Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Xerinous on July 10, 2010, 07:25:00 PM

Title: Can't run programs or connect to internet
Post by: Xerinous on July 10, 2010, 07:25:00 PM

Recently I started having trouble on my desktop, which runs Windows XP. I turned it on, noticed that my task bar appearance had changed, tried to open firefox and ran straight into a blank page. My router is working as normal, as demonstrated by the four laptops that have used it, so that isn't the problem. Firefox isn't the problem either, I tried to open Internet Explorer and it wouldn't even stay open for more than half a second. I can't run Malware Bytes, it gives an error message. Basically anything that requires some connection to the internet fails to open. System Restore doesn't open, and I can't rearrange files, so I'm rather certain it's due to some form of malware. If anyone could help, that would be great, I feel like I'm missing a limb because of this.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 10, 2010, 09:12:58 PM

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

• Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not attach logs or post them in Quote/Code boxes unless requested.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 11, 2010, 10:42:20 AM

So should I put it onto a CD and put it onto the computer from there? Can't download it directly because the internet is not showing any connection even on the connections page in the control panel, despite everything being set up correctly.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 11, 2010, 11:07:41 PM

That would work.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 12, 2010, 10:46:34 AM

Alright here's the log I got.

ComboFix 10-07-11.03 - Timothy Donovan 07/12/2010  11:26:00.1.2 - x86
Running from: D:\ComboFix.exe
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bszip.dll
c:\windows\system32\qstwa.bak1
c:\windows\system32\qstwa.bak2
c:\windows\system32\qstwa.ini
c:\windows\system32\qstwa.ini2
c:\windows\system32\qstwa.tmp
c:\windows\system32\vybeg.bak1
c:\windows\system32\vybeg.bak2
c:\windows\system32\vybeg.ini
c:\windows\system32\vybeg.ini2
c:\windows\system32\vybeg.tmp

.
(((((((((((((((((((((((((   Files Created from 2010-06-12 to 2010-07-12  )))))))))))))))))))))))))))))))
.

2010-07-07 18:54 . 2010-07-07 18:54   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 16:31 . 2007-04-20 19:01   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-07-01 18:07 . 2010-01-16 05:11   --------   d-----w-   c:\program files\Common Files\Akamai
2010-05-19 13:27 . 2006-04-09 21:10   --------   d-----w-   c:\program files\Plaxo
2010-05-19 01:08 . 2005-12-17 20:46   56   --sh--r-   c:\windows\system32\BAA61B515F.sys
2010-05-19 01:08 . 2005-12-17 20:46   3350   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-05-19 01:01 . 2009-10-17 05:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-19 00:38 . 2010-05-19 00:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Corel Photo Album
2010-05-15 15:25 . 2010-03-08 23:02   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-05-15 15:15 . 2010-05-15 15:15   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Intuit
2010-05-15 15:15 . 2010-05-15 15:15   105864   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-15 15:01 . 2010-05-15 15:01   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2010-04-22 02:56 . 2009-10-11 19:14   75   -c--a-w-   c:\documents and settings\Timothy Donovan\jagex_runescape_preferences2.dat
2010-04-22 02:56 . 2008-07-01 14:21   41   -c--a-w-   c:\documents and settings\Timothy Donovan\jagex_runescape_preferences.dat
2010-04-17 01:22 . 2010-04-17 01:22   0   ----a-w-   c:\documents and settings\Timothy Donovan\jagex__preferences3.dat
2010-04-15 02:17 . 2010-04-04 06:34   3548488   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-15 00:13 . 2009-12-03 13:55   79488   -c--a-w-   c:\documents and settings\Paul Donovan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-14 23:09 . 2010-04-13 00:17   79488   ----a-w-   c:\documents and settings\Susan Donovan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-08 16:57 . 2009-11-08 16:57   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-01-05 22:04 . 2010-04-13 23:28   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
2004-08-04 11:00 . 2004-08-11 23:00   94784   -csh--w-   c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-11 23:00   50688   --sh--w-   c:\windows\twain_32.dll
2008-04-14 00:11 . 2004-08-11 23:00   1028096   --sha-w-   c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2004-08-11 23:00   57344   --sha-w-   c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-11 23:00   413696   --sha-w-   c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-11 23:00   343040   --sha-w-   c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-11 23:00   551936   --sh--w-   c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-11 23:00   84992   --sha-w-   c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-11 23:00   11776   --sh--w-   c:\windows\system32\regsvr32.exe
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\system32\mshtml.dll
[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\system32\wininet.dll
[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 11:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 11:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

c:\windows\System32\svchost.exe ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"CTHelper"="CTHELPER.EXE" [2005-08-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 19968]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-07-22 126464]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"BellSouthAlertManager.exe"="c:\program files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 1896448]
"HostManager"="c:\program files\Common Files\AOL\1144616972\ee\AOLSoftware.exe" [2008-06-24 41824]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-04-03 777424]
"AOLSPScheduler"="c:\program files\Common Files\AOL\1144616972\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 8784]
"sscRun"="c:\program files\Common Files\AOL\1144616972\ee\SSCRun.exe" [2006-11-20 153168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-08 30192]
"HelpCenter"="c:\program files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 192512]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-12 198160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-08 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-02-12 136744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 12, 2010, 10:50:14 AM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\AOLOpenRide.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-23 93320]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-01-05 55456]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-08 30192]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-05 83496]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-26 3457036]
R3 XDva273;XDva273;c:\windows\system32\XDva273.sys

R3 XDva280;XDva280;c:\windows\system32\XDva280.sys

R3 XDva281;XDva281;c:\windows\system32\XDva281.sys

R4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\Paul Donovan\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [2007-09-20 32768]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-05 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-05 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-01-05 312584]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-07 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-11 00:12]

2010-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-06 22:53]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 23:28]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 23:28]

2010-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

2010-04-02 c:\windows\Tasks\Norton Security Scan for Timothy Donovan.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-24 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Timothy Donovan\Application Data\Mozilla\Firefox\Profiles\8uj2im52.Tim\
FF - component: c:\documents and settings\Timothy Donovan\Application Data\Mozilla\Firefox\Profiles\8uj2im52.Tim\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-CTXFIREG - CTxfiReg.exe
Notify-awtqn - c:\windows\system32\awtqn.dll
Notify-awvvw - awvvw.dll
AddRemove-AOL Regclient - c:\program files\AOL\RC\uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 12:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTHelper = CTHELPER.EXE?
  CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2213691641-1270660180-3033463972-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="IvYm8r10vEOr2OHBBgqVoXh+hELpCPgj1H3zzCQdKweCnSHpzxnOMw=="
"PLCK"="zryAREhu/6Ym2Xa1veOP0d9bzaNJJKGB"
"Percents"="0 0.1372 0.3231 0.5966 0.8352 0.9148 0.9229 "
"Increment"=".003268"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2432)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\CTHELPER.EXE
c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe
c:\program files\Citrix\ICA Client\pnagent.exe
c:\program files\McAfee Security Scan\1.0.150\McUICnt.exe
.
**************************************************************************
.
Completion time: 2010-07-12  12:39:44 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-12 16:39

Pre-Run: 91,828,195,328 bytes free
Post-Run: 98,368,073,728 bytes free

- - End Of File - - 301B97EB9C281CC0FD38C19405F43FAA

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 13, 2010, 02:03:43 PM

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

Code: [Select]

killall::

FCopy::
c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\System32\svchost.exe

Reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  (http://i35.tinypic.com/2v3rg44.jpg)
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 13, 2010, 03:16:47 PM

I can't seem to drag the file onto Combofix, or any file anywhere for that matter. I tried opening it with Combofix but that didn't work; after about 3 or 4 stages the machine reboots automatically, giving an error message saying that the RPC terminated unexpectedly and caused "NT AUTHORITY\(something)" to shut down the machine. I couldn't get the whole message because it gave a 60-second countdown and restarted.

Anything else I should try?

I also can't get Combofix onto the computer itself, but I can run it from the CD.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 13, 2010, 10:42:26 PM

Try this

Start > Run

type in this and hit OK. See if it works:

ComboFix "c:\documents and settings\Timothy Donovan\desktop\CFScript.txt"

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 14, 2010, 11:42:52 AM

ComboFix 10-07-11.03 - Timothy Donovan 07/14/2010  13:22:25.4.2 - x86
Running from: I:\ComboFix.exe
Command switches used :: i:CFScript.txt
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2010-06-14 to 2010-07-14  )))))))))))))))))))))))))))))))
.

2010-07-13 21:08 . 2008-04-14 00:12   14336   ----a-w-   c:\windows\system32\dllcache\svchost.exe
2010-07-07 18:54 . 2010-07-07 18:54   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 16:31 . 2007-04-20 19:01   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-07-01 18:07 . 2010-01-16 05:11   --------   d-----w-   c:\program files\Common Files\Akamai
2010-05-19 13:27 . 2006-04-09 21:10   --------   d-----w-   c:\program files\Plaxo
2010-05-19 01:08 . 2005-12-17 20:46   56   --sh--r-   c:\windows\system32\BAA61B515F.sys
2010-05-19 01:08 . 2005-12-17 20:46   3350   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-05-19 01:01 . 2009-10-17 05:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-19 00:38 . 2010-05-19 00:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Corel Photo Album
2010-05-15 15:25 . 2010-03-08 23:02   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-05-15 15:15 . 2010-05-15 15:15   105864   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-22 02:56 . 2009-10-11 19:14   75   -c--a-w-   c:\documents and settings\Timothy Donovan\jagex_runescape_preferences2.dat
2010-04-22 02:56 . 2008-07-01 14:21   41   -c--a-w-   c:\documents and settings\Timothy Donovan\jagex_runescape_preferences.dat
2010-04-17 01:22 . 2010-04-17 01:22   0   ----a-w-   c:\documents and settings\Timothy Donovan\jagex__preferences3.dat
2009-11-08 16:57 . 2009-11-08 16:57   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-01-05 22:04 . 2010-04-13 23:28   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
2004-08-04 11:00 . 2004-08-11 23:00   94784   -csh--w-   c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-11 23:00   50688   --sh--w-   c:\windows\twain_32.dll
2008-04-14 00:11 . 2004-08-11 23:00   1028096   --sha-w-   c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2004-08-11 23:00   57344   --sha-w-   c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-11 23:00   413696   --sha-w-   c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-11 23:00   343040   --sha-w-   c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-11 23:00   551936   --sh--w-   c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-11 23:00   84992   --sha-w-   c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-11 23:00   11776   --sh--w-   c:\windows\system32\regsvr32.exe
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\system32\mshtml.dll
[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\system32\wininet.dll
[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 11:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 11:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

c:\windows\System32\svchost.exe ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"CTHelper"="CTHELPER.EXE" [2005-08-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 19968]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-07-22 126464]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"BellSouthAlertManager.exe"="c:\program files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 1896448]
"HostManager"="c:\program files\Common Files\AOL\1144616972\ee\AOLSoftware.exe" [2008-06-24 41824]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-04-03 777424]
"AOLSPScheduler"="c:\program files\Common Files\AOL\1144616972\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 8784]
"sscRun"="c:\program files\Common Files\AOL\1144616972\ee\SSCRun.exe" [2006-11-20 153168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-08 30192]
"HelpCenter"="c:\program files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 192512]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-12 198160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-08 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-02-12 136744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\AOLOpenRide.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 14, 2010, 11:45:01 AM

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-23 93320]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-01-05 55456]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-08 30192]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-05 83496]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-26 3457036]
R3 XDva273;XDva273;c:\windows\system32\XDva273.sys

R3 XDva280;XDva280;c:\windows\system32\XDva280.sys

R3 XDva281;XDva281;c:\windows\system32\XDva281.sys

R4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\Paul Donovan\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [2007-09-20 32768]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-05 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-05 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-01-05 312584]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-07 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-11 00:12]

2010-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-06 22:53]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 23:28]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 23:28]

2010-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

2010-04-02 c:\windows\Tasks\Norton Security Scan for Timothy Donovan.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-24 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Timothy Donovan\Application Data\Mozilla\Firefox\Profiles\8uj2im52.Tim\
FF - component: c:\documents and settings\Timothy Donovan\Application Data\Mozilla\Firefox\Profiles\8uj2im52.Tim\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 13:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTHelper = CTHELPER.EXE?
  CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2213691641-1270660180-3033463972-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="IvYm8r10vEOr2OHBBgqVoXh+hELpCPgj1H3zzCQdKweCnSHpzxnOMw=="
"PLCK"="zryAREhu/6Ym2Xa1veOP0d9bzaNJJKGB"
"Percents"="0 0.1372 0.3231 0.5966 0.8352 0.9148 0.9229 "
"Increment"=".003268"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-14  13:39:17
ComboFix-quarantined-files.txt  2010-07-14 17:39
ComboFix2.txt  2010-07-12 16:39

Pre-Run: 98,391,961,600 bytes free
Post-Run: 98,365,194,240 bytes free

- - End Of File - - FCEDEEED83E144C1EED6CB82673597CB

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 14, 2010, 01:27:54 PM

Try the CFScript one more time, please.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 14, 2010, 01:31:50 PM

Okay here's the new log.

ComboFix 10-07-11.03 - Timothy Donovan 07/14/2010  15:40:50.5.2 - x86
Running from: I:\ComboFix.exe
Command switches used :: i:CFScript.txt
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2010-06-14 to 2010-07-14  )))))))))))))))))))))))))))))))
.

2010-07-07 18:54 . 2010-07-07 18:54   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 16:31 . 2007-04-20 19:01   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-07-01 18:07 . 2010-01-16 05:11   --------   d-----w-   c:\program files\Common Files\Akamai
2010-05-19 13:27 . 2006-04-09 21:10   --------   d-----w-   c:\program files\Plaxo
2010-05-19 01:08 . 2005-12-17 20:46   56   --sh--r-   c:\windows\system32\BAA61B515F.sys
2010-05-19 01:08 . 2005-12-17 20:46   3350   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-05-19 01:01 . 2009-10-17 05:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-19 00:38 . 2010-05-19 00:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Corel Photo Album
2010-05-15 15:25 . 2010-03-08 23:02   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-05-15 15:15 . 2010-05-15 15:15   105864   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-22 02:56 . 2009-10-11 19:14   75   -c--a-w-   c:\documents and settings\Timothy Donovan\jagex_runescape_preferences2.dat
2010-04-22 02:56 . 2008-07-01 14:21   41   -c--a-w-   c:\documents and settings\Timothy Donovan\jagex_runescape_preferences.dat
2010-04-17 01:22 . 2010-04-17 01:22   0   ----a-w-   c:\documents and settings\Timothy Donovan\jagex__preferences3.dat
2009-11-08 16:57 . 2009-11-08 16:57   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-01-05 22:04 . 2010-04-13 23:28   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
2004-08-04 11:00 . 2004-08-11 23:00   94784   -csh--w-   c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-11 23:00   50688   --sh--w-   c:\windows\twain_32.dll
2008-04-14 00:11 . 2004-08-11 23:00   1028096   --sha-w-   c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2004-08-11 23:00   57344   --sha-w-   c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-11 23:00   413696   --sha-w-   c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-11 23:00   343040   --sha-w-   c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-11 23:00   551936   --sh--w-   c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-11 23:00   84992   --sha-w-   c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-11 23:00   11776   --sh--w-   c:\windows\system32\regsvr32.exe
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\system32\mshtml.dll
[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\system32\wininet.dll
[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 11:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 11:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

c:\windows\System32\svchost.exe ... is missing !!
.
(((((((((((((((((((((((((((((   SnapShot@2010-07-14_17.33.22   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-14 19:35 . 2010-07-14 19:35   16384              c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2010-07-14 19:35 . 2010-07-14 19:35   16384              c:\windows\Temp\Perflib_Perfdata_738.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"CTHelper"="CTHELPER.EXE" [2005-08-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 19968]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-07-22 126464]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"BellSouthAlertManager.exe"="c:\program files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 1896448]
"HostManager"="c:\program files\Common Files\AOL\1144616972\ee\AOLSoftware.exe" [2008-06-24 41824]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-04-03 777424]
"AOLSPScheduler"="c:\program files\Common Files\AOL\1144616972\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 8784]
"sscRun"="c:\program files\Common Files\AOL\1144616972\ee\SSCRun.exe" [2006-11-20 153168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-08 30192]
"HelpCenter"="c:\program files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 192512]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-12 198160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-08 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-02-12 136744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\AOLOpenRide.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 14, 2010, 01:58:27 PM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-23 93320]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-01-05 55456]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-08 30192]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-05 83496]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-26 3457036]
R3 XDva273;XDva273;c:\windows\system32\XDva273.sys

R3 XDva280;XDva280;c:\windows\system32\XDva280.sys

R3 XDva281;XDva281;c:\windows\system32\XDva281.sys

R4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\Paul Donovan\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [2007-09-20 32768]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-05 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-05 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-01-05 312584]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-07 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-11 00:12]

2010-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-06 22:53]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 23:28]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 23:28]

2010-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

2010-04-02 c:\windows\Tasks\Norton Security Scan for Timothy Donovan.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-24 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Timothy Donovan\Application Data\Mozilla\Firefox\Profiles\8uj2im52.Tim\
FF - component: c:\documents and settings\Timothy Donovan\Application Data\Mozilla\Firefox\Profiles\8uj2im52.Tim\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 15:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTHelper = CTHELPER.EXE?
  CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2213691641-1270660180-3033463972-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="IvYm8r10vEOr2OHBBgqVoXh+hELpCPgj1H3zzCQdKweCnSHpzxnOMw=="
"PLCK"="zryAREhu/6Ym2Xa1veOP0d9bzaNJJKGB"
"Percents"="0 0.1372 0.3231 0.5966 0.8352 0.9148 0.9229 "
"Increment"=".003268"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(516)
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-14  15:57:00
ComboFix-quarantined-files.txt  2010-07-14 19:56
ComboFix2.txt  2010-07-14 17:39
ComboFix3.txt  2010-07-12 16:39

Pre-Run: 98,385,338,368 bytes free
Post-Run: 98,358,685,696 bytes free

- - End Of File - - 8817C8FE000DD3FD0D162438BDE95282

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 15, 2010, 01:00:00 AM

This is not working.

Please download DrWeb-CureIt (http://ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe) and save it to your Desktop. Do NOT perform a scan yet

• Double-click on drweb-cureit.exe to start the program.
  An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now, Click OK to start the scan.
  This is a short scan that will scan the files currently running in memory.
  If something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis
  
• Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  
• Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  
• When finished, a message will be displayed at the bottom advising if any viruses were found.
• Click Yes to all if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found.

If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit when you have finished.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 17, 2010, 02:01:40 PM

Alright, four scan attempts later, here's the log it gave.

HPI_Exit.exe;C:\Program Files\Hewlett-Packard\Update;BackDoor.Infum.2;Deleted.;
A0411217.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2121;BackDoor.Infum.2;Deleted.;

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 17, 2010, 09:18:46 PM

Are you still having the same issues?

