:00]
Running from: c:\users\RAC\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2138957976-3906981958-2417775570-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\A360
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe.tmp
c:\program files\FunWebProducts
c:\users\RAC\AppData\Local\Temp\28927sys.dll
c:\users\RAC\AppData\Roaming\.#
c:\users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url
c:\users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\RAC\FAVORI~1\Download programs.url
c:\users\RAC\FAVORI~1\Games.url
c:\users\RAC\Favorites\Download programs.url
c:\users\RAC\Favorites\Games.url
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\AutoRun.inf
c:\windows\system32\Connect.dll
c:\windows\TEMP\logishrd\LVPrcInj06.dll

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_msliksurserv


((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.

2010-03-22 01:17 . 2010-03-22 01:18 -------- d-----w- C:\32788R22FWJFW
2010-03-16 07:09 . 2010-03-16 07:09 -------- d-----w- c:\users\RAC\AppData\Roaming\TrojanHunter
2010-03-15 22:07 . 2010-03-21 22:02 -------- d-----w- c:\program files\TrojanHunter 5.3
2010-03-11 10:02 . 2010-02-20 21:46 14848 ----a-w- c:\windows\system32\iisreset.exe
2010-03-11 10:02 . 2010-02-20 23:52 8192 ----a-w- c:\windows\system32\iisrstap.dll
2010-03-11 10:02 . 2010-02-20 23:52 148480 ----a-w- c:\windows\system32\iisRtl.dll
2010-03-11 10:02 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 10:02 . 2010-02-20 23:50 51200 ----a-w- c:\windows\system32\admwprox.dll
2010-03-11 10:02 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 10:02 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 10:01 . 2010-02-20 23:55 10752 ----a-w- c:\windows\system32\wamregps.dll
2010-03-11 06:13 . 2010-03-11 06:13 -------- d-----w- c:\programdata\XoftSpySE
2010-03-10 23:00 . 2010-03-10 23:00 -------- d-----w- C:\Sandbox
2010-03-10 22:58 . 2010-03-16 18:26 -------- d-----w- c:\programdata\COMODO
2010-03-10 22:57 . 2010-03-16 18:28 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-03-10 22:33 . 2010-03-10 22:53 -------- d-----w- c:\program files\COMODO
2010-03-10 21:21 . 2010-03-14 22:43 -------- d-----w- c:\programdata\Comodo Downloader
2010-03-08 00:43 . 2010-03-11 05:57 -------- d-----w- c:\program files\a-squared Free
2010-02-24 13:48 . 2010-01-23 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 13:47 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 13:47 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 13:47 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 13:47 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 13:47 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 13:47 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 13:47 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 13:47 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 13:47 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-02-20 03:09 . 2010-02-24 13:32 -------- d-----w- c:\program files\Starcraft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 01:04 . 2009-09-23 17:13 0 ----a-r- c:\windows\win32k.sys
2010-03-22 00:58 . 2008-12-08 00:28 -------- d-----w- c:\programdata\avg8
2010-03-22 00:48 . 2008-03-30 05:41 -------- d-----w- c:\program files\AVG
2010-03-21 23:10 . 2009-05-21 23:44 -------- d-----w- c:\programdata\Google Updater
2010-03-21 19:58 . 2008-09-21 12:44 -------- d-----w- c:\users\RAC\AppData\Roaming\U3
2010-03-19 19:33 . 2009-06-02 15:02 141289 ----a-w- c:\windows\hpoins14.dat
2010-03-16 08:14 . 2008-07-18 14:02 1356 ----a-w- c:\users\RAC\AppData\Local\d3d9caps.dat
2010-03-16 07:09 . 2009-09-05 16:47 -------- d-----w- c:\program files\JL2005B
2010-03-15 00:19 . 2008-06-20 09:47 -------- d-----w- c:\users\RAC\AppData\Roaming\uTorrent
2010-03-11 10:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 10:04 . 2009-01-03 06:21 -------- d-----w- c:\program files\Movie Maker 2.6
2010-03-10 23:03 . 2008-07-05 17:49 -------- d-----w- c:\program files\mIRC
2010-03-08 05:26 . 2009-12-18 07:14 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-07 23:29 . 2008-05-07 00:49 -------- d-----w- c:\program files\TomTom HOME 2
2010-02-27 19:15 . 2008-02-06 16:32 155960 ----a-w- c:\users\RAC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 23:52 . 2010-01-12 23:50 439816 ----a-w- c:\users\RAC\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-19 05:56 . 2008-06-20 09:48 -------- d-----w- c:\program files\uTorrent
2010-02-16 07:48 . 2010-02-16 07:48 -------- d-----w- c:\program files\Gmask 1.70 English
2010-01-25 07:48 . 2008-02-17 18:03 -------- d-----w- c:\users\RAC\AppData\Roaming\LimeWire
2010-01-22 13:44 . 2008-08-24 01:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 14:27 . 2008-04-04 05:25 1322 ----a-w- c:\users\RAC\AppData\Roaming\wklnhst.dat
2009-12-28 12:36 . 2010-02-10 07:52 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 07:52 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-10 07:52 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-10 07:52 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-10 07:52 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-10 07:52 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-10 07:52 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-10 07:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-10 07:52 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-10 07:52 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-26 08:23 . 2009-12-26 08:23 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2007-03-08 17:20 . 2007-03-08 17:19 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 17:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-30 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickCare"="c:\program files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-05-31 202016]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-10 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