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 17, 2010, 10:12:55 PM

Yes, it's as if nothing has changed.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 18, 2010, 01:37:49 PM

svchost.exe still needs replaced.

We may have to replace it in the Recovery Console. Do you have an XP cd?

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 18, 2010, 03:02:18 PM

I'm afraid not. We may have misplaced it, if we ever had one, we haven't had need of it in years.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 18, 2010, 04:29:10 PM

Actually I guess we do, we found it.

Would have just edited the last post but the button disappeared.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 19, 2010, 12:03:54 PM

Boot to the XP installation cd.
At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".

When you are asked for the Administrator password, leave it blank and press "Enter".

Copy the following two files to the root directory of the primary hard disk. In the example we are copying these files from the CD-ROM drive letter "E". This letter may be different on your computer. At the command prompt (C:\Windows>), type the following, pressing "Enter" after each one:

expand e:\i386\svchost.EX_ c:\WINDOWS\system32\svchost.exe

Once this is completed successfully, remove the CD from the computer and reboot.


NOTE: If the CD drive is not the E:\ drive, then change the letter to correspond to the CD drive.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 19, 2010, 01:14:10 PM

Well this is odd.

It reads the CD without a problem until the Recovery Console starts, then the drive seems to shut down. It tells me there's not a CD in the drive, and when I tried to open the drive it wouldn't open and the light on the front of it had turned off.

And now after exiting the console and trying again, it gives a blue screen with the message:
"STOP: c0000221 Unknow Hard Error
  \SystemRoot\System32\ntdll.dll"

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 19, 2010, 10:19:20 PM

Download RC.ISO (http://www.thecomputerparamedic.com/files/rc.iso) and save it somewhere you can find it.

Download MagicISO (http://www.magiciso.com/download.htm) and install it.

Start MagicISO. When it asks you to register, just close that window...the program should remain open. Click on "File" and then on "Open"...navigate to the RC.ISO file you downloaded, select it, and click "Open".

Click "File" on the toolbar and choose "Save As".  Name the file RCplus and save it somewhere you can find it.

Put a blank CD-R disk in your CD burner and close the tray...when the AutoPlay window opens, close it.

Click "Tools" on the toolbar and choose "Burn CD/DVD with ISO". In the CD/DVD Image file area, click the little folder, navigate to the newly created RCplus.iso image file, and click "Open". In the CD/DVD Writing Speed drop-down menu, choose the top 8X setting. Format should have "Mode 1" selected...if not, select it. Click on the "Burn It!" button.

Once this disk is burned, put it in the machine you're working on and restart.

At the C:\Windows> prompt, Type the same command as I gave you above (in blue).

Then, reboot the computer. Let me know if it worked.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 20, 2010, 10:39:40 AM

Still having the same problem, when I enter the Recovery Console, the drive stops working, giving me the error that there is no CD in the drive, even though there is.
I also got an "Access is denied" a couple times.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 20, 2010, 12:59:41 PM

They are really not making this easy, are they?

We are going to be using a Windows Recovery Environment to help disinfect the system.

Download the OTLPE Network REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPENet.exe (http://oldtimer.geekstogo.com/OTLPENet.exe) and double-click on it to burn to a CD using ISO Burner.
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)

• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
    
  • Press Run Scan to start the scan.
    
  • When finished, the file will be saved  in drive C:\_OTL\MovedFiles
    
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 20, 2010, 02:47:26 PM

When I try to open OTLPE, it doesn't ask me to load the remote registry, it asks me to "Choose Windows Directory". Choosing my hard drive prompts the error "target is not Windows 2000 or later".

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 20, 2010, 11:29:47 PM

Please re-run ComboFix and post a log.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 21, 2010, 11:13:05 AM

Alright log number four:

ComboFix 10-07-20.03 - Timothy Donovan 07/21/2010  14:49:34.6.2 - x86
Running from: I:\ComboFix.exe
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2010-06-21 to 2010-07-21  )))))))))))))))))))))))))))))))
.

2010-07-07 18:54 . 2010-07-07 18:54   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 16:31 . 2007-04-20 19:01   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-07-01 18:07 . 2010-01-16 05:11   --------   d-----w-   c:\program files\Common Files\Akamai
2010-05-19 01:08 . 2005-12-17 20:46   56   --sh--r-   c:\windows\system32\BAA61B515F.sys
2010-05-19 01:08 . 2005-12-17 20:46   3350   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-05-15 15:25 . 2010-03-08 23:02   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-05-15 15:15 . 2010-05-15 15:15   105864   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-08 16:57 . 2009-11-08 16:57   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-01-05 22:04 . 2010-04-13 23:28   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
2004-08-04 11:00 . 2004-08-11 23:00   94784   -csh--w-   c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-11 23:00   50688   --sh--w-   c:\windows\twain_32.dll
2008-04-14 00:11 . 2004-08-11 23:00   1028096   --sha-w-   c:\windows\system32\mfc42.dll
2008-04-14 00:12 . 2004-08-11 23:00   57344   --sha-w-   c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-11 23:00   413696   --sha-w-   c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-11 23:00   343040   --sha-w-   c:\windows\system32\msvcrt.dll
2008-04-14 00:12 . 2004-08-11 23:00   551936   --sh--w-   c:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2004-08-11 23:00   84992   --sha-w-   c:\windows\system32\olepro32.dll
2008-04-14 00:12 . 2004-08-11 23:00   11776   --sh--w-   c:\windows\system32\regsvr32.exe
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\system32\mshtml.dll
[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-16 . EBB75B113E74E90074382347B74D652B . 2181376 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 11CDD81560E766101F0032EB05872C1B . 2136064 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 8DF112C341425F29DB4566B8D2A96A7F . 2185984 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\system32\wininet.dll
[-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . 21E7890F1EC89BEF0AF7C08D730AE317 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[-] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 11:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . 1EE6B94ACA7BE115A1813BBCA65099A8 . 2058368 . . [5.1.2600.3670] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP2GDR\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . E832C72D32FA117CB0D033C5EA95B58F . 2015744 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-08-04 . 97E912E94CCED4064F5DEEE5C25A9278 . 2062976 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486_0$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 11:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll

c:\windows\System32\svchost.exe ... is missing !!

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 21, 2010, 11:13:47 AM

.
(((((((((((((((((((((((((((((   SnapShot@2010-07-14_17.33.22   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-21 18:37 . 2010-07-21 18:37   16384              c:\windows\Temp\Perflib_Perfdata_75c.dat
+ 2010-07-21 18:37 . 2010-07-21 18:37   16384              c:\windows\Temp\Perflib_Perfdata_72c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
"CTHelper"="CTHELPER.EXE" [2005-08-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-11 19968]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-07-22 126464]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-09-18 110592]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-17 106496]
"BellSouthAlertManager.exe"="c:\program files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 1896448]
"HostManager"="c:\program files\Common Files\AOL\1144616972\ee\AOLSoftware.exe" [2008-06-24 41824]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-04-03 777424]
"AOLSPScheduler"="c:\program files\Common Files\AOL\1144616972\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 8784]
"sscRun"="c:\program files\Common Files\AOL\1144616972\ee\SSCRun.exe" [2006-11-20 153168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-08 30192]
"HelpCenter"="c:\program files\Bellsouth\HelpCenter\bin\sprtcmd.exe" [2006-10-30 192512]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-12 198160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-08 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-02-12 136744]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1144616972\\ee\\AOLOpenRide.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-23 93320]
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 271480]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-01-05 55456]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-08 30192]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-05 83496]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-26 3457036]
R3 XDva273;XDva273;c:\windows\system32\XDva273.sys

R3 XDva280;XDva280;c:\windows\system32\XDva280.sys

R3 XDva281;XDva281;c:\windows\system32\XDva281.sys

R4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\Paul Donovan\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [2007-09-20 32768]
R4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-01-05 82952]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-05 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-05 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-01-05 312584]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-01-05 88480]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-07 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-11 00:12]

2010-04-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-06 22:53]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 23:28]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 23:28]

2010-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]

2010-04-02 c:\windows\Tasks\Norton Security Scan for Timothy Donovan.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-24 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Timothy Donovan\Application Data\Mozilla\Firefox\Profiles\8uj2im52.Tim\
FF - component: c:\documents and settings\Timothy Donovan\Application Data\Mozilla\Firefox\Profiles\8uj2im52.Tim\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 15:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTHelper = CTHELPER.EXE?
  CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2213691641-1270660180-3033463972-1010\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="IvYm8r10vEOr2OHBBgqVoXh+hELpCPgj1H3zzCQdKweCnSHpzxnOMw=="
"PLCK"="zryAREhu/6Ym2Xa1veOP0d9bzaNJJKGB"
"Percents"="0 0.1372 0.3231 0.5966 0.8352 0.9148 0.9229 "
"Increment"=".003268"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-21  15:06:35
ComboFix-quarantined-files.txt  2010-07-21 19:06
ComboFix2.txt  2010-07-14 19:57
ComboFix3.txt  2010-07-14 17:39
ComboFix4.txt  2010-07-12 16:39

Pre-Run: 99,979,112,448 bytes free
Post-Run: 100,054,794,240 bytes free

- - End Of File - - 88700C703D437D50B13C8A1CE86F8A48

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 21, 2010, 12:27:30 PM

See if you can run this:

Download Bootkit Remover (http://www.esagelab.com/files/bootkit_remover.rar) to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/ (http://www.7-zip.org/)
  
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
  
• Press CTRL C
• Open a Notepad and press CTRL V
• Post the output back here.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 21, 2010, 01:39:04 PM

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd

     Size  Device Name          MBR Status
 --------------------------------------------
   149 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)


Press any key to quit...

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 22, 2010, 12:21:27 AM

Hmm...appears either a disk sector is damaged, or Bootkit Remover cannot read the first sector of the hard disk.

Nonetheless, let's take a look at the kernel.

Download Kernel Detective: http://www.kernelmode.info/ARKs/Kernel_Detective_v1.3.1.zip (http://www.kernelmode.info/ARKs/Kernel_Detective_v1.3.1.zip)

Extract the file to your Desktop.

Enter the folder and double-click on Kernel Detective.exe to get started.

We need four different logs, to be uploaded.

Click on Kernel Modifications tab, then click on File > Save Current List, and give it a name. The name should be in *.txt format.

Save the log to your Desktop.

Do the same for the Drivers tab, System Service Descriptor Table, and the System Service Descriptor Table Shadow.

Attach all the logs to your next reply.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 22, 2010, 09:41:53 AM

Alright here are the logs I got, titled by the tab they came from.

[recovering disk space - old attachment deleted by admin]

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 23, 2010, 12:02:19 AM

Try this real quick:

Please open Notepad and enter in the following:

Quote

@echo off
start remover.exe fix \.\PhysicalDrive0
exit

Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 23, 2010, 11:21:49 AM

Here's what running remover.exe gave:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd

     Size  Device Name          MBR Status
 --------------------------------------------
   149 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)


Press any key to quit...

remover.bat gave an error:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

CreateFile() ERROR 2
ERROR: Can't open physical disk device.

Press any key to quit...

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 23, 2010, 08:57:30 PM

Try once more, please.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 23, 2010, 10:31:32 PM

Nothing changes, I'm given the exact same messages once more.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 25, 2010, 11:46:22 PM

Let's try something else...

Please download avz4.zip from

HERE (http://z-oleg.com/avz4.zip)

• Unzip it to your desktop to a folder named avz4
  
• Double click on AVZ.exe to run it.
  
• Run an update by clicking the Auto Update button on the Right of the Log window: (http://perplexus.geekstogo.com/avz-update-button.png)
  
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

• Start AVZ.
• Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.

(http://perplexus.geekstogo.com/avz-standardscripts-asa-removal.png)

• Click on the Execute selected scripts.
• Automatic scanning, healing and system check will be executed.
• A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  [*It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  
• All applications will work properly after the system restart.

When restarted

• Start AVZ.
• Choose from the menu "File" => "Standard scripts " and mark the Advanced System Analysis" check box.

(http://perplexus.geekstogo.com/avz-standardscripts-asa.png)

• Click on the "Execute selected scripts".
• A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post[/list][/list][/list]

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 26, 2010, 03:32:13 PM

I can't get the files onto the flashdrive to attach them, I've tried every way I know, nothing works.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 26, 2010, 09:57:00 PM

The internet is still down on the infected machine?

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 26, 2010, 11:06:19 PM

Yes, yes it is.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 27, 2010, 12:05:56 PM

What other signs of infection are there?

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 27, 2010, 02:10:01 PM

Response times are slower than normal, files cannot be moved, by drag-and-drop or otherwise, Internet Explorer doesn't stay open for more than a second or so when the attempt is made (Firefox does, but stays at a blank page), on logging onto a user profile an error message is given:
 "RegisterClassObjects failed: hRes = 0x800706BA
  The RPC server is unavailable
  Maximum retry attempts exceeded".
Most programs that require some form of connection to the internet refuse to run, including Malware Bytes. iTunes opens but does not play anything. My taskbar has changed to the gray block-like appearance found in older versions of Windows, and icons on the desktop cannot be arranged by drag-and-drop but can by right-clicking.

That's what I can see at least.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 28, 2010, 03:21:33 PM

That means the MBR code from the malware is still there. :|

Whenever rootkit scanners, and antivirus software scan for the rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

Problem is, you could try to replace every file on the system, but still the rootkit will show its face.

Please download DrWeb-CureIt (http://ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe) and save it to your Desktop. Do NOT perform a scan yet

• Double-click on drweb-cureit.exe to start the program.
  An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now, Click OK to start the scan.
  This is a short scan that will scan the files currently running in memory.
  If something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis
  
• Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  
• Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  
• When finished, a message will be displayed at the bottom advising if any viruses were found.
• Click Yes to all if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found.

If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit when you have finished.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 29, 2010, 11:42:52 AM

I couldn't save the report list, there was nothing found though.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on July 29, 2010, 12:38:55 PM

Please download F-Secure's Blacklight from ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe

• Save it to your Desktop
• Double-click fsbl.exe then accept the agreement.
  
• click > scan then > next,
• You'll see a list of all items found.
• Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
• There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
• Post the contents of the log in your next reply.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on July 29, 2010, 02:44:41 PM

07/29/10 18:29:40 [Info]: BlackLight Engine 2.2.1092 initialized
07/29/10 18:29:40 [Info]: OS: 5.1 build 2600 (Service Pack 3)
07/29/10 18:29:40 [Note]: 7019 4
07/29/10 18:29:40 [Note]: 7005 0
07/29/10 18:29:47 [Note]: 7006 0
07/29/10 18:29:47 [Note]: 7011 2020
07/29/10 18:29:47 [Note]: 7035 0
07/29/10 18:29:47 [Note]: 7026 0
07/29/10 18:29:47 [Note]: 7026 0
07/29/10 18:29:53 [Note]: FSRAW library version 1.7.1024
07/29/10 18:49:00 [Note]: 2000 1012
07/29/10 18:49:00 [Note]: 2000 1012
07/29/10 18:49:00 [Note]: 2000 1012
07/29/10 18:51:43 [Note]: 7007 0

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 01, 2010, 12:25:07 PM

Bump.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 01, 2010, 01:31:25 PM

Go to Start > Run, type in cmd and hit OK.

Copy and paste this phrase in to the Command Prompt line:

cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt


If you have troubles pasting it, right click on the Command Prompt window and click Paste. Then, hit Enter.

Post the log that launches.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 01, 2010, 01:59:32 PM

The log that launches is blank, and the command prompt fills with error messages. Looks like this:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Timothy Donovan>cmd/c(ipconfig/all&nslookup google.com
&ping -n 2 google.com&route print)>log.txt&log.txt
*** Default servers are not available
Server:  UnKnown
Address:  127.0.0.1

*** UnKnown can't find google.com: No response from server
Ping request could not find host google.com. Please check the name and try again
.

Manipulates network routing tables.

ROUTE [-f] [-p] [command [destination]
                  [MASK netmask]  [gateway] [METRIC metric]  [IF interface]

  -f           Clears the routing tables of all gateway entries.  If this is
               used in conjunction with one of the commands, the tables are
               cleared prior to running the command.
  -p           When used with the ADD command, makes a route persistent across
               boots of the system. By default, routes are not preserved
               when the system is restarted. Ignored for all other commands,
               which always affect the appropriate persistent routes. This
               option is not supported in Windows 95.
  command      One of these:
                 PRINT     Prints  a route
                 ADD       Adds    a route
                 DELETE    Deletes a route
                 CHANGE    Modifies an existing route
  destination  Specifies the host.
  MASK         Specifies that the next parameter is the 'netmask' value.
  netmask      Specifies a subnet mask value for this route entry.
               If not specified, it defaults to 255.255.255.255.
  gateway      Specifies gateway.
  interface    the interface number for the specified route.
  METRIC       specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only
matching destination routes are printed. The '*' matches any string,
and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.
Diagnostic Notes:
    Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
    Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
             The route addition failed: The specified mask parameter is invalid.
 (Destination & Mask) != Destination.

Examples:

    > route PRINT
    > route ADD 157.0.0.0 MASK 255.0.0.0  157.55.80.1 METRIC 3 IF 2
             destination^      ^mask      ^gateway     metric^    ^
                                                         Interface^
      If IF is not given, it tries to find the best interface for a given
      gateway.
    > route PRINT
    > route PRINT 157*          .... Only prints those matching 157*
    > route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2

      CHANGE is used to modify gateway and/or metric only.
    > route PRINT
    > route DELETE 157.0.0.0
    > route PRINT

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 01, 2010, 02:01:28 PM

It was a syntax error on your end:

cmd/c(ipc....

make sure there is a space between the /c and the first parentheses (ipconfig....

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 01, 2010, 02:05:07 PM

Still a blank log, more errors.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Timothy Donovan>cmd /c(ipconfig/all&nslookup google.co
m&ping -n 2 google.com&route print)>log.txt&log.txt
*** Default servers are not available
Server:  UnKnown
Address:  127.0.0.1

*** UnKnown can't find google.com: No response from server
Ping request could not find host google.com. Please check the name and try again
.

Manipulates network routing tables.

ROUTE [-f] [-p] [command [destination]
                  [MASK netmask]  [gateway] [METRIC metric]  [IF interface]

  -f           Clears the routing tables of all gateway entries.  If this is
               used in conjunction with one of the commands, the tables are
               cleared prior to running the command.
  -p           When used with the ADD command, makes a route persistent across
               boots of the system. By default, routes are not preserved
               when the system is restarted. Ignored for all other commands,
               which always affect the appropriate persistent routes. This
               option is not supported in Windows 95.
  command      One of these:
                 PRINT     Prints  a route
                 ADD       Adds    a route
                 DELETE    Deletes a route
                 CHANGE    Modifies an existing route
  destination  Specifies the host.
  MASK         Specifies that the next parameter is the 'netmask' value.
  netmask      Specifies a subnet mask value for this route entry.
               If not specified, it defaults to 255.255.255.255.
  gateway      Specifies gateway.
  interface    the interface number for the specified route.
  METRIC       specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only
matching destination routes are printed. The '*' matches any string,
and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.
Diagnostic Notes:
    Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
    Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
             The route addition failed: The specified mask parameter is invalid.
 (Destination & Mask) != Destination.

Examples:

    > route PRINT
    > route ADD 157.0.0.0 MASK 255.0.0.0  157.55.80.1 METRIC 3 IF 2
             destination^      ^mask      ^gateway     metric^    ^
                                                         Interface^
      If IF is not given, it tries to find the best interface for a given
      gateway.
    > route PRINT
    > route PRINT 157*          .... Only prints those matching 157*
    > route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2

      CHANGE is used to modify gateway and/or metric only.
    > route PRINT
    > route DELETE 157.0.0.0
    > route PRINT

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 02, 2010, 03:26:14 PM

There was still not a space between those two characters:

cmd /c(ipconfig/all&nslookup google.co
m&ping -n 2 google.com&route print)>log.txt&log.txt

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 02, 2010, 04:30:53 PM

Alright, tried again, same error, same blank log. And that's copying and pasting the script from your post into notepad, saved on my flash drive, then into the prompt on the infected machine.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 02, 2010, 09:06:40 PM

(http://i266.photobucket.com/albums/ii277/sUBs_/combofix/SRENG.gif)

Please download this tool > System Repair Engineer (http://www.download.com/System-Repair-Engineer-SREng-/3000-2094_4-10707167.html)

• Extract it to it's own folder & double click SREng.exe to run it
  
• Select 'Smart Scan' & tick "Verify Digital Signatures"
  
• Click on the [Scan] button
  
• When finished, click on the [Save Reports] button & save the log to Desktop
  
• Attach the log in your next reply. Dont post it

Note: You may have to rename SREngLog.log to SREngLog.txt before attaching[/list]

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 03, 2010, 11:35:57 AM

Alright here's the log.

[recovering disk space - old attachment deleted by admin]

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 04, 2010, 01:00:53 PM

[list=1]

• Download Win32kDiag from any of the following locations and save it to your Desktop.
  
  • Download Win32kDiag (Win32kDiag.exe) - #1 (http://ad13.geekstogo.com/Win32kDiag.exe)
    
  • Download Win32kDiag (Win32kDiag.exe) - #2 (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe)
    
  • Download Win32kDiag (Win32kDiag.exe) - #3 (http://rootrepeal.psikotick.com/Win32kDiag.exe)
    
• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
  

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 04, 2010, 02:09:44 PM

Running from: I:\Win32kDiag.exe

Log file at : C:\Documents and Settings\Timothy Donovan\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

That's the entire log it produced.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 05, 2010, 09:27:16 PM

Please download MySystem-Search from here: Download mirror (http://www.drivehq.com/file/df.aspx/publish/GPuser/DragonMasterJay/mss.exe)

• Save the file to your Desktop.
• Double-click on mss.exe
• Allow it to run, and follow the prompts.
• Once done, it will launch a log.
• Post it in your next reply.

Note: the logs are long. Please use more than one post, if necessary.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 05, 2010, 10:11:06 PM

MySystem-Search
 
 
MSS v1.7
 
 
Basic System Information
 
Username: Timothy Donovan - Date: 08/06/2010 - Time:  2:19:27

Microsoft Windows XP [Version 5.1.2600]
Processor type: x86 Family 15 Model 4 Stepping 4, GenuineIntel
Total processors: 2
Computer Name: HOMECOMPUTER
Logon Server: \\HOMECOMPUTER
 
 
CD Emulation Drivers running?
 
 
 
Peer-to-Peer applications?
 
Napster found!
 
 
Security Tools Check
 
CCleaner
Malwarebytes' Anti-Malware
ComboFix
F-Secure BlackLight
GMER Stealth MBR Rootkit Detector
AVZ
Win32KDiag
Dr Web CureIt
System Repair Engineer (SRENG)
Bootkit Remover
 
 
File associations
 
.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile
 
 
Running processes
 
  PROCESS            PID  PRIO     PATH
smss.exe            1000 Normal   C:\WINDOWS\System32\smss.exe
csrss.exe           1076 Normal   C:\WINDOWS\system32\csrss.exe
winlogon.exe        1100 High     C:\WINDOWS\system32\winlogon.exe
services.exe        1148 Normal   C:\WINDOWS\system32\services.exe
lsass.exe           1160 Normal   C:\WINDOWS\system32\lsass.exe
AOLacsd.exe         1560 Normal   C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
AppleMobileDeviceService.exe     1572 Normal   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
mDNSResponder.exe     1584 Normal   C:\Program Files\Bonjour\mDNSResponder.exe
CTsvcCDA.EXE        1624 Normal   C:\WINDOWS\system32\CTsvcCDA.EXE
IntuitUpdateService.exe     1672 Normal   C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
ITMRTSVC.exe        1860 Normal   C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
jqs.exe             1876 Idle     C:\Program Files\Java\jre6\bin\jqs.exe
mfevtps.exe         1904 Normal   C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
sqlservr.exe        1932 Normal   C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
nvsvc32.exe         1968 Normal   C:\WINDOWS\system32\nvsvc32.exe
sprtsvc.exe         1980 Normal   C:\Program Files\Dell Support Center\bin\sprtsvc.exe
wanmpsvc.exe        2004 Normal   C:\WINDOWS\wanmpsvc.exe
mcshield.exe        2040 Normal   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
mfefire.exe          260 Normal   C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
Explorer.EXE         428 Normal   C:\WINDOWS\Explorer.EXE
CTHELPER.EXE         952 Normal   C:\WINDOWS\CTHELPER.EXE
IntelMEM.exe         972 Normal   C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
DVDLauncher.exe      996 Normal   C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
CTDVDDET.EXE        1024 Normal   C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
VolPanel.exe        1028 Normal   C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
DLLML.exe           1036 Normal   C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
tfswctrl.exe        1068 Normal   C:\WINDOWS\system32\dla\tfswctrl.exe
issch.exe           1056 Normal   C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
DMXLauncher.exe     1228 Normal   C:\Program Files\Dell\Media Experience\DMXLauncher.exe
mm_tray.exe         1692 Normal   C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
MediaDetect.exe      984 Normal   C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
AOLSP Scheduler.exe     1848 Normal   C:\Program Files\Common Files\AOL\1144616972\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
GoogleDesktop.exe      264 Normal   C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
sprtcmd.exe          292 Normal   C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
sprtcmd.exe          364 Normal   C:\Program Files\Dell Support Center\bin\sprtcmd.exe
jusched.exe          480 Normal   C:\Program Files\Java\jre6\bin\jusched.exe
mcagent.exe          524 Normal   C:\Program Files\McAfee.com\Agent\mcagent.exe
DSAgnt.exe           460 Below Normal C:\Program Files\DellSupport\DSAgnt.exe
SSScheduler.exe      848 Normal   C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
pnagent.exe          208 Normal   C:\Program Files\Citrix\ICA Client\pnagent.exe
mss.exe             3052 Normal   I:\mss.exe
cmd.exe             3076 Normal   C:\WINDOWS\system32\cmd.exe
pv.exe              3112 Normal   I:\pv.exe
 
 
User Profile check
 
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings
    DefaultUserProfile   REG_SZ   Default User
    AllUsersProfile   REG_SZ   All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    Flags   REG_DWORD   0xc
    State   REG_DWORD   0x0
    RefCount   REG_DWORD   0x1
    Sid   REG_BINARY   010100000000000512000000
    ProfileImagePath   REG_EXPAND_SZ   %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\LocalService
    Sid   REG_BINARY   010100000000000513000000
    Flags   REG_DWORD   0x9
    State   REG_DWORD   0x0
    CentralProfile   REG_SZ   
    ProfileLoadTimeLow   REG_DWORD   0x944018ec
    ProfileLoadTimeHigh   REG_DWORD   0x1cb352e
    RefCount   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\NetworkService
    Sid   REG_BINARY   010100000000000514000000
    Flags   REG_DWORD   0x9
    State   REG_DWORD   0x0
    CentralProfile   REG_SZ   
    ProfileLoadTimeLow   REG_DWORD   0x4f5a63d0
    ProfileLoadTimeHigh   REG_DWORD   0x1cb352f
    RefCount   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2213691641-1270660180-3033463972-1007
    ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Paul Donovan
    Sid   REG_BINARY   010500000000000515000000F940F28354BCBC4 BA4FCCEB4EF030000
    Flags   REG_DWORD   0x0
    State   REG_DWORD   0x100
    CentralProfile   REG_SZ   
    ProfileLoadTimeLow   REG_DWORD   0x7bc0e980
    ProfileLoadTimeHigh   REG_DWORD   0x1cb1941
    RefCount   REG_DWORD   0x0
    RunLogonScriptSync   REG_DWORD   0x0
    OptimizedLogonStatus   REG_DWORD   0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2213691641-1270660180-3033463972-1008
    ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Susan Donovan
    Sid   REG_BINARY   010500000000000515000000F940F28354BCBC4 BA4FCCEB4F0030000
    Flags   REG_DWORD   0x0
    State   REG_DWORD   0x100
    CentralProfile   REG_SZ   
    ProfileLoadTimeLow   REG_DWORD   0x3665f8ea
    ProfileLoadTimeHigh   REG_DWORD   0x1cb0fb3
    RefCount   REG_DWORD   0x0
    RunLogonScriptSync   REG_DWORD   0x0
    OptimizedLogonStatus   REG_DWORD   0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2213691641-1270660180-3033463972-1009
    ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Kendra Donovan
    Sid   REG_BINARY   010500000000000515000000F940F28354BCBC4 BA4FCCEB4F1030000
    Flags   REG_DWORD   0x0
    State   REG_DWORD   0x100
    CentralProfile   REG_SZ   
    ProfileLoadTimeLow   REG_DWORD   0x34423b66
    ProfileLoadTimeHigh   REG_DWORD   0x1cac2bd
    RefCount   REG_DWORD   0x0
    RunLogonScriptSync   REG_DWORD   0x0
    OptimizedLogonStatus   REG_DWORD   0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2213691641-1270660180-3033463972-1010
    ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Timothy Donovan
    Sid   REG_BINARY   010500000000000515000000F940F28354BCBC4 BA4FCCEB4F2030000
    Flags   REG_DWORD   0x0
    State   REG_DWORD   0x100
    CentralProfile   REG_SZ   
    ProfileLoadTimeLow   REG_DWORD   0x9f790a8e
    ProfileLoadTimeHigh   REG_DWORD   0x1cb352e
    RefCount   REG_DWORD   0x1
    RunLogonScriptSync   REG_DWORD   0x0
    OptimizedLogonStatus   REG_DWORD   0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2213691641-1270660180-3033463972-1011
    ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Stefani Donovan
    Sid   REG_BINARY   010500000000000515000000F940F28354BCBC4 BA4FCCEB4F3030000
    Flags   REG_DWORD   0x0
    State   REG_DWORD   0x100
    CentralProfile   REG_SZ   
    ProfileLoadTimeLow   REG_DWORD   0xf2e5c196
    ProfileLoadTimeHigh   REG_DWORD   0x1cae720
    RefCount   REG_DWORD   0x0
    RunLogonScriptSync   REG_DWORD   0x0
    OptimizedLogonStatus   REG_DWORD   0xb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2213691641-1270660180-3033463972-500
    ProfileImagePath   REG_EXPAND_SZ   %SystemDrive%\Documents and Settings\Administrator
    Sid   REG_BINARY   010500000000000515000000F940F28354BCBC4 BA4FCCEB4F4010000
    Flags   REG_DWORD   0x0
    State   REG_DWORD   0x100
    CentralProfile   REG_SZ   
    ProfileLoadTimeLow   REG_DWORD   0x2869acb8
    ProfileLoadTimeHigh   REG_DWORD   0x1cb1e05
    RefCount   REG_DWORD   0x0
    RunLogonScriptSync   REG_DWORD   0x0
    OptimizedLogonStatus   REG_DWORD   0xb
 
 
Current Scheduled Tasks
 
PATH: C:\Windows\Tasks
 
AppleSoftwareUpdate.job
Disk Cleanup.job
Google Software Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
Norton Security Scan for Timothy Donovan.job
desktop.ini
MP Scheduled Scan.job
SA.DAT
 