c:\users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-5 0]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Gold\FMRemind.exe [2009-1-8 189952]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-8 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-3-20 91440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 gupdate1c9e1795d650ef9;Google Update Service (gupdate1c9e1795d650ef9);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 133104]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-07-24 23096]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-13 148744]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-23 11:38]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:52]

2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 22:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://qwest.live.com
mStart Page = hxxp://qwest.live.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: mhcontemporary.com\www
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: {A0F8CDF2-4D71-4D52-B393-5B9BA3C1D307} = 205.171.3.25,205.171.2.25
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\plvhg580.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 18:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\ehome\ehmsas.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\Mystify.scr
.
**************************************************************************
.
Completion time: 2010-03-21 18:50:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-22 01:50

Pre-Run: 8,099,024,896 bytes free
Post-Run: 7,968,665,600 bytes free

- - End Of File - - 0FE435AB6FB81DB342748DC958A591C5


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 PM

Posted 22 March 2010 - 04:27 PM

Hi,

ComboFix took out a good part of the infection.


Download Win32kDiag from any of the following locations and save it to your Desktop.Please make sure that a copy of win32kdiag.exe is located on your desktop.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:
    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

How is your PC doing now?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Swayvo

Swayvo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 22 March 2010 - 07:53 PM

I won't let me add either of those things as a reply so i'm going to try to add them as attachements, though last time it did not work.
Attached File  Win32kDiag.txt   369.07KB   9 downloads
Attached File  Junctionlog.txt   10.76KB   9 downloads

#8 Swayvo

Swayvo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 22 March 2010 - 07:54 PM

Oh and my computer seems to be doing fine now, and the WoW launcher no longer detects a trojan.
I'm not an expert so i can't tell if it's truly gone, but thank you very much for your help!
thumbup.gif

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 PM

Posted 24 March 2010 - 03:58 PM

Hi,

there are still leftovers:
We need to reset the permissions altered by the malware on some files.
  • Download this tool and save it to the desktop: http://download.bleepingcomputer.com/sUBs/...xes/Inherit.exe
  • Go to Start => Run => Copy and paste the first line of the following lines in the run box and click OK:
    "%userprofile%\desktop\inherit" "c:\Windows\System32\taskeng.exe"
    "%userprofile%\desktop\inherit" "c:\Windows\System32\mrt.exe"
    "%userprofile%\desktop\inherit" "c:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6000.16386_none_e3758b32c1ef5c83\taskeng.exe"
    "%userprofile%\desktop\inherit" "c:\Program Files\AVG\AVG8\avgcsrvx.exe"
  • If you get a security warning select Run.
  • You will get a "Finish" popup. Click OK.
  • Do the same for the rest of the lines until you have run all the above commands one by one.


Then run Win32kDiag again:
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Swayvo

Swayvo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 27 March 2010 - 02:46 PM

After downloading what you said to and running the commands, i rand Win32kDiag again, here's the log:

Running from: C:\Users\RAC\Desktop\Win32kDiag.exe

Log file at : C:\Users\RAC\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-03-25 19:25:21 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2010-03-22 11:25:06 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2010-03-25 19:25:10 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2010-03-25 19:25:03 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\twain_32\snpstd\snpstd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames

Mount point destination : \Device\__max++>\^



Finished!



#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 PM

Posted 30 March 2010 - 06:40 AM

Hi,

Can you please run Win32kdiag once more:
please run win32kdiag.exe again, with the following command to fix some malware related changes.
Please make sure that a copy of win32kdiag.exe is located on your desktop.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:47 PM

Posted 07 April 2010 - 06:22 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users