 
Windows Drivers and NT-Services
 
 Volume in drive C has no label.
 Volume Serial Number is 1049-3C69

 Directory of C:\Windows\System32\Drivers

 Volume in drive C has no label.
 Volume Serial Number is 1049-3C69

 Directory of C:\Windows\System32\Drivers

11/02/2000  01:10 AM           164,180 windrvr.sys
08/17/2001  02:12 PM           117,760 e100b325.sys
08/17/2001  02:47 PM            23,808 Dot4usb.sys
08/17/2001  02:47 PM             8,704 Dot4scan.sys
08/17/2001  02:47 PM            12,928 Dot4Prt.sys
08/17/2001  02:48 PM            12,160 mouhid.sys
08/17/2001  03:46 PM             6,400 enum1394.sys
08/17/2001  03:51 PM             3,328 pciide.sys
08/17/2001  03:51 PM             6,656 cmdide.sys
08/17/2001  03:51 PM             4,992 toside.sys
08/17/2001  03:51 PM             5,248 aliide.sys
08/17/2001  03:51 PM            14,848 asc3550.sys
08/17/2001  03:52 PM            23,552 ABP480N5.SYS
08/17/2001  03:52 PM            26,496 asc.sys
08/17/2001  03:52 PM            12,800 aha154x.sys
08/17/2001  03:52 PM            22,400 asc3350p.sys
08/17/2001  03:52 PM            12,032 amsint.sys
08/17/2001  03:52 PM             7,680 cd20xrnt.sys
08/17/2001  03:52 PM            14,976 cpqarray.sys
08/17/2001  03:52 PM            16,000 ini910u.sys
08/17/2001  03:52 PM            13,952 cbidf2k.sys
08/17/2001  03:52 PM            17,280 mraid35x.sys
08/17/2001  03:52 PM            14,720 dac960nt.sys
08/17/2001  03:52 PM           179,584 dac2w2k.sys
08/17/2001  03:52 PM            33,152 ql10wnt.sys
08/17/2001  03:52 PM            40,448 ql1240.sys
08/17/2001  03:52 PM            49,024 ql1280.sys
08/17/2001  03:52 PM            40,320 ql1080.sys
08/17/2001  03:52 PM            45,312 ql12160.sys
08/17/2001  03:52 PM            36,736 ultra.sys
08/17/2001  03:52 PM           125,056 ftdisk.sys
08/17/2001  03:57 PM            16,128 MODEMCSA.sys
08/17/2001  03:59 PM             3,072 audstub.sys
08/17/2001  04:07 PM           101,888 adpu160m.sys
08/17/2001  04:07 PM            16,256 symc810.sys
08/17/2001  04:07 PM            55,168 aic78u2.sys
08/17/2001  04:07 PM            32,640 symc8xx.sys
08/17/2001  04:07 PM            56,960 aic78xx.sys
08/17/2001  04:07 PM            27,296 perc2.sys
08/17/2001  04:07 PM            28,384 sym_hi.sys
08/17/2001  04:07 PM             5,504 perc2hib.sys
08/17/2001  04:07 PM            30,688 sym_u3.sys
08/17/2001  04:07 PM            25,952 hpn.sys
08/17/2001  04:07 PM            20,192 dpti2o.sys
08/17/2001  04:07 PM            19,072 sparrow.sys
05/24/2002  02:33 AM            16,016 hpoipr07.sys
12/30/2002  06:53 PM            12,160 CTGAME.SYS
01/10/2003  05:13 PM            33,588 wanatw4.sys
03/06/2004  06:13 AM            37,048 mohfilt.sys
03/06/2004  06:14 AM         1,233,525 IntelC51.sys
03/06/2004  06:15 AM           647,929 IntelC52.sys
06/16/2004  05:52 AM            61,157 IntelC53.sys
07/14/2004  01:28 PM            23,545 ssrtln.sys
07/14/2004  01:29 PM             5,627 sscdbhk5.sys
07/17/2004  11:35 AM            67,866 netwlan5.img
07/17/2004  11:36 AM            64,352 ativmc20.cod
07/17/2004  10:55 PM           129,045 cxthsfs2.cty
08/03/2004  10:29 PM           701,440 ati2mtag.sys
08/03/2004  10:29 PM            57,856 atinbtxx.sys
08/03/2004  10:29 PM           327,040 ati2mtaa.sys
08/03/2004  10:29 PM            52,224 atinraxx.sys
08/03/2004  10:29 PM            14,336 atinpdxx.sys
08/03/2004  10:29 PM            13,824 atinmdxx.sys
08/03/2004  10:29 PM            56,623 ati1btxx.sys
08/03/2004  10:29 PM            12,047 ati1pdxx.sys
08/03/2004  10:29 PM            11,615 ati1mdxx.sys
08/03/2004  10:29 PM            13,824 atinttxx.sys
08/03/2004  10:29 PM            30,671 ati1raxx.sys
08/03/2004  10:29 PM           104,960 atinrvxx.sys
08/03/2004  10:29 PM            63,663 ati1rvxx.sys
08/03/2004  10:29 PM            36,463 ati1tuxx.sys
08/03/2004  10:29 PM            29,455 ati1xbxx.sys
08/03/2004  10:29 PM            63,488 atinxsxx.sys
08/03/2004  10:29 PM            31,744 atinxbxx.sys
08/03/2004  10:29 PM            26,367 ati1snxx.sys
08/03/2004  10:29 PM            28,672 atinsnxx.sys
08/03/2004  10:29 PM            21,343 ati1ttxx.sys
08/03/2004  10:29 PM            34,735 ati1xsxx.sys
08/03/2004  10:29 PM            73,216 atintuxx.sys
08/03/2004  10:29 PM           452,736 mtxparhm.sys
08/03/2004  10:29 PM            11,807 wadv07nt.sys
08/03/2004  10:29 PM            11,295 wadv08nt.sys
08/03/2004  10:29 PM            11,935 wadv11nt.sys
08/03/2004  10:29 PM            11,871 wadv09nt.sys
08/03/2004  10:29 PM            22,271 watv06nt.sys
08/03/2004  10:29 PM            25,471 watv10nt.sys
08/03/2004  10:29 PM           166,912 s3gnbm.sys
08/03/2004  10:41 PM         1,309,184 mtlstrm.sys
08/03/2004  10:41 PM           126,686 mtlmnt5.sys
08/03/2004  10:41 PM            13,776 recagent.sys
08/03/2004  10:41 PM           180,360 ntmtlfax.sys
08/03/2004  10:41 PM           129,535 slnt7554.sys
08/03/2004  10:41 PM           404,990 slntamr.sys
08/03/2004  10:41 PM            95,424 slnthal.sys
08/03/2004  10:41 PM            13,240 slwdmsup.sys
08/03/2004  10:41 PM           220,032 hsfbs2s2.sys
08/03/2004  10:41 PM           685,056 hsfcxts2.sys
08/03/2004  10:41 PM            11,868 mdmxsdk.sys
08/03/2004  10:41 PM         1,041,536 hsfdpsp2.sys
08/04/2004  07:00 AM            14,592 smclib.sys
08/04/2004  07:00 AM             4,224 mnmdd.sys
08/04/2004  07:00 AM           352,256 atmuni.sys
08/04/2004  07:00 AM            31,360 atmepvc.sys
08/04/2004  07:00 AM            11,776 cpqdap01.sys
08/04/2004  07:00 AM             4,736 usbd.sys
08/04/2004  07:00 AM           262,528 cinemst2.sys
08/04/2004  07:00 AM            17,792 ptilink.sys
08/04/2004  07:00 AM             6,784 parvdm.sys
08/04/2004  07:00 AM             3,456 oprghdlr.sys
08/04/2004  07:00 AM            55,936 nwlnkspx.sys
08/04/2004  07:00 AM             5,888 dmload.sys
08/04/2004  07:00 AM            63,232 nwlnknb.sys
08/04/2004  07:00 AM            32,512 nwlnkfwd.sys
08/04/2004  07:00 AM            21,376 tsbvcap.sys
08/04/2004  07:00 AM            18,688 cdaudio.sys
08/04/2004  07:00 AM            51,712 tosdvd.sys
08/04/2004  07:00 AM             4,352 wmilib.sys
08/04/2004  07:00 AM            12,416 nwlnkflt.sys
08/04/2004  07:00 AM             7,680 mcd.sys
08/04/2004  07:00 AM             8,832 rasacd.sys
08/04/2004  07:00 AM            16,512 raspti.sys
08/04/2004  07:00 AM            10,496 dxapi.sys
08/04/2004  07:00 AM            34,432 rawwan.sys
08/04/2004  07:00 AM             3,328 dxgthk.sys
08/04/2004  07:00 AM            11,648 acpiec.sys
08/04/2004  07:00 AM             4,224 rdpcdd.sys
08/04/2004  07:00 AM            12,032 rio8drv.sys
08/04/2004  07:00 AM            12,032 ws2ifsl.sys
08/04/2004  07:00 AM             4,224 beep.sys
08/04/2004  07:00 AM            12,032 riodrv.sys
08/04/2004  07:00 AM            12,032 nikedrv.sys
08/04/2004  07:00 AM             5,888 rootmdm.sys
08/04/2004  07:00 AM               646 gmreadme.txt
08/04/2004  07:00 AM            12,160 fsvga.sys
08/04/2004  07:00 AM             7,936 fs_rec.sys
08/04/2004  07:00 AM            58,112 vdmindvd.sys
08/04/2004  07:00 AM         3,440,660 gm.dls
08/04/2004  07:00 AM             2,944 null.sys
08/04/2004  07:00 AM            32,896 ipfltdrv.sys
08/11/2004  07:02 PM    <DIR>          disdn
09/29/2004  02:02 AM            16,752 ctpdusb2.sys
11/23/2004  04:56 AM            40,480 drvnddm.sys
12/01/2004  05:22 AM            87,488 drvmcdb.sys
12/18/2004  08:32 PM            38,229 StMp3Rec.sys
07/09/2005  01:57 AM         3,198,304 nv4_mini.sys
07/14/2005  12:18 AM           340,704 ctdvda2k.sys
07/20/2005  04:59 AM            93,440 nvatabus.sys
07/20/2005  04:59 AM            76,544 nvraid.sys
07/27/2005  12:48 AM           209,920 nvsnpu.sys
07/27/2005  12:48 AM           283,136 nvnrm.sys
07/27/2005  12:48 AM           101,120 nvtcp.sys
07/27/2005  12:48 AM            33,664 NVENETFD.sys
07/27/2005  12:48 AM            12,928 nvnetbus.sys
08/08/2005  08:54 PM           501,760 ctac32k.sys
08/08/2005  08:54 PM            77,824 emupia2k.sys
08/08/2005  08:54 PM           142,848 ctsfm2k.sys
08/08/2005  08:54 PM           114,688 ctoss2k.sys
08/08/2005  08:54 PM           751,104 ha10kx2k.sys
08/08/2005  08:54 PM           178,688 haP17v2k.sys
08/08/2005  08:54 PM           153,088 haP16v2k.sys
08/08/2005  08:54 PM         1,093,632 ha20x2k.sys
08/08/2005  08:54 PM           439,424 ctaud2k.sys
08/08/2005  08:54 PM             7,168 ctprxy2k.sys
08/08/2005  09:15 PM             9,216 pfmodnt.sys
10/07/2005  07:58 PM            44,224 BVRPMPR5.SYS
12/13/2005  08:09 AM             6,552 1028_Dell_XPS_600.mrk
09/28/2006  06:55 PM            77,568 WudfPf.sys
09/28/2006  07:00 PM            82,944 WudfRd.sys
10/18/2006  03:00 AM             2,432 cdr4_xp.sys
10/18/2006  03:00 AM             2,560 cdralw2k.sys
10/18/2006  08:00 PM            38,528 wpdusb.sys
05/19/2007  11:04 PM    <DIR>          UMDF
10/11/2007  07:20 AM            24,960 atwpkt2.sys
10/11/2007  07:20 AM            33,384 atwpkt264.sys
11/13/2007  06:25 AM            20,480 secdrv.sys
04/13/2008  12:36 PM           144,384 hdaudbus.sys
04/13/2008  12:39 PM           142,592 aec.sys
04/13/2008  01:40 PM            36,352 disk.sys
04/13/2008  01:45 PM            26,368 USBSTOR.SYS
04/13/2008  02:31 PM            35,840 processr.sys
04/13/2008  02:31 PM            42,752 p3.sys
04/13/2008  02:31 PM            37,376 amdk6.sys
04/13/2008  02:31 PM            36,352 intelppm.sys
04/13/2008  02:31 PM            36,736 crusoe.sys
04/13/2008  02:31 PM            37,760 amdk7.sys
04/13/2008  02:32 PM            66,048 udfs.sys
04/13/2008  02:32 PM            19,072 msfs.sys
04/13/2008  02:32 PM            30,848 npfs.sys
04/13/2008  02:32 PM           180,608 mrxdav.sys
04/13/2008  02:32 PM           196,224 rdpdr.sys
04/13/2008  02:32 PM           129,792 fltmgr.sys
04/13/2008  02:33 PM            44,544 fips.sys
04/13/2008  02:34 PM           163,584 nwrdr.sys
04/13/2008  02:36 PM             5,888 smbali.sys
04/13/2008  02:36 PM           187,776 acpi.sys
04/13/2008  02:36 PM            42,368 agp440.sys
04/13/2008  02:36 PM            42,752 alim1541.sys
04/13/2008  02:36 PM            40,960 sisagp.sys
04/13/2008  02:36 PM            43,008 amdagp.sys
04/13/2008  02:36 PM            44,928 agpcpq.sys
04/13/2008  02:36 PM            44,672 uagp35.sys
04/13/2008  02:36 PM            42,240 viaagp.sys
04/13/2008  02:36 PM            46,464 gagp30kx.sys
04/13/2008  02:36 PM            37,248 isapnp.sys
04/13/2008  02:36 PM            63,744 mf.sys
04/13/2008  02:36 PM           120,192 pcmcia.sys
04/13/2008  02:36 PM            68,224 pci.sys
04/13/2008  02:36 PM            79,232 sdbus.sys
04/13/2008  02:36 PM            15,488 mssmbios.sys
04/13/2008  02:36 PM            73,472 sr.sys
04/13/2008  02:38 PM            71,168 dxg.sys
04/13/2008  02:39 PM            42,368 mountmgr.sys
04/13/2008  02:39 PM           206,976 dot4.sys
04/13/2008  02:39 PM           384,768 update.sys
04/13/2008  02:39 PM            24,576 kbdclass.sys
04/13/2008  02:39 PM            23,040 mouclass.sys
04/13/2008  02:39 PM            14,592 kbdhid.sys
04/13/2008  02:39 PM             5,376 mspclock.sys
04/13/2008  02:39 PM             4,992 mspqm.sys
04/13/2008  02:39 PM             7,552 mskssrv.sys
04/13/2008  02:39 PM             4,352 swenum.sys
04/13/2008  02:40 PM            80,128 parport.sys
04/13/2008  02:40 PM            15,744 serenum.sys
04/13/2008  02:40 PM            27,392 fdc.sys
04/13/2008  02:40 PM            20,480 flpydisk.sys
04/13/2008  02:40 PM            57,600 redbook.sys
04/13/2008  02:40 PM             5,504 intelide.sys
04/13/2008  02:40 PM            24,960 pciidex.sys
04/13/2008  02:40 PM            96,384 scsiport.sys
04/13/2008  02:40 PM            96,512 atapi.sys
04/13/2008  02:40 PM             5,376 viaide.sys
04/13/2008  02:40 PM            14,208 diskdump.sys
04/13/2008  02:40 PM            62,976 cdrom.sys
04/13/2008  02:40 PM            11,008 sffp_sd.sys
04/13/2008  02:40 PM            11,904 sffdisk.sys
04/13/2008  02:40 PM            10,240 sffp_mmc.sys
04/13/2008  02:40 PM            11,392 sfloppy.sys
04/13/2008  02:40 PM            19,712 partmgr.sys
04/13/2008  02:40 PM            14,976 tape.sys
04/13/2008  02:40 PM            42,112 imapi.sys
04/13/2008  02:41 PM            52,352 volsnap.sys
04/13/2008  02:41 PM             8,576 i2omgmt.sys
04/13/2008  02:41 PM            18,560 i2omp.sys
04/13/2008  02:43 PM            14,208 wacompen.sys
04/13/2008  02:43 PM            12,672 mutohpen.sys
04/13/2008  02:44 PM            81,664 videoprt.sys
04/13/2008  02:44 PM            20,992 vga.sys
04/13/2008  02:44 PM           153,344 dmio.sys
04/13/2008  02:44 PM           799,744 dmboot.sys
04/13/2008  02:45 PM            52,864 dmusic.sys
04/13/2008  02:45 PM             6,272 splitter.sys
04/13/2008  02:45 PM           172,416 kmixer.sys
04/13/2008  02:45 PM            56,576 swmidi.sys
04/13/2008  02:45 PM             2,944 drmkaud.sys
04/13/2008  02:45 PM            60,160 drmk.sys
04/13/2008  02:45 PM            49,408 stream.sys
04/13/2008  02:45 PM            24,960 hidparse.sys
04/13/2008  02:45 PM            19,200 hidir.sys
04/13/2008  02:45 PM            36,864 hidclass.sys
04/13/2008  02:45 PM            10,368 hidusb.sys
04/13/2008  02:45 PM            15,104 usbscan.sys
04/13/2008  02:45 PM            46,592 irbus.sys
04/13/2008  02:45 PM            17,152 usbohci.sys
04/13/2008  02:45 PM            20,608 usbuhci.sys
04/13/2008  02:45 PM            30,208 usbehci.sys
04/13/2008  02:45 PM           143,872 usbport.sys
04/13/2008  02:45 PM            59,520 usbhub.sys
04/13/2008  02:45 PM            32,128 usbccgp.sys
04/13/2008  02:45 PM            25,600 usbcamd.sys
04/13/2008  02:45 PM            25,728 usbcamd2.sys
04/13/2008  02:45 PM            15,872 usbintel.sys
04/13/2008  02:46 PM            25,344 sonydcam.sys
04/13/2008  02:46 PM            53,376 1394bus.sys
04/13/2008  02:46 PM            61,696 ohci1394.sys
04/13/2008  02:46 PM           121,984 usbvideo.sys
04/13/2008  02:46 PM            18,944 bthusb.sys
04/13/2008  02:46 PM            25,600 hidbth.sys
04/13/2008  02:46 PM            36,480 bthprint.sys
04/13/2008  02:46 PM            59,136 rfcomm.sys
04/13/2008  02:46 PM            17,024 bthenum.sys
04/13/2008  02:46 PM            37,888 bthmodem.sys
04/13/2008  02:51 PM            59,904 atmarpc.sys
04/13/2008  02:51 PM            60,800 arp1394.sys
04/13/2008  02:51 PM            61,824 nic1394.sys
04/13/2008  02:51 PM            55,808 atmlane.sys
04/13/2008  02:51 PM           101,120 bthpan.sys
04/13/2008  02:53 PM            40,320 nmnt.sys
04/13/2008  02:53 PM            71,552 bridge.sys
04/13/2008  02:53 PM            36,608 ip6fw.sys
04/13/2008  02:54 PM            11,264 irenum.sys
04/13/2008  02:55 PM            14,592 ndisuio.sys
04/13/2008  02:56 PM            12,288 tunmp.sys
04/13/2008  02:56 PM            34,688 netbios.sys
04/13/2008  02:56 PM            88,320 nwlnkipx.sys
04/13/2008  02:56 PM            35,072 msgpc.sys
04/13/2008  02:56 PM            69,120 psched.sys
04/13/2008  02:56 PM            30,592 rndismpx.sys
04/13/2008  02:56 PM            30,592 rndismp.sys
04/13/2008  02:56 PM            12,800 usb8023x.sys
04/13/2008  02:56 PM            12,800 usb8023.sys
04/13/2008  02:57 PM            20,864 ipinip.sys
04/13/2008  02:57 PM           152,832 ipnat.sys
04/13/2008  02:57 PM            34,560 wanarp.sys
04/13/2008  02:57 PM            14,336 asyncmac.sys
04/13/2008  02:57 PM            10,112 ndistapi.sys
04/13/2008  02:57 PM            40,576 ndproxy.sys
04/13/2008  02:57 PM            41,472 raspppoe.sys
04/13/2008  03:00 PM            19,072 tdi.sys
04/13/2008  03:00 PM            30,080 modem.sys
04/13/2008  03:14 PM            63,744 cdfs.sys
04/13/2008  03:14 PM           143,744 fastfat.sys
04/13/2008  03:15 PM            64,512 serial.sys
04/13/2008  03:15 PM           574,976 ntfs.sys
04/13/2008  03:15 PM            60,800 sysaudio.sys
04/13/2008  03:16 PM            49,536 classpnp.sys
04/13/2008  03:16 PM           141,056 ks.sys
04/13/2008  03:17 PM           105,344 mup.sys
04/13/2008  03:17 PM            83,072 wdmaud.sys
04/13/2008  03:18 PM            52,480 i8042prt.sys
04/13/2008  03:19 PM           146,048 portcls.sys
04/13/2008  03:19 PM            75,264 ipsec.sys
04/13/2008  03:19 PM            51,328 rasl2tp.sys
04/13/2008  03:19 PM            48,384 raspptp.sys
04/13/2008  03:20 PM           182,656 ndis.sys
04/13/2008  03:20 PM            91,520 ndiswan.sys
04/13/2008  03:21 PM           162,816 netbt.sys
04/13/2008  03:28 PM           175,744 rdbss.sys
04/13/2008  08:11 PM             3,135 adv08nt5.dll
04/13/2008  08:11 PM             3,775 adv11nt5.dll
04/13/2008  08:11 PM             3,711 adv09nt5.dll
04/13/2008  08:11 PM             3,967 adv02nt5.dll
04/13/2008  08:11 PM             3,647 adv07nt5.dll
04/13/2008  08:11 PM             4,255 adv01nt5.dll
04/13/2008  08:11 PM             3,615 adv05nt5.dll
04/13/2008  08:11 PM            11,359 atv02nt5.dll
04/13/2008  08:11 PM            15,423 ch7xxnt5.dll
04/13/2008  08:11 PM            14,143 atv06nt5.dll
04/13/2008  08:11 PM            25,471 atv04nt5.dll
04/13/2008  08:11 PM            17,279 atv10nt5.dll
04/13/2008  08:11 PM            21,183 atv01nt5.dll
04/13/2008  08:12 PM             3,901 siint5.dll
04/13/2008  08:12 PM            11,325 vchnt5.dll
04/13/2008  08:13 PM            40,840 termdd.sys
04/13/2008  08:13 PM            12,040 tdpipe.sys
04/13/2008  08:13 PM            21,896 tdtcp.sys
04/13/2008  08:13 PM           139,656 rdpwd.sys
05/08/2008  10:02 AM           203,136 rmcast.sys
06/13/2008  07:05 AM           272,128 bthport.sys
06/20/2008  07:51 AM           361,600 tcpip.sys
08/14/2008  06:04 AM           138,496 afd.sys
08/14/2008  08:57 AM            74,720 adfs.sys
11/20/2008  03:19 PM            43,872 pxhelp20.sys
05/18/2009  03:17 PM            26,600 GEARAspiWDM.sys
06/22/2009  07:48 AM            91,776 mqac.sys
06/24/2009  07:18 AM            92,928 ksecdd.sys
07/24/2009  03:02 PM    <DIR>          NSS
10/16/2009  02:33 AM            41,472 usbaapl.sys
10/20/2009  12:20 PM           265,728 http.sys
11/04/2009  05:53 PM            34,248 mferkdk.sys
11/04/2009  05:54 PM            40,552 mfesmfk.sys
12/03/2009  05:13 PM            19,160 mbam.sys
12/03/2009  05:14 PM            38,224 mbamswissarmy.sys
12/31/2009  12:50 PM           353,792 srv.sys
01/05/2010  06:04 PM            55,456 cfwids.sys
01/05/2010  06:04 PM            83,496 mferkdet.sys
01/05/2010  06:04 PM           312,584 mfefirek.sys
01/05/2010  06:04 PM           152,320 mfeavfk.sys
01/05/2010  06:04 PM           385,536 mfehidk.sys
01/05/2010  06:04 PM            95,568 mfeapfk.sys
01/05/2010  06:04 PM            82,952 mfetdi2k.sys
01/05/2010  06:04 PM            88,480 mfendisk.sys
01/05/2010  06:04 PM             9,344 mfeclnk.sys
01/05/2010  06:04 PM            51,688 mfebopk.sys
02/11/2010  08:02 AM           226,880 tcpip6.sys
02/24/2010  09:11 AM           455,680 mrxsmb.sys
07/12/2010  12:27 PM    <DIR>          etc
07/28/2010  10:22 PM    <DIR>          .
07/28/2010  10:22 PM    <DIR>          ..
             372 File(s)     37,961,609 bytes
               6 Dir(s)  100,070,232,064 bytes free
 
 
Stealth malware?
 
 
Internet Explorer
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
    Default_Page_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
    Search Page   REG_SZ   http://go.microsoft.com/fwlink/?LinkId=54896
    Enable_Disk_Cache   REG_SZ   yes
    Cache_Percent_of_Disk   REG_BINARY   0A000000
    Delete_Temp_Files_On_Exit   REG_SZ   yes
    Local Page   REG_EXPAND_SZ   %SystemRoot%\system32\blank.htm
    Anchor_Visitation_Horizon   REG_BINARY   01000000
    Use_Async_DNS   REG_SZ   yes
    Placeholder_Width   REG_BINARY   1A000000
    Placeholder_Height   REG_BINARY   1A000000
    Start Page   REG_SZ   http://www.yahoo.com
    CompanyName   REG_SZ   Microsoft Corporation
    Custom_Key   REG_SZ   MICROSO
    Wizard_Version   REG_SZ   6.0.2600.0000
    FullScreen   REG_SZ   no
    Default_Secondary_Page_URL   REG_MULTI_SZ   \0
    Extensions Off Page   REG_SZ   about:NoAdd-ons
    Security Risk Page   REG_SZ   about:SecurityRisk
    Check_Associations   REG_SZ   yes
    Search Bar   REG_SZ   http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    User Agent   REG_SZ   Mozilla/4.0 (compatible; MSIE 6.0; Win32)
    IE5_UA_Backup_Flag   REG_SZ   5.0
    NoNetAutodial   REG_DWORD   0x0
    MigrateProxy   REG_DWORD   0x1
    EmailName   REG_SZ   IEUser@
    AutoConfigProxy   REG_SZ   wininet.dll
    MimeExclusionListForCache   REG_SZ   multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
    WarnOnPost   REG_BINARY   01000000
    UseSchannelDirectly   REG_BINARY   01000000
    EnableHttp1_1   REG_DWORD   0x1
    PrivacyAdvanced   REG_DWORD   0x0
    EnableNegotiate   REG_DWORD   0x1
    ProxyEnable   REG_DWORD   0x0
    ProxyHttp1.1   REG_DWORD   0x0
    SyncMode5   REG_DWORD   0x4
    GlobalUserOffline   REG_DWORD   0x0
    PrivDiscUiShown   REG_DWORD   0x1
    WarnOnZoneCrossing   REG_DWORD   0x1
    ProxyOverride   REG_SZ   *.local
    EnableAutodial   REG_DWORD   0x0
    WarnonBadCertRecving   REG_DWORD   0x1
    WarnOnPostRedirect   REG_DWORD   0x0
    WarnOnHTTPSToHTTPRedirect   REG_DWORD   0x1

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    NoUpdateCheck   REG_DWORD   0x1
    NoJITSetup   REG_DWORD   0x1
    Disable Script Debugger   REG_SZ   yes
    Show_ChannelBand   REG_SZ   No
    Anchor Underline   REG_SZ   yes
    Cache_Update_Frequency   REG_SZ   Once_Per_Session
    Display Inline Images   REG_SZ   yes
    Do404Search   REG_BINARY   01000000
    Local Page   REG_SZ   C:\WINDOWS\system32\blank.htm
    Save_Session_History_On_Exit   REG_SZ   no
    Show_FullURL   REG_SZ   no
    Show_StatusBar   REG_SZ   yes
    Show_ToolBar   REG_SZ   yes
    Show_URLinStatusBar   REG_SZ   yes
    Show_URLToolBar   REG_SZ   yes
    Start Page   REG_SZ   http://www.google.com/
    Use_DlgBox_Colors   REG_SZ   yes
    Search Page   REG_SZ   http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Use Search Asst   REG_SZ   no
    Use Custom Search URL   REG_BINARY   01000000
    FullScreen   REG_SZ   no
    Window_Placement   REG_BINARY   2C0000000200000003000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF580000003A0000006A0300 00C1020000
    Error Dlg Displayed On Every Error   REG_SZ   no
    Use FormSuggest   REG_SZ   no
    AddToFavoritesExpanded   REG_DWORD   0x0
    ShowedCheckBrowser   REG_SZ   Yes
    Check_Associations   REG_SZ   No
    NotifyDownloadComplete   REG_SZ   no
    CompatibilityFlags   REG_DWORD   0x9
    SearchMigrated   REG_DWORD   0x1
    RunOnceHasShown   REG_DWORD   0x1
    StatusBarWeb   REG_DWORD   0x0
    HistoryViewType   REG_BINARY   08006663030000000000
    HistoryTopNSitesView   REG_DWORD   0x14
    FormSuggest PW Ask   REG_SZ   no
    RunOnceComplete   REG_DWORD   0x1
    UseClearType   REG_SZ   yes

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
    SearchAssistant   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    CustomizeSearch   REG_SZ   http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    CustomSearch   REG_SZ   http://us.rd.yahoo.com/customize/ie/defaults/cs/ymj/*http://www.yahoo.com/ext/search/search.html

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    {CFBFAE00-17A6-11D0-99CB-00C04FD64497}   REG_SZ   
    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}   REG_SZ   

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}   REG_BINARY   00
    {DE9C389F-3316-41A7-809B-AA305ED9D922}   REG_SZ   AOL Toolbar
    {61539ecd-cc67-4437-a03c-9aaccbd14326}   REG_SZ   AIM Toolbar
    {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}   REG_SZ   McAfee SiteAdvisor
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}   REG_BINARY   00

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar Search

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...
 
 
Security Center
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
    FirstRunDisabled   REG_DWORD   0x1
    UpdatesDisableNotify   REG_DWORD   0x0
    AntiVirusOverride   REG_DWORD   0x0
    FirewallOverride   REG_DWORD   0x0
    AntiVirusDisableNotify   REG_DWORD   0x0
    FirewallDisableNotify   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    EnableFirewall   REG_DWORD   0x0
    DoNotAllowExceptions   REG_DWORD   0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    %windir%\system32\sessmgr.exe   REG_SZ   %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe   REG_SZ   C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe   REG_SZ   C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    C:\Program Files\America Online 9.0\waol.exe   REG_SZ   C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
    C:\Program Files\Common Files\AOL\Loader\aolload.exe   REG_SZ   C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    C:\Program Files\Common Files\AOL\1144616972\ee\aolsoftware.exe   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee\aolsoftware.exe:*:Enabled:AOL Services
    C:\Program Files\Common Files\AOL\1144616972\ee\aim6.exe   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee\aim6.exe:*:Enabled:AIM
    C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe   REG_SZ   C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
    C:\Program Files\Common Files\AOL\1144616972\ee\AOLOpenRide.exe   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee\AOLOpenRide.exe:*:Enabled:AOL OpenRide
    %windir%\Network Diagnostic\xpnetdiag.exe   REG_SZ   %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\AOL 9.1\waol.exe   REG_SZ   C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL
    C:\Program Files\Common Files\AOL\System Information\sinf.exe   REG_SZ   C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information
    C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe   REG_SZ   C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0
    C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe   REG_SZ   C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe   REG_SZ   C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server
    C:\Program Files\Bonjour\mDNSResponder.exe   REG_SZ   C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
    C:\Program Files\iTunes\iTunes.exe   REG_SZ   C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe   REG_SZ   C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 05, 2010, 10:16:44 PM

Uninstall List
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    AOL Connectivity Services   REG_SZ   
    DisplayName   REG_SZ   
    UninstallString   REG_SZ   C:\Program Files\TurboTax\Home & Business 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
    DisplayIcon   REG_SZ   C:\Program Files\TurboTax\Home & Business 2009\Installer\TurboTax 2009 Installer.exe
    Publisher   REG_SZ   Intuit, Inc
    URLInfoAbout   REG_SZ   www.turbotax.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3DMIDI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\989E4C3B-B2C9-4486-9A09-D5A8F953837C

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe_faf656ef605427ee2f42989c3ad31b8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AIM Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AIMTunes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Diagnostics_N

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL One-click Fix service_N

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOL Uninstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOLCoach

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AOLOCP_N

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AudioCS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AudioPlugin.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Autodesk Express Viewer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BellsouthHelpCenter4_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\C2D8F0E2-6978-4409-8351-BA8785DA11EE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CADI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyNow.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Audio Creation Mode Console

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Audio Device Selection

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Console Launcher Component

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Entertainment Mode Console

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Game Mode Console

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CREATIVE KARAOKE PLAYER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Detector

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource DVD-Audio Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Go!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource MiniDisc Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Player Skin Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Music Store Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Speaker Connection Wizard

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Volume Panel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DataPlugin.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell File Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Game Console

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics 4_5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dlatray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Realms Installer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Desktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Updater

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Grand Fantasia

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hp officejet k series 1134860852

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo Printing Software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ijjiSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Intel(R) 537EP V9x DF PCI Modem

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884267

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB885353

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB886612

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887078

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB887626

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB888656

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB889858

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB891122

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892313

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893240

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893241

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895181

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895316

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB895572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB897586

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898458

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB898549

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB900399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB902344

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB907658

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911564

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911565

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB911854

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923689

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB923723

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB928090-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929399

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB929969

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB931768-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB933566-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB937143-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB938464

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939653-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB939683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB941569

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB942615-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB944533-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB946648

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB947864-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950759-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950760

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950762

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB950974

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951066

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951072-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951376-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951698

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB951978

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952069_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB952954

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953838-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB953839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954154_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954155_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954211

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954550-v5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB954600

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955069

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955759

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB955839

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956390-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956391

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956572

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956744

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956802

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956841

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB956844

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957095

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB957097

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958215-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958644

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958690

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB958869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959426

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB959772_WM11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960225

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960714-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960803

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB960859

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961118

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961371

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961373

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB961501

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB963027-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB967715

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968389

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968537

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968816_WM9

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969059

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969897-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969898

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB969947

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970238

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970430

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB970653-v3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971486

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971557

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971633

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971657

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971737

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB971961

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972260-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB972270

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973346

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973354

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973507

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973525

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973540_WM9L

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973687

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973815

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973869

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB973904

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974112

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974318

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974392

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974455-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB974571

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975025

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975467

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975560

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975561

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB975713

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976098-v2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976325-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB976749-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977165

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977816

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB977914

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978037

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978207-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978251

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978262

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978338

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978601

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB978706

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979306

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB979683

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980182-IE7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB980232

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB981349

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M953297

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1  (1033)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 3.5 SP1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mode Switcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (3.6.3)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSNINST

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSVC9RT Redist package_N

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\On Screen Display

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PATTERSON CAD LT Update OCTOBER 2008

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PATTERSON LT Update FEBRUARY 2006

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoRecord

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picasa 3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plaxo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadialpointClientGateway_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 12.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SFBM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Recorder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snood_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster X-Fi

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster X-Fi Windows Drivers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SSC Uninstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\THX_Console

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboTax 2008

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TurboTax 2009

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vienna SoundFont Studio

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wmp11

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\X-Fi Splash

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xfire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0456ebd7-5f67-4ab6-852e-63781e3f389c}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{04f6ffea-6702-11dc-8314-0800200c9a66}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{05308C4E-7285-4066-BAE3-6B50DA6ED755}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{054EFA56-2AC1-48F4-A883-0AB89874B972}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06E3E953-0570-4DFF-A7B5-46114C390228}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{075473F5-846A-448B-BCB3-104AA1760205}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{098727E1-775A-4450-B573-3F441F1CA243}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A146245-DB79-4197-BF5D-FE1A699A2CC7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B095086-7205-4D48-90DF-DCD16613C6D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D6013AB-A0C7-41DC-973C-E93129C9A29F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F723FC1-7606-4867-866C-CE80AD292DAF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{103BCDA0-E063-46AC-8028-64E78722ABA7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{14374619-0900-4056-BA06-C87C900AF9E6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1618734A-3957-4ADD-8199-F973763109A8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E16F01-2E2D-4248-A42F-76261C147B6C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{17E96A7F-AFE3-4171-87B1-583E376319E8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21657574-BD54-48A2-9450-EB03B2C7FC29}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21C6344A-918B-4D35-ADB6-7614F97B78EA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216011FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216017FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{287ECFA4-719A-2143-A09B-D6A12DE54E40}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{29521505-F489-4822-ADFA-32C6DEE4F114}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2CCBABCB-6427-4A55-B091-49864623C43F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32903944-19A2-418C-901D-4BBAF4C55ABA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33BB4982-DC52-4886-A03B-F4C5C80BEE89}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35BDEFF1-A610-4956-A00D-15453C116395}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3881DB80-EAA2-012B-ADAE-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{38975F50-EAA2-012B-ADB4-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{38A34630-EAA2-012B-ADB6-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{39A96B90-EAA2-012B-ADF7-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C5A81D0-EAA2-012B-AE9F-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C9AE630-EAA2-012B-AEB0-000000000000}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{44267176-A318-447F-A62A-0A5FD608C34F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{46571E47-6457-4D68-A075-01BA1E62EC3F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4DBBF091-FACD-422C-B43C-786335BD5398}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51F96AEC-D902-4434-A0DC-B9692A21AE7C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{553255F3-78FD-40F1-A6F8-6882140265FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{569A9538-86EC-44C3-8EE4-C68B165F2A75}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5783F2D7-0209-0409-0000-0060B0CE6BBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63C24A08-70F3-4C8E-B9FB-9F21A903801D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{66563AD8-637B-407F-BCA7-0233A16891AB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{666CF041-77BE-414E-9A9D-0A227E9B48F8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67F0E67A-8E93-4C2C-B29D-47C48262738A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68243FF8-83CA-466B-B2B8-9F99DA5479C4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6BF90A01-FA3F-42B9-A071-7D744409967E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E179C77-7335-458D-9537-4F4EAC0181ED}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{700932B3-A964-4878-82A2-96054622A1F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{73919E2B-725C-4FAA-8473-45E063A3575F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{748F4870-8350-11D3-B0BF-080009FB4A19}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7570F1CA-016D-46AC-B586-CD74645EFB52}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76BC2442-0002-47FA-9617-43BAD82BEF4C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{77A18A93-FD9B-4069-BC9A-0D63C6E6013C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A3F0566-5E05-4919-9C98-456F6B5CF831}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83877DB1-8B77-45BC-AB43-2BAC22E093E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{84F573D3-0F71-4768-978A-D35310E3FBA6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{85D3CC30-8859-481A-9654-FD9B74310BEF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{88214092-836F-4E22-A5AC-569AC9EE6A0F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A9B8148-DDD7-448F-BD6C-358386D32354}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B026740-A400-48FF-8F6B-B37C4F61C937}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{901F8ED7-13E8-43EF-B738-2FE89B0588EB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91CA0409-6000-11D3-8CFE-0150048383C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{931AB7EA-3656-4BB7-864D-022B09E3DD67}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94D398EB-D2FD-4FD1-B8C4-592635E8A191}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9866841D-FAE6-4F1B-8FF5-7E18291F5925}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{996A2FAA-7514-4628-9D12-A8FC34A0016E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9E5A03E3-6246-4920-9630-0527D5DA9B07}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1D0D14A-B776-4907-BC00-5149F2298086}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.KB958483

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A683A2C0-821C-486F-858C-FA634DB5E864}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A91000000001}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B12665F4-4E93-4AB4-B7FC-37053B524629}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1DB1AD8-C07E-4052-81A1-D2930232BA70}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B23726CF-68BF-41A6-A4EB-72F12F87FE05}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B29AD377-CC12-490A-A480-1452337C618D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5AF6143-E738-4768-A5E6-C07C68A464A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5C3B892-0849-476C-9F46-B12F84819D57}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB4E33EC-8181-4685-96F7-8554293DEC6A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD57EA4D-026E-4F08-9B93-080E282B81FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB200003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB431780

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB946922

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB947748

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB949272

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952137

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB952677

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB953990

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB954832

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB956860

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957541

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957542

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB957543

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958129

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB958481

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}.KB974417

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C229589D-CC1A-43FF-9507-CDED3AB85325}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4124E95-5061-4776-8D5D-E3D931C778E1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C52E3EC1-048C-45E1-8D53-10B0C6509683}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB99E420-8071-48F9-9567-4A53BE7569C4}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC60A7A1-B7E4-4CBC-833B-6ED7F3859884}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E9B-C73F-422C-AD4B-A66EBE257120}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D8A544F4-AC5F-4B67-9C74-F3E976798797}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D989BCC0-757C-4FB6-893C-512DF4382656}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DAAC5938-8026-4D0C-A476-D1954917B7F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4848436-0345-47E2-B648-8B522FCDA623}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E724E806-AA77-443C-95FF-274CE620D443}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E7559288-223B-453C-9F06-340E3BE21E39}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F05A5232-CE5E-4274-AB27-44EB8105898D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E64E2E-3A60-40D8-A55D-92F6831875DA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F93C84A6-0DC6-42AF-89FA-776F7C377353}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB26A501-6BA6-459B-89AA-9736730752FB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FCD9CD52-7222-4672-94A0-A722BA702FD0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SOE-Free Realms
 
 
Adobe Products
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
    DisplayName   REG_SZ   Adobe Flash Player 10 ActiveX
    DisplayVersion   REG_SZ   10.0.42.34
    Publisher   REG_SZ   Adobe Systems Incorporated
    URLInfoAbout   REG_SZ   http://www.adobe.com/go/getflashplayer
    VersionMajor   REG_SZ   10
    VersionMinor   REG_SZ   0
    HelpLink   REG_SZ   http://www.adobe.com/go/flashplayer_support/
    URLUpdateInfo   REG_SZ   http://www.adobe.com/go/flashplayer/
    DisplayIcon   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    UninstallString   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    RequiresIESysFile   REG_SZ   4.70.0.1155
    NoModify   REG_DWORD   0x1
    NoRepair   REG_DWORD   0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin
    DisplayName   REG_SZ   Adobe Flash Player 10 Plugin
    DisplayVersion   REG_SZ   10.0.42.34
    Publisher   REG_SZ   Adobe Systems Incorporated
    URLInfoAbout   REG_SZ   http://www.adobe.com/go/getflashplayer
    DisplayIcon   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    UninstallString   REG_SZ   C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    NoModify   REG_DWORD   0x1
    NoRepair   REG_DWORD   0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
    DisplayName   REG_SZ   Adobe Shockwave Player 11.5
    UninstallString   REG_SZ   "C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
    DisplayVersion   REG_SZ   11.5.2.602
    Publisher   REG_SZ   Adobe Systems, Inc.
    URLInfoAbout   REG_SZ   http://www.adobe.com
    HelpLink   REG_SZ   http://www.adobe.com/support/shockwave
    URLUpdateInfo   REG_SZ   http://www.adobe.com/software/shockwaveplayer/index.html
    DisplayIcon   REG_SZ   C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe,0
    InstallLocation   REG_SZ   C:\WINDOWS\system32\Adobe
    VersionMajor   REG_DWORD   0xb
    VersionMinor   REG_DWORD   0x1
 
 
Autorun
 

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    DellSupport   REG_SZ   "C:\Program Files\DellSupport\DSAgnt.exe" /startup

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    NvCplDaemon   REG_SZ   RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    CTHelper   REG_SZ   CTHELPER.EXE
    CTxfiHlp   REG_SZ   CTXFIHLP.EXE
    NVRaidService   REG_SZ   C:\WINDOWS\system32\nvraidservice.exe
    IntelMeM   REG_SZ   C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    DVDLauncher   REG_SZ   "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    CTDVDDET   REG_SZ   "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    VolPanel   REG_SZ   "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    AudioDrvEmulator   REG_SZ   "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    UpdReg   REG_SZ   C:\WINDOWS\UpdReg.EXE
    dla   REG_SZ   C:\WINDOWS\system32\dla\tfswctrl.exe
    ISUSPM Startup   REG_SZ   "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    ISUSScheduler   REG_SZ   "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    DMXLauncher   REG_SZ   C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    MimBoot   REG_SZ   C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    MMTray   REG_SZ   "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    Share-to-Web Namespace Daemon   REG_SZ   C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    Corel Photo Downloader   REG_SZ   C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    BellSouthAlertManager.exe   REG_SZ   C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
    HostManager   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee\AOLSoftware.exe
    Windows Defender   REG_SZ   "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    AOLSPScheduler   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
    sscRun   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee\SSCRun.exe
    Google Desktop Search   REG_SZ   "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    HelpCenter   REG_SZ   C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe /P HelpCenter
    dscactivate   REG_SZ   "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    DellSupportCenter   REG_SZ   "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    AppleSyncNotifier   REG_SZ   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    Adobe Reader Speed Launcher   REG_SZ   "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    TkBellExe   REG_SZ   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    AdobeCS4ServiceManager   REG_SZ   "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    SunJavaUpdateSched   REG_SZ   "C:\Program Files\Java\jre6\bin\jusched.exe"
    QuickTime Task   REG_SZ   "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper   REG_SZ   "C:\Program Files\iTunes\iTunesHelper.exe"
    mcui_exe   REG_SZ   "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
 
 
Restrictions - Internet Explorer
 

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
 
 
Restrictions - REGEDIT
 

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
 
 
Restrictions - Explorer
 

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoDriveTypeAutoRun   REG_DWORD   0x143
    NoDriveAutoRun   REG_DWORD   0x3ffffff
    NoDrives   REG_DWORD   0x0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 05, 2010, 10:19:02 PM

DNS Settings
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E75456D-35F7-4B99-B69B-E82327605D31}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{20C0089B-83CD-459F-A585-60A736887628}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{484ECE02-AEBF-4B4B-91FA-EC75706C0090}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B259EDC0-B2CA-4A83-95EC-20E1BD2C4381}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA219350-B25F-4304-B0A7-CA6C15D25C3F}


Windows IP Configuration



        Host Name . . . . . . . . . . . . : HomeComputer

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : launchmodem.com

        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

        Physical Address. . . . . . . . . : 00-14-22-40-E8-B8

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 0.0.0.0

        Subnet Mask . . . . . . . . . . . : 0.0.0.0

        Default Gateway . . . . . . . . . :

        DHCP Server . . . . . . . . . . . : 192.168.2.1

        DNS Servers . . . . . . . . . . . : 192.168.1.254

 
 
AppInit DLLs
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

 
 
Shell Service Object Delay Load
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    PostBootReminder   REG_SZ   {7849596a-48ea-486e-8937-a2a3009f31a9}
    CDBurn   REG_SZ   {fbeb8a05-beee-4442-804e-409d6c4515e9}
    WebCheck   REG_SZ   {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    SysTray   REG_SZ   {35CEC8A3-2BE6-11D2-8773-92E220524153}
    WPDShServiceObj   REG_SZ   {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
 
 
 
Shell Execute Hooks
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}   REG_SZ   Microsoft AntiMalware ShellExecuteHook
    {AEB6717E-7E19-11d0-97EE-00C04FD91972}   REG_SZ   
 
 
Image File Execution Options
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
 
 
Security Providers
 
 
 
Local Security Authority
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages   REG_MULTI_SZ   msv1_0\0\0
    Bounds   REG_BINARY   0030000000200000
    Security Packages   REG_MULTI_SZ   kerberos\0msv1_0\0schannel\0wdigest\0\0
    ImpersonatePrivilegeUpgradeToolHasRun   REG_DWORD   0x1
    LsaPid   REG_DWORD   0x488
    SecureBoot   REG_DWORD   0x1
    auditbaseobjects   REG_DWORD   0x0
    crashonauditfail   REG_DWORD   0x0
    disabledomaincreds   REG_DWORD   0x0
    everyoneincludesanonymous   REG_DWORD   0x0
    fipsalgorithmpolicy   REG_DWORD   0x0
    forceguest   REG_DWORD   0x1
    fullprivilegeauditing   REG_BINARY   00
    limitblankpassworduse   REG_DWORD   0x1
    lmcompatibilitylevel   REG_DWORD   0x0
    nodefaultadminowner   REG_DWORD   0x1
    nolmhash   REG_DWORD   0x0
    restrictanonymous   REG_DWORD   0x0
    restrictanonymoussam   REG_DWORD   0x1
    Notification Packages   REG_MULTI_SZ   scecli\0\0
    enabledcom   REG_SZ   y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache
 
 
AppCert DLLs
 
 
 
App Paths
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\3DMidi.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\3DMIDI Player
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\3DMIDI Player\3DMidi.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\7zFM.exe
    <NO NAME>   REG_SZ   C:\Program Files\7-Zip\7zFM.exe
    Path   REG_SZ   C:\Program Files\7-Zip

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
    Path   REG_SZ   C:\Program Files\Adobe\Reader 9.0\Reader\
    <NO NAME>   REG_SZ   C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Aol.exe
    <NO NAME>   REG_SZ   C:\Program Files\AOL 9.1\Aol.exe
    Path   REG_SZ   C:\Program Files\AOL 9.1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\aolacsd.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\AOL\ACS\aolacsd.exe
    Path   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\aolavupd.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
    Path   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\aoldial.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\AOL\ACS\aoldial.exe
    Path   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AOLLaunch.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe
    Path   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AudioCvt.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\MediaSource\Wizard\AudioCvt\AudioCvt.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\awapi4.dll
    Path   REG_SZ   C:\Program Files\AnswerWorks 4.0 English Runtime
    <NO NAME>   REG_SZ   C:\Program Files\AnswerWorks 4.0 English Runtime\awApi4.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bckgzm.exe
    <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\bridge.exe
    <NO NAME>   REG_SZ   C:\Program Files\Adobe\Adobe Bridge CS4\bridge.exe
    Path   REG_SZ   C:\Program Files\Adobe\Adobe Bridge CS4

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\C:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\C:\Modem Performance Monitor

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\C:\Modem Performance Monitor\Modem Event Monitor

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\C:\Modem Performance Monitor\Modem Event Monitor\Release

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\C:\Modem Performance Monitor\Modem Event Monitor\Release\ModemEventMonitor.exe
    Path   REG_SZ   C:\Program Files\Intel\Modem Event Monitor
    <NO NAME>   REG_SZ   C:\Program Files\Intel\Modem Event Monitor\C:\Modem Performance Monitor\Modem Event Monitor\Release\ModemEventMonitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
    <NO NAME>   REG_SZ   C:\Program Files\CCleaner\ccleaner.exe
    Path   REG_SZ   C:\Program Files\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chkrzm.exe
    <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
    ProfilesUpgraded   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\combofix.exe
    <NO NAME>   REG_SZ   I:\ComboFix.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CONF.EXE
    <NO NAME>   REG_SZ   C:\Program Files\NetMeeting\conf.exe
    Path   REG_SZ   C:\Program Files\NetMeeting;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ConsoLC.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher;C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLC.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTAudCS.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\AudioCS
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\AudioCS\CTAudCS.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTAudSel.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Audio Device Selection
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Audio Device Selection\CTAudSel.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Ctcadi.dll
    Path   REG_SZ   C:\Program Files\Creative\ShareDLL\CADI
    <NO NAME>   REG_SZ   C:\Program Files\Creative\ShareDLL\CADI\Ctcadi.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTCDCov.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\MediaSource\Wizard\CDCover2\CTCDCov.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTCMS.exe
    Path   REG_SZ   C:\Program Files\Creative\MediaSource;C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\MediaSource\CTCMS.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTCMSGo.exe
    Path   REG_SZ   C:\Program Files\Creative\MediaSource\Go;C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTDetect.exe
    Path   REG_SZ   C:\Program Files\Creative\MediaSource\Detector;C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTDVDA.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio;C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDA.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTDVDDET.EXE
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTEPLImp.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\MediaSource\Wizard\Importplaylist\CTEPLImp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTImport.exe
    <NO NAME>   REG_SZ   C:\Program Files\Creative\MediaSource\Wizard\Import\CTImport.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTKar.exe
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Karaoke Player\CTKar.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Karaoke Player;C:\Program Files\Creative\Shared Files

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTMetAcq.EXE
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Shared Files\Music Analyzer\CTMetAcq.EXE
    Path   REG_SZ   C:\Program Files\Creative\Shared Files

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTOJBNS.dll
    Path   REG_SZ   C:\Program Files\Dell\Dell DJ Explorer
    <NO NAME>   REG_SZ   C:\Program Files\Dell\Dell DJ Explorer\CTOJBNS.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTQSWiz.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\MediaSource\Wizard\QuickStart\CTQSWiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTRegSvr.exe
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Shared Files\CTRegSvr.EXE
    Path   REG_SZ   C:\Program Files\Creative\Shared Files

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTSpkWzd.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\SpeakerWizard;C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\SpeakerWizard\CTSpkWzd.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTSUApp.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Shared Files\CTSUApp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\CTWave32.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\WaveStudio
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\WaveStudio\CTWave32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\diagnos3.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Diagnostics
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Diagnostics\diagnos3.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dialer.exe
    <NO NAME>   REG_SZ   C:\Program Files\Windows NT\dialer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DLLML.exe
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DMPw.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\X-Fi Splash
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\X-Fi Splash\DMPw.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DMX.exe
    Path   REG_SZ   C:\Program Files\Dell\Media Experience\
    <NO NAME>   REG_SZ   C:\Program Files\Dell\Media Experience\DMX.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
    Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
    <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE
    SaveURL   REG_SZ   1
    useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
    <NO NAME>   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe
    Path   REG_SZ   C:\Program Files\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HELPCTR.EXE
    <NO NAME>   REG_EXPAND_SZ   %Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpi_pdfGate.exe
    <NO NAME>   REG_SZ   C:\Program Files\Hewlett-Packard\Update\hpi_pdfGate.exe
    Path   REG_SZ   C:\Program Files\Hewlett-Packard\Update

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpi_print.exe
    <NO NAME>   REG_SZ   C:\Program Files\Hewlett-Packard\Photo Printing\hpi_print.exe
    Path   REG_SZ   C:\Program Files\Hewlett-Packard\Photo Printing

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpi_run.exe
    <NO NAME>   REG_SZ   C:\Program Files\Hewlett-Packard\Update\hpi_run.exe
    Path   REG_SZ   C:\Program Files\Hewlett-Packard\Update

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpi_upvm.exe
    <NO NAME>   REG_SZ   C:\Program Files\Hewlett-Packard\Update\bin\hpi_upvm.exe
    Path   REG_SZ   C:\Program Files\Hewlett-Packard\Update
    VM   REG_SZ   "C:\Program Files\Hewlett-Packard\Update\bin\hpi_upvm.exe" -cp .;hpi_swupd.jar;hpi_jutil.jar com.hp.photosmart.update.WizardApp
    Dir   REG_SZ   C:\Program Files\Hewlett-Packard\Update

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hrtzzm.exe
    <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hypertrm.exe
    <NO NAME>   REG_SZ   "C:\Program Files\Windows NT\hypertrm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN1.EXE
    <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
    Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ICWCONN2.EXE
    <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
    Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
    <NO NAME>   REG_SZ   C:\Program Files\Internet Explorer\IEXPLORE.EXE
    Path   REG_SZ   C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\INETWIZ.EXE
    <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\INETWIZ.EXE"
    Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
    RunAsOnNonAdminInstall   REG_DWORD   0x1
    BlockOnTSNonInstallMode   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\InstallHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ActiveUtils.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\ActiveUtils.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ActiveUtils.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BellSouthBrowser.exe
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\BellSouthBrowser.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BellSouthBrowser.exe\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BJAXSecurityManager.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\BJAXSecurityManager.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BJAXSecurityManager.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BJIPAddr.vxd
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\BJIPAddr.vxd"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\BJIPAddr.vxd\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\Browser.js
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\Browser.js"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\Browser.js\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ConnectivityWatcher.js
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\ConnectivityWatcher.js"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ConnectivityWatcher.js\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\InstallHelper.exe
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\InstallHelper.exe"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\InstallHelper.exe\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciAppsLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciAppsLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciAppsLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciAppsX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciAppsX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciAppsX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciBootStrapper.exe
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciBootStrapper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciBootStrapper.exe\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciHTTPLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciHTTPLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciHTTPLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciHTTPX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciHTTPX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciHTTPX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciLogLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciLogLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciLogLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciLogX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciLogX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciLogX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciMTLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciMTLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciMTLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciNDISLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciNDISLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciNDISLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciNetLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciNetLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciNetLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciNetX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciNetX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciNetX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSMX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciSMX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSMX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysDialLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciSysDialLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysDialLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysDialX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciSysDialX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysDialX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciSysLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysNetLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciSysNetLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysNetLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysNetX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciSysNetX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysNetX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciSysX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciSysX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciThunk16.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciThunk16.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciThunk16.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciThunk32Lib_1-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciThunk32Lib_1-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciThunk32Lib_1-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUpdateManagerX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciUpdateManagerX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUpdateManagerX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUtilsLib_4-0-0_DDR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciUtilsLib_4-0-0_DDR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUtilsLib_4-0-0_DDR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUtilsX.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\McciUtilsX.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\McciUtilsX.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MCCWrapper_DSR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\MCCWrapper_DSR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MCCWrapper_DSR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMPR3.vxd
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\MREMPR3.vxd"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMPR3.vxd\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMPR4.sys
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\MREMPR4.sys"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMPR4.sys\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMPR5.sys
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\MREMPR5.sys"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREMPR5.sys\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRENDIS3.vxd
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\MRENDIS3.vxd"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRENDIS3.vxd\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRENDIS4.sys
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\MRENDIS4.sys"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRENDIS4.sys\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRENDIS5.sys
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\MRENDIS5.sys"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MRENDIS5.sys\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREW32N5_503-1658-1_DSR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\MREW32N5_503-1658-1_DSR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\MREW32N5_503-1658-1_DSR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\msvcr71.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\msvcr71.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\msvcr71.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ReportAgent.html
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\ReportAgent.html"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ReportAgent.html\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ReportAgent.js
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\ReportAgent.js"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ReportAgent.js\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ReportAgent_Remove.html
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\ReportAgent_Remove.html"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\ReportAgent_Remove.html\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\RGWInterfaces_DSR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\RGWInterfaces_DSR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\RGWInterfaces_DSR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\RGWLib_2-1-0_DSR.dll
    Path   REG_SZ   "C:\Program Files\Common Files\Motive\RGWLib_2-1-0_DSR.dll"
    VendorNeutral   REG_SZ   "true"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\InstallHelper.exe\RGWLib_2-1-0_DSR.dll\BellSouth
    <NO NAME>   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IPHSend.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    Path   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ISIGNUP.EXE
    <NO NAME>   REG_SZ   "C:\Program Files\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
    Path   REG_SZ   C:\Program Files\Internet Explorer\Connection Wizard;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
    <NO NAME>   REG_SZ   C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
    <NO NAME>   REG_SZ   C:\Program Files\Java\jre6\bin\javaws.exe
    Path   REG_SZ   C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
    <NO NAME>   REG_SZ   C:\PROGRA~1\MALWAR~1\BOBDOC~1.EXE
    Path   REG_SZ   C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MdSwitch.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher;C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\MdSwitch.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaHub.exe
    Path   REG_SZ   C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaManager.exe
    <NO NAME>   REG_SZ   C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe
    Path   REG_SZ   C:\Program Files\Sony\Media Manager for PSP\
    Version   REG_SZ   3.0.892

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\migwiz.exe
    <NO NAME>   REG_EXPAND_SZ   %SystemRoot%\system32\usmt\migwiz.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mmjb.exe
    Path   REG_SZ   C:\Program Files\Musicmatch\Musicmatch Jukebox
    <NO NAME>   REG_SZ   C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ModeAC.dll
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\AudioCreation\ModeAC.dll
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\AudioCreation

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ModeEntm.dll
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\Entertainment\ModeEntm.dll
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\Entertainment

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ModeGame.dll
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\Game\ModeGame.dll
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\Game

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MOH.exe
    Path   REG_SZ   C:\Program Files\Modem On Hold
    <NO NAME>   REG_SZ   C:\Program Files\Modem On Hold\MOH.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
    <NO NAME>   REG_SZ   C:\Program Files\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
    <NO NAME>   REG_SZ   "C:\Program Files\Windows Media Player\mplayer2.exe"
    Path   REG_SZ   "C:\Program Files\Windows Media Player"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSCONFIG.EXE
    <NO NAME>   REG_EXPAND_SZ   %systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
    <NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\msimn.exe
    Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msinfo32.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.exe
    Path   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MSInfo

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSMSGS.EXE
    <NO NAME>   REG_SZ   C:\Program Files\Messenger\msmsgs.exe
    Path   REG_SZ   C:\Program Files\Messenger;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
    useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
    useURL   REG_SZ   1
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
    SaveURL   REG_SZ   1
    Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
    <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\MSPUB.EXE
    useURL   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mspview.exe
    Path   REG_SZ   C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\
    <NO NAME>   REG_SZ   C:\PROGRA~1\COMMON~1\MICROS~1\MODI\11.0\MSPVIEW.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MtdAcq.exe
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MyDVD.exe
    Path   REG_SZ   C:\Program Files\Sonic\MyDVD\
    <NO NAME>   REG_SZ   C:\Program Files\Sonic\MyDVD\MyDVD.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\npsoe.dll
    <NO NAME>   REG_SZ   C:\Program Files\Sony Online Entertainment

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
    Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
    <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE
    SaveURL   REG_SZ   0
    useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
    Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
    <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PanelSvc.dll
    Path   REG_SZ   C:\Program Files\Creative\Shared Files\Module Loader\OSD
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Shared Files\Module Loader\OSD\PanelSvc.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
    <NO NAME>   REG_EXPAND_SZ   %SystemRoot%\system32\mspaint.exe
    Path   REG_EXPAND_SZ   %SystemRoot%\system32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Photoshop.exe
    <NO NAME>   REG_SZ   C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
    Path   REG_SZ   C:\Program Files\Adobe\Adobe Photoshop CS4\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
    Path   REG_SZ   C:\Program Files\QuickTime\
    <NO NAME>   REG_SZ   C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pinball.exe
    <NO NAME>   REG_SZ   C:\Program Files\Windows NT\Pinball\pinball.exe
    Path   REG_SZ   C:\Program Files\Windows NT\Pinball

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerDVD.exe
    Path   REG_SZ   C:\Program Files\CyberLink\PowerDVD
    <NO NAME>   REG_SZ   C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
    Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
    <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\POWERPNT.EXE
    SaveURL   REG_SZ   1
    useURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QBLaunch.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\Intuit\QuickBooks\QBLaunch.exe
    Path   REG_SZ   C:\Program Files\Common Files\Intuit\QuickBooks

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
    <NO NAME>   REG_SZ   C:\Program Files\QuickTime\QuickTimePlayer.exe
    Path   REG_SZ   C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ReadIris.exe
    Path   REG_SZ   C:\Program Files\Hewlett-Packard\Readiris\
    <NO NAME>   REG_SZ   C:\Program Files\Hewlett-Packard\Readiris\readiris.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RealConverter.exe
    <NO NAME>   REG_SZ   c:\program files\real\realplayer\converter\RealConverter.exe
    Path   REG_SZ   c:\program files\real\realplayer\converter

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\realplay.exe
    <NO NAME>   REG_SZ   C:\Program Files\Real\RealPlayer\realplay.exe
    Path   REG_SZ   C:\Program Files\Real\RealPlayer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rnxproc.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe
    Path   REG_SZ   C:\Program Files\Common Files\Real\Update_OB\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Runes of Magic.exe
    <NO NAME>   REG_SZ   C:\Program Files\Runes of Magic\Runes of Magic.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rvsezm.exe
    <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\rvsezm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\schdpl32.exe
    Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\1033\
    <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\1033\SCHDPL32.EXE

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
    RunAsOnNonAdminInstall   REG_DWORD   0x1
    BlockOnTSNonInstallMode   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sfbm.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\SFBM
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\SFBM\sfbm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Shar2Web.exe
    Path   REG_SZ   C:\Program Files\Hewlett-Packard\HP Share-to-Web
    <NO NAME>   REG_SZ   C:\Program Files\Hewlett-Packard\HP Share-to-Web\Shar2Web.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\shvlzm.exe
    <NO NAME>   REG_SZ   C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sinf.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\AOL\System Information\sinf.exe
    Path   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SmartRec.exe
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Smart Recorder\SmartRec.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Smart Recorder;C:\Program Files\Creative\Shared Files

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\StartMS.exe
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
    UseShortName   REG_SZ   

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\THXConsole.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\THX Console
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\THX Console\THXConsole.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Vienna.exe
    Path   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Vienna;C:\Program Files\Creative\Shared Files;C:\Program Files\Creative\Shared Files\SkinData
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Vienna\Vienna.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VolPanel.exe
    Path   REG_SZ   C:\Program Files\Creative\Shared Files
    <NO NAME>   REG_SZ   C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
    <NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\wab.exe
    Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
    <NO NAME>   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express\wabmig.exe
    Path   REG_EXPAND_SZ   %ProgramFiles%\Outlook Express

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\winnt32.exe
    RunAsOnNonAdminInstall   REG_DWORD   0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinRAR.exe
    <NO NAME>   REG_SZ   C:\Program Files\WinRAR\WinRAR.exe
    Path   REG_SZ   C:\Program Files\WinRAR

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinsockFix.exe
    <NO NAME>   REG_SZ   C:\Program Files\Common Files\AOL\WinsockFix\en-US\WinsockFix.exe
    Path   REG_SZ   C:\Program Files\Common Files\AOL\1144616972\ee

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
    useURL   REG_SZ   1
    Path   REG_SZ   C:\Program Files\Microsoft Office\OFFICE11\
    <NO NAME>   REG_SZ   C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE
    SaveURL   REG_SZ   1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
    <NO NAME>   REG_SZ   C:\Program Files\Windows Media Player\wmplayer.exe
    Path   REG_SZ   C:\Program Files\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
    <NO NAME>   REG_EXPAND_SZ   "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
    <NO NAME>   REG_EXPAND_SZ   "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\xfire.exe
    <NO NAME>   REG_SZ   C:\Program Files\Xfire\Xfire.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
    <NO NAME>   REG_SZ   "c:\WINDOWS\system32\XPSViewer\XPSViewer.exe"

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 05, 2010, 10:21:44 PM

Mozilla
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
    {20a82645-c095-46ed-80e3-08825760534b}   REG_SZ   c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    {3112ca9c-de6d-4884-a869-9855de68056c}   REG_SZ   C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
    {B7082FAA-CB62-4872-9106-E42DD88EDE45}   REG_SZ   C:\Program Files\McAfee\SiteAdvisor
    {ABDE892B-13A8-4d1b-88E6-365A6E755758}   REG_SZ   C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
    [email protected]   REG_EXPAND_SZ   C:\Program Files\Java\jre6\lib\deploy\jqs\ff

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
    <NO NAME>   REG_SZ   1.9.2.3
    CurrentVersion   REG_SZ   3.6.3 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.3 (en-US)
    <NO NAME>   REG_SZ   3.6.3 (en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.3 (en-US)\Main
    Install Directory   REG_SZ   C:\Program Files\Mozilla Firefox
    PathToExe   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\3.6.3 (en-US)\Uninstall
    Description   REG_SZ   Mozilla Firefox (3.6.3)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.3
    GeckoVer   REG_SZ   1.9.2.3

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.3\bin
    PathToExe   REG_SZ   C:\Program Files\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6.3\extensions
    Components   REG_SZ   C:\Program Files\Mozilla Firefox\components
    Plugins   REG_SZ   C:\Program Files\Mozilla Firefox\plugins
 
 
Shared Task Scheduler
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    {438755C2-A8BA-11D1-B96B-00A0C90312E1}   REG_SZ   Browseui preloader
    {8C7461EF-2B13-11d2-BE35-3078302C2030}   REG_SZ   Component Categories cache daemon
 
 
SafeBoot
 
 
 
SafeBootMinimal
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
 
 
SafeBootNetwork
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
 
 
File Rename Operations - Session
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations
 
 
Known DLLs - Session
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
    advapi32   REG_SZ   advapi32.dll
    comdlg32   REG_SZ   comdlg32.dll
    DllDirectory   REG_EXPAND_SZ   %SystemRoot%\system32
    gdi32   REG_SZ   gdi32.dll
    imagehlp   REG_SZ   imagehlp.dll
    kernel32   REG_SZ   kernel32.dll
    lz32   REG_SZ   lz32.dll
    ole32   REG_SZ   ole32.dll
    oleaut32   REG_SZ   oleaut32.dll
    olecli32   REG_SZ   olecli32.dll
    olecnv32   REG_SZ   olecnv32.dll
    olesvr32   REG_SZ   olesvr32.dll
    olethk32   REG_SZ   olethk32.dll
    rpcrt4   REG_SZ   rpcrt4.dll
    shell32   REG_SZ   shell32.dll
    url   REG_SZ   url.dll
    urlmon   REG_SZ   urlmon.dll
    user32   REG_SZ   user32.dll
    version   REG_SZ   version.dll
    wininet   REG_SZ   wininet.dll
    wldap32   REG_SZ   wldap32.dll
 
 
Downloaded program files (ActiveX)
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BFFE033-BF43-11D5-A271-00A024A51325}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{406B5949-7190-4245-91A9-30A17DE16AD0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{48DD0448-9209-4F81-9F6D-D83562940134}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{983A9C21-8207-4B58-BBB8-0EBC3D7C5505}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
 
PATH: C:\windows\Downloaded Program Files
 
ChannelingPluginforReactor.dll
DiagCollectionControl.dll
dwa8W.dll
dwa8W.inf
dwusplay.dll
dwusplay.exe
IDrop.ocx
IDropENU.dll
ijjiNotify2.exe
ijjiOptimizer.exe
ijjiPCPlugin.dll
ijjiPreNotify2.exe
ijjiPreStarter2.exe
ijjiSetup1010.dll
ijjistarter2.exe
inotes6W.dll
inotes6W.inf
install.log
isusweb.dll
jinstall-6u2.inf
LegitCheckControl.inf
Microsoft XML Parser for Java.osd
MySpaceUploader.inf
MySpaceUploader.ocx
PLauncher.exe
PurpleBean.exe
SnapfishActivia1000.inf
SnapfishActivia1000.ocx
swflash.inf
unagiuninst.exe
ZIntro.ocx
 
 
Mountpoints
 

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I
 
 
Winlogon
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    AutoRestartShell   REG_DWORD   0x1
    DefaultUserName   REG_SZ   Timothy Donovan
    LegalNoticeCaption   REG_SZ   
    LegalNoticeText   REG_SZ   
    PowerdownAfterShutdown   REG_SZ   0
    ReportBootOk   REG_SZ   1
    Shell   REG_SZ   Explorer.exe
    ShutdownWithoutLogon   REG_SZ   0
    System   REG_SZ   
    Userinit   REG_SZ   C:\WINDOWS\system32\userinit.exe,
    VmApplet   REG_SZ   rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota   REG_DWORD   0xffffffff
    allocatecdroms   REG_SZ   0
    allocatedasd   REG_SZ   0
    allocatefloppies   REG_SZ   0
    cachedlogonscount   REG_SZ   10
    forceunlocklogon   REG_DWORD   0x0
    passwordexpirywarning   REG_DWORD   0xe
    scremoveoption   REG_SZ   0
    AllowMultipleTSSessions   REG_DWORD   0x1
    UIHost   REG_EXPAND_SZ   logonui.exe
    LogonType   REG_DWORD   0x1
    Background   REG_SZ   0 0 0
    DefaultPassword   REG_SZ   
    DebugServerCommand   REG_SZ   no
    SFCDisable   REG_DWORD   0x0
    WinStationsDisabled   REG_SZ   0
    HibernationPreviouslyEnabled   REG_DWORD   0x1
    ShowLogonOptions   REG_DWORD   0x0
    AltDefaultUserName   REG_SZ   Timothy Donovan
    AltDefaultDomainName   REG_SZ   HOMECOMPUTER
    DefaultDomainName   REG_SZ   HOMECOMPUTER
    ChangePasswordUseKerberos   REG_DWORD   0x1
    LegalNotice Text   REG_SZ   

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials
 
 
Windows Update
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
    LastSuccessTime   REG_SZ   2010-04-14 22:07:38
    LastError   REG_DWORD   0x0
 
 
Security Software Information
 
*Note*: Some security software does not store itself in the WMI.
 
 
 
{END OF FILE}

Longest log I've ever seen...

Nice post count by the way.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 07, 2010, 08:02:08 PM

Please download Radix (http://www.usec.at/downloads3/radix_installer.zip) rootkit detector, and save to your Desktop.

• Unzip the file by right-clicking on it and select Extract all... save to your Desktop.
• Find the radix_installer folder on your Desktop. Double-click on it.
  
• Double-click on radixgui.exe and read the agreement and click on Yes.
  
• When the program opens, make sure all the checkboxes on the left.
• Then, click the Check button. Do not click Fix Checked.
• Note: if you get a warning about deleting data from the Registry...Are you sure you want to scan...click Yes.
  
• When it appears to be done scanning, click the Save log... button at the bottom right. Pick a file name and location and click Save.
  
• Find the log, double-click on the file. Post the contents in your next reply.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:07:15 PM

Thanks to all the people who donated and ensured the continued development of this software!
If you want to donate and keep this software alive, please have a look at the About-Tab.
Thanks in advance!

USEC Radix V1, 0, 0, 12 [2010/04/19] at your service.
---- Check started at 8.8.2010 20:48:24 ----
Running on: Microsoft Windows NT 5.1 Build 2600 Service Pack 3
Number of Processors: 2, Active Processor Mask: 00000003
Processor: Intel Level 15 Revision 0404
Allocation granularity: 00010000, Page granularity: 00001000
Application space: 00010000-7FFEFFFF
Kernel Membase: 80000000
[X] Filter common false alarms.
20:48:24 - Performing check: "Hidden files":
This check can take some time depending on your harddisk size. You can interrupt it with the ESC key.

• C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Dave Matthews - Tim Reynolds\Live at..\Dave Matthews - Tim Reynolds - Grey Street.mp3
• C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Dave Matthews - Tim Reynolds\Live at..\Dave Matthews - Tim Reynolds - Jimi Thing.mp3
• C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Dave Matthews - Tim Reynolds\Live at..\Dave Matthews - Tim Reynolds - Seek Up.mp3
• C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Dave Matthews - Tim Reynolds\Live at..\Dave Matthews - Tim Reynolds - Stay or Leave.mp3
• C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Dave Matthews - Tim Reynolds\Live at..\Dave Matthews - Tim Reynolds - When The World Ends.mp3

20:55:44 - Performing check: "Alternate Data Streams":
This check can take some time depending on your harddisk size. You can interrupt it with the ESC key.

•   C:\dell\DellHelp\Thumbs.db:encryptable:$DATA
•   C:\dell\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\All Users\Documents\My Pictures\CRUISE\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\DSC06290\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\lesterspics\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Coldplay\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Dave Matthews Band\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Green Day\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Hit The Lights\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Music\Meg & Dia\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Music\No Doubt\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Music\OutKast\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Music\The Killers\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-04-11\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-04-13\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-04-14\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-04-16\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-04-19\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-04-27\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-04-30\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-05-06\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-05-07\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-05-18\Thumbs.db:encryptable:$DATA
[-] Opening stream failed: Access is denied.

•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-06-12\2006-06-13\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-06-12\2006-06-15\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-06-12\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-08-13\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-08-14\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2006-12-26\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2007-02-24\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2007-03-03\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2007-05-18\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\2007-12-14\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\chorus\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\chorus banquet\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\Dayton2006\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\goodbyedinner\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\home\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\Home4homecoming\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\johmayer\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\johnmayer\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\kendra\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\mex cruise\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\mexcruise\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\Pictures Downloaded from AOL\SavedFromMail\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\promenade06\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\stef\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\summer\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\My Pictures\zoo\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Kendra Donovan\My Documents\Project1121\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\Digital-MDM-MTX-Close_up-H\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\golf013\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\IMG_1612\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\2006-03-16\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\2006-06-27\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\2006-08-01\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\2007-01-08 Dad\House Pictures\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\2007-01-08 Dad\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\2008-03-25\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\Dental Equip\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\House2\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\Mexico Trip\2006-02-12\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\Mexico Trip\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\My Pictures\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\photo\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Paul Donovan\My Documents\Picture006\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2006-05-23\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2008-02-04\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2008-05-27\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2008-06-30\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2008-07-07\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2008-07-27\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2008-09-14\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2008-10-11\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2008-10-20\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\2008-11-01\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Stefani Donovan\My Documents\My Pictures\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\AnotherDumbBlond\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\August 2008 050\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\file000\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\IMG_1612\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\IMG_2710\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\IMG_3935\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\My Pictures\2006-09-04\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\My Pictures\Pictures Downloaded from AOL\SavedFromMail\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\My Pictures\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\My Slide Shows\My Pictures\2006-08-01\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\My Slide Shows\My Pictures\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\OfficeStress3_1\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\patriotic_left_03\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Susan Donovan\My Documents\unknown\Thumbs.db:encryptable:$DATA
[-] Error scanning file C:\Documents and Settings\System Repair Engineer 2.5 +ó---¦+˜.htm: 0x05::0x06: The system cannot find the file specified.

[-] Error scanning file C:\Documents and Settings\System Repair Engineer 2.5 ¦l--+f+˜.htm: 0x05::0x06: The system cannot find the file specified.


•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\!if.FileExists.UserOptions.ini:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Assets.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Assets_000.dat:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Assets_001.dat:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Assets_manifest.dat:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Assets_manifest.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\ChessLib.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\ClientConfig.ini:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\dpvs.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\faultlog.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\freerealms.com.pem:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControl.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControlForms.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Bitmap.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Infinity.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDF.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_D3D9.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GDI.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GL.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFont_FT2.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_DX8.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_GDI.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GKernel.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GParse.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Graphics.ini:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\lights.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\lights_0.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\lights_1.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\LoadingScreen.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\locale\en_us_data.dat:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\locale\en_us_data.dir:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\materials_0.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\materials_1.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\materials_2.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\materials_3.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\materials_export.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\materials_nolight.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcm80.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcp80.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcr80.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Miles\AudioCapture.flt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssdolby.flt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssds3d.flt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssdsp.flt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Miles\msseax.flt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssmp3.asi:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssogg.asi:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Miles\msssrs.flt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssvoice.asi:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Models.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\mss32.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\picn1020.ssm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\pipeline_0.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\pipeline_1.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\pipeline_2.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\pipeline_3.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\pipeline_export.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\pipeline_nolight.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\pipeline_shadowmap.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\rendertargets.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\rendertargets_0.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\rendertargets_deferred.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\AbilityEffectTypeSettings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\AchievementCategories.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\AchievementTrophies.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ActivityCategories.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ActivityPortalSections.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ActorCompositeEffectDefinitions.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ActorSockets.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\AnimationGroups.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\AnimationTransitionRules.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\AnimationTypes.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\AutoDetectDevIDs.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\beam_mask.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\BoneMasks.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bs_bone_bog_cemeteryAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bs_cracked_claw_cavernsAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bs_random_encounter_01Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\BugCategories.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\BugCategoryMappings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\BugSeverity.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_briarheart_castle_interior.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_briarheart_castle_interiorAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_briarheart_cavernsAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_briar_patchAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_bristlewood_gladeAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_corrupted_valeAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_dm_arenaAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_fishing_medpond.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_fishing_medpondAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_fishing_stream.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_fishing_streamAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_hedgemazeAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_hedgemaze_returnAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_hidden_valleyAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_kt_trackAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_mo_mushroomsAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_mushroom_caveAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_01Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_02Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_03Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_bristlewood_01Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_thistlerow_01Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_snarling_hedgesAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_soccerAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_spider_lairAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_tanglewood_fortAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_trail_of_betrayalAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_treeleaf_retreatAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_vale_of_thornsAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_vine_grottoAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\CharacterStatDefinitions.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\CharacterStatSetMappings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_01.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_02.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_03.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_04.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_05.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_06.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_07.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_08.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_09.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_01.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_02.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_03.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_04.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_05.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_06.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_07.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_08.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_09.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_innershadow_01.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_innershadow_02.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_innershadow_03.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ClientColorDefinitions.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ClientTimerDefinitions.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\CodeAnimationMappings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\CodeEffectVariableMappings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\CodeStringMappings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\CollectionCategories.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Console\commands.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ControllerElements.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\context_cursor_action.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\context_cursor_disabled.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_combat_target_invalid.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_combat_target_valid.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_default_purple.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_default_red.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interactcion_talk02.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interactcion_talk02_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_combat.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_combat_inactive.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_cooking.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_cooking02.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_cooking02_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_cooking_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_default_use.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_default_use_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_fight.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_fight02.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_fight02_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_fight_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_harvesting.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_harvesting_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_hidden_object.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_hidden_object_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_mining.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_mining_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_race_derby.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_race_derby_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_smelting_forging.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_smelting_forging_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_tcg.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_tcg_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_try_pet.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_try_pet_cannot.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_talk.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\grooming.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\petting_active.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\petting_inactive.cur:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\debug_font.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\EquipmentSlotDefinitions.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ErrorCodeMappings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\FabledRealms.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\FabledRealmsAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\FirstTimeEvents.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\fresnel_func.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\GameTutorialData.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\GlobalClientAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\gl_misty_mountainAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\GodBeams.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\HelpCreditsElements.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\HousingNames.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\HousingPlacementAssociations.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\HousingPlacementData.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\hp_bar_green.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\hp_bar_red.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\hsg_hum_condoAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\hsg_hum_deluxe_01Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\hsg_hum_economy_01Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Images\Images.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Images\ImageSetMappings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Images\ImageSets.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Images\ImageSetTypes.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ItemFilterOptionMap.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ItemFilterOptions.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ItemFilters.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ItemRarityDefinitions.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ItemSortTypes.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\languages.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Mannequins.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\MarketingBillboards.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\mv_den_of_secretsAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\noise.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\NotificationImages.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ObjectTerrainData.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\OcclusionZones.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\OptionElements.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\periodic.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\PetEffects.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\PetNames.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\PetTrickGesturePoints.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\PetTrickGestureSettings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\pow.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\RaceDefinitions.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ramp.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\RequirementGroups.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Requirements.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\RequirementSets.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\seaside_platform_jumpingAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sea_side_test_areaAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_ayani_interior.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_ayani_interiorAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_bandit_hideoutAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_bear_cave_combatAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_bixie_hiveAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_changeling_cavernsAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_changeling_caverns_returnAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_chef_encounterAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_cliffs_of_insanityAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_crossroads_pet_tutorialAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_dm_arenaAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_fishing_medpond.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_fishing_medpondAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_fishing_stream.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_fishing_streamAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_floren_forestAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_haunted_minesAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_haunted_mines_150Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_highroad_hijinxAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_highroad_junction_pet_tutorialAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_kt_track2Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_kt_trackAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_miner_encounterAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_mongo_combatAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_mugworts_hollowAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_racing_garageAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_02Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_clearingAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_creekAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_skullcampAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_treefortAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_robgoblin_troveAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_sheep_watchAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_soccerAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_stillwater_crossing_combatAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_stillwater_crossing_pet_tutorialAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_tavern_cellarAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_treasure_vault_freeAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_treasure_vault_premiumAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_troll_fortAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_tutorialAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_tutorial_02.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_tutorial_02Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_bat_caveAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_canyon_combatAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_deep_minesAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_dm_arenaAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_fishing_medpond.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_fishing_medpondAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_fishing_stream.map:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_fishing_streamAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_focus_test_caveAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_frostfang_cavernAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_howling_hillsAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_kt_trackAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_random_encounter_01Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_snowball_battleAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_soccerAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_yeti_caveAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\BlackSky.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_actortool.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_actortool_greenscreen.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_ayani_castle_interior.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_bandit_hideout.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_bat_cave.xml:crc:$DATA

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:10:05 PM

•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_bear_cave.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_bixie_hive.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_blackspore24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_blackspore24b.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_briarheart_castle_interior.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_briarheart_caverns.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_briarwood.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_briarwood24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_briarwood_corrupted_vale.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_briarwood_spiderLair.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_briarwood_trail_of_betrayal.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_briarwood_underwater_bbe.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_bristlewood_glade.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_buried_temple.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_changeling_caverns.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_changeling_caverns_return.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_cracked_claw_caverns.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_cray_caves.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_deep_mines.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_den_of_secrets.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_flaretest.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_frostfang_cavern.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_garage.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_haunted_mines.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_hidden_valley24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_housing_wilds.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_hunted_mine.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_indoor.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_kartcavern_bbe.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_memorial_cavern.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_merryvale24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_misty_mountain.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_mo_mushrooms.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_mushroom_cave.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_mushroom_mayhem.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_pir_caves_bbe.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_pir_seaside_bbe.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_pir_snowhill24_bbe.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_portrait.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_robgoblin_trove.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_seaside.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_seaside24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_shrouded_glade24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_snarling_hedges.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_snowhill24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_snowhill_demo.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_snowhill_underwater_bbe.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_sunset.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_sunstone_valley24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_sunstone_valley_actortool.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_sunstone_valley_noon.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_tanglewood_fort.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_tavern_cellar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_terraineditor.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_timeofdaytest.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_treasure_trove.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_treasure_trove_ent.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_treeble_dell.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_tutorial_02.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_wilds.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_wilds24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_wilds_crossroads24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_wilds_underwater.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_wilds_underwater_bbe.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_wugachug24.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\sky_yeti_cave.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\SKY\test.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\spec_func.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\spec_highlight.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ss_cray_cavesAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ss_kt_trackAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\ss_random_encounter_01Areas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\StartingZoneControllerElements.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\StartingZoneHelpCreditsElements.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\StartingZoneLoad.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\StartingZoneOptionElements.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\starting_areaAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\StringHashToValue.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\TintGroupMappings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Tints.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\TintSets.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\Track_WildsAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\UiColors.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\VehicleItemClasses.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\wc_sweetwater_climbAreas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\WelcomeTips.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Resources\WieldTypeAnimationMappings.txt:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\BeamParticle_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\BeamParticle_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\BeamParticle_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\BeamParticle_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\blit.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\blur.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\blur_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\blur_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\bubblerigid_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\bubblerigid_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\bubblerigid_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ColorKey_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ColorKey_1_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ColorKey_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\CrystalInner_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\CrystalInner_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\CrystalOuter_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\CrystalOuter_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Crystal_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Crystal_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\DebugText.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\decal.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\decal_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\DirectionalLight_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\DirectionalLight_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureenvrigid.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureenvrigidbase_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureenvrigidreflect_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureenvrigidreflect_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureenvskin.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureenvskinbase_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureenvskinreflect_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureenvskinreflect_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureRigid.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureRigid_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureRigid_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureSkin.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureskin2uv.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureSkin2UV_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualtextureskin2uv_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureSkin_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureSkin_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureSpecRigid.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureSpecRigid_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureSpecSkin.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\dualTextureSpecSkin_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\envRigid.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\envRigidBase_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\envRigidReflect_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\envRigidReflect_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\envRigid_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\fadeRigid.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\fadeRigid_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\fadeRigid_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\fadeRigid_depth_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\fadeSkin.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\fadeSkin_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\fadeSkin_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\fadeSkin_depth_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\fillalpha.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\filldepth.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Flare_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\flora.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\flora_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\flora_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Fog_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Fog_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\font.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\FontPrimitive.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\FontPrimitive_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\FontPrimitive_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\FontPrimitive_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostRigidAdd_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostRigidAdd_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostRigidAdd_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostRigidAdd_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostRigidBase_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostRigidBase_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostRigidBase_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostRigidBase_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostSkinAdd_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostSkinAdd_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostSkinAdd_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostSkinAdd_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostSkinBase_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostSkinBase_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostSkinBase_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ghostSkinBase_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\glowRigidAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\glowRigidAlphaTest_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\glowRigidAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\glowSkinAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\glowSkinAlphaTest_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\glowSkinAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\glowtintmaskskinalphatest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\glowtintmaskskinalphatest_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\highlightRigid_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\highlightRigid_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\highlightRigid_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\highlightRigid_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\highlightSkin_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\highlightSkin_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\highlightSkin_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\highlightSkin_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\LightBeam.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\LightBeamSkin_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\lightbeamskin_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\lightbeamskin_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\lightbeamskin_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\LightBeam_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\LightBeam_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\LightBeam_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\LitSpriteParticle_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\litspriteparticle_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\litspriteparticle_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\litspriteparticle_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\modelTintRigid_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\modelTintRigid_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\modelTintRigid_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\modelTintRigid_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\modelTintSkin_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\modelTintSkin_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\modelTintSkin_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\modelTintSkin_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\BeamParticle_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\BeamParticle_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\BeamParticle_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\BeamParticle_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\blit_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\blur_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\blur_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\blur_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\BubbleRigid_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\BubbleRigid_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\BubbleRigid_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ColorKey_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ColorKey_1_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ColorKey_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\CrystalInner_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\CrystalInner_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\CrystalOuter_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\CrystalOuter_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Crystal_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Crystal_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DebugText_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\decal_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\decal_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DirectionalLight_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DirectionalLight_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DualTextureEnvRigidBase_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DualTextureEnvRigidReflect_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DualTextureEnvRigidReflect_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DualTextureEnvRigid_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DualTextureEnvSkinBase_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DualTextureEnvSkinReflect_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DualTextureEnvSkinReflect_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\DualTextureEnvSkin_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureRigid_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureRigid_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureRigid_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSkin2UV_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSkin2UV_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSkin2UV_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSkin_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSkin_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSkin_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSpecRigid_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSpecRigid_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSpecSkin_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\dualTextureSpecSkin_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\envRigidBase_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\envRigidReflect_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\envRigidReflect_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\envRigid_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\envRigid_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\fadeRigid_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\fadeRigid_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\fadeRigid_depth_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\fadeRigid_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\fadeSkin_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\fadeSkin_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\fadeSkin_depth_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\fadeSkin_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\fillalpha_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\filldepth_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Flare_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\flora_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\flora_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\flora_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Fog_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Fog_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\FontPrimitive_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\FontPrimitive_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\FontPrimitive_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\FontPrimitive_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\font_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostRigidAdd_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostRigidAdd_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostRigidAdd_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostRigidAdd_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostRigidBase_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostRigidBase_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostRigidBase_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostRigidBase_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostSkinAdd_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostSkinAdd_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostSkinAdd_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostSkinAdd_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostSkinBase_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostSkinBase_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostSkinBase_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ghostSkinBase_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\glowRigidAlphaTest_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\glowRigidAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\glowRigidAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\glowSkinAlphaTest_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\glowSkinAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\glowSkinAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\glowTintMaskSkinAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\glowTintMaskSkinAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\highlightRigid_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\highlightRigid_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\highlightRigid_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\highlightRigid_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\highlightSkin_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\highlightSkin_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\highlightSkin_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\highlightSkin_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LightBeamSkin_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LightBeamSkin_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LightBeamSkin_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LightBeamSkin_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LightBeam_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LightBeam_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LightBeam_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LightBeam_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LitSpriteParticle_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LitSpriteParticle_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LitSpriteParticle_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\LitSpriteParticle_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\modelTintRigid_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\modelTintRigid_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\modelTintRigid_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\modelTintRigid_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\modelTintSkin_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\modelTintSkin_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\modelTintSkin_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\modelTintSkin_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\MyWater_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PointLight_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PointLight_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostPhotoNightVision_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostPhotoNightVision_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostPhotoNightVision_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostPhoto_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostPhoto_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostPhoto_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostViewfinderNightVision_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostViewfinderNightVision_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostViewfinderNightVision_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostViewfinder_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostViewfinder_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PostViewfinder_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Post_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Post_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\post_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\post_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Primitive2DTexture2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Primitive2DTexture_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Primitive2D_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Primitive3DTextureAlphaTest_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Primitive3DTextureAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Primitive3DTextureAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Primitive3D_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Primitive3D_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PrimitivePseudo3DTexture_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\PrimitivePseudo3DTexture_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\rigidAlphaTest_depth_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\rigidAlphaTest_depth_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\rigid_depth_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\rigid_depth_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrainfallback_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrainfallback_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_0_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_1_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_1_NoLight.fxo:crc:$DATA

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:14:23 PM

•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_1_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_2_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_3_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_4_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_4_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_5_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_5_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_depth_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\runtimeterrain_depth_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Satellite_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\shadowBlob_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ShadowFilter_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ShadowFilter_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ShadowProjector_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\ShadowProjector_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleRigidAlphaTest_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleRigidAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleRigidAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleRigid_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleRigid_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleRigid_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleSkinAlphaTest_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleSkinAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleSkinAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleSkin_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleSkin_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\simpleSkin_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\skinAlphaTest_depth_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\skinAlphaTest_depth_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\skin_depth_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\skin_depth_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\skyColorUV_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\SkyCube_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\SkyCube_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\SkyLight_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\SkyLight_3_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\SkyMask_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Sky_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Sky_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Sky_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowBumpRigid_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowBumpSkin_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowRigidAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowRigidAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowRigid_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowRigid_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowSkinAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowSkinAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowSkin_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specGlowSkin_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specRigidAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specRigidAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specRigid_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specRigid_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specSkinAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specSkinAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specSkin_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\specSkin_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\SpriteParticle_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\SpriteParticle_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\SpriteParticle_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\SpriteParticle_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_0Detail_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_0Detail_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_1Detail_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_1Detail_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_2Detail_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_2Detail_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_3Detail_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_3Detail_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_4Detail_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_4Detail_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\terrain_5Detail_def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_Audit_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Terrain_Audit_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\terrain_depth_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\terrain_depth_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\texProj_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\texProj_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskRigidAlphaTest_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskRigidAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskRigidAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskRigid_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskRigid_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskRigid_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSkinAlphaTest_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSkinAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSkinAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSkin_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSkin_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSkin_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSpecRigidAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSpecRigidAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSpecSkinAlphaTest_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\tintMaskSpecSkinAlphaTest_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Waterfall_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Waterfall_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Waterfall_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Waterfall_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Water_0_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Water_2_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Water_Def_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\NoLight\Water_NoLight.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PointLight_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PointLight_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\post.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostPhotoNightVision_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostPhotoNightVision_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostPhotoNightVision_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostPhoto_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostPhoto_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\postphoto_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostViewfinderNightVision_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostViewfinderNightVision_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostViewfinderNightVision_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostViewfinder_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PostViewfinder_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\postviewfinder_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Post_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Post_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\post_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Primitive2D.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Primitive2DTexture.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Primitive2DTexture2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Primitive3D.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Primitive3DTextureAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Primitive3DTextureAlphaTest_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Primitive3DTextureAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Primitive3D_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PrimitivePseudo3DTexture.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\PrimitivePseudo3DTexture_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\rigidAlphaTest_depth.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\rigidAlphaTest_depth_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\rigid_depth.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\rigid_depth_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrainfallback.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrainfallback_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_0_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_0_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_1.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_1_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_2_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_3_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_4.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_4_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_5.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_5_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_depth.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\runtimeterrain_depth_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Satellite_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\shadowBlob_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ShadowFilter.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ShadowFilter_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ShadowProjector.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\ShadowProjector_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simplerigid.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleRigidAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleRigidAlphaTest_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleRigidAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleRigid_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleRigid_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleSkin.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleSkinAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleSkinAlphaTest_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleSkinAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleSkin_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\simpleSkin_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\skinAlphaTest_depth.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\skinAlphaTest_depth_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\skin_depth.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\skin_depth_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Sky.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\skyColorUV.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\SkyCube.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\SkyCube_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\SkyLight_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\SkyLight_3.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\SkyMask.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Sky_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Sky_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowBumpRigid_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowBumpSkin_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowRigid.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowRigidAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowRigidAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowRigid_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowSkin.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowSkinAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowSkinAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specGlowSkin_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specRigid.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specRigidAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specRigidAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specRigid_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specSkin.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specSkinAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specSkinAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\specSkin_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\SpriteParticle.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\SpriteParticle_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\SpriteParticle_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\SpriteParticle_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_0Detail.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_0Detail_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_1Detail.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_1Detail_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_2Detail.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_2Detail_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_3Detail.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_3Detail_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_4Detail.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_4Detail_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\terrain_5Detail_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_Audit.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Terrain_Audit_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\terrain_depth.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\terrain_depth_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\texProj_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\texProj_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskRigid.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskRigidAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskRigidAlphaTest_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskRigidAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskRigid_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskRigid_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskSkin.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskSkinAlphaTest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskSkinAlphaTest_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskSkinAlphaTest_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskSkin_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintMaskSkin_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintmaskspecrigidalphatest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintmaskspecrigidalphatest_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintmaskspecskinalphatest.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\tintmaskspecskinalphatest_def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Water.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Waterfall.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Waterfall_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Waterfall_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Waterfall_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Water_0.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Water_2.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Shaders\Water_Def.fxo:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\SoundSettings.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img10686174738740390941.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img11239118799221514505.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img11800938382739456153.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img12278730803978588357.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img12360072938392351410.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img12376596858257037294.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img12628679805125557145.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img12943451485613927189.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img13323223427997786643.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img13766328815252136424.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img14046723459633718866.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img14160452938047747020.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img14610588386079834579.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img14625489061258457628.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img14660954888349478761.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img18253422182878531516.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img2274754370211153918.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img2340628722040188278.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img3073866097004910214.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img5103059604541029796.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img5679842780939498417.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img5704066143427626997.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img5741673281520619236.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img6233501638346492283.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img6411479527810038227.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img8595757470115091817.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img8745845263904083069.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\img9373720659846262646.dds:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\LoadingScreen\base\loadingscreen.gfx:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\COPYRIGHT.TXT:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\FreeRealms.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\Vera.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\VeraBd.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\VeraBI.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\VeraIt.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\VeraMoBd.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\VeraMoBI.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\VeraMoIt.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\VeraMono.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\VeraSe.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Fonts\VeraSeBd.ttf:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Button.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Button_Square.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Black.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Black_sm.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Blue.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Blue_sm.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Green.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Green_sm.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Origin_Black.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Origin_Blue.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Origin_Green.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Origin_Pink.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Origin_Purple.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Origin_Red.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Origin_White.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Origin_Yellow.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Pink.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Pink_sm.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Purple.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Purple_sm.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Red.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Red_sm.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_White.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_White_sm.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Yellow.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ChatBubble_Yellow_sm.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Chat_Minimized.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Checkbox.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Combobox.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ComboboxButton.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ComboboxFocus.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ComboFlat.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ComboFlatButton.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_DialogButton.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_DialogButton_Over.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Edit.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_EditCaret.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Edit_Border.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Edit_Border_Highlight.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Edit_Inner.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_HeaderH.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_HeaderH_Roll.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_HeaderV.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Header_HInsertIndicator.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Header_Sort.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Header_VInsertIndicator.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_InBorder.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_InBorderBottom.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_InBorderBottomMid.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_InBorderLight01.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_InBorderLight02.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_InBorderMidBottom.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_InBorderSide.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_InBorderSide1.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_InBorderSide2.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_MenuArrow.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_MenuBarRoll.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_MenuBarSelect.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_MenuBG.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_MenuIcons.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_OutBorderBottom01msk.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_OutBorderBottom_glow01.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ProgressChunkH.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ProgressChunkV.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ProgressH.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ProgressV.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Radiobutton.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ScrollButton.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ScrollH.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ScrollTrack.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ScrollV.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SeparatorH.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SeparatorV.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SizeGrip.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SizeGrip_mask.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderGripH.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderGripH_Down.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderGripH_Up.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderGripV.tga:crc:$DATA

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:16:13 PM

•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderGripV_Left.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderGripV_Right.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderTrack.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SplitPanelIconsH.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SplitPanelIconsV.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Statusbar.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TableBorder.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TableCorners.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Table_HInsertIndicator.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Table_VInsertIndicator.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TabsSelect_Bottom.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TabsSelect_Left.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TabsSelect_Right.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TabsSelect_Top.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tabs_Bottom.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tabs_Left.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tabs_Right.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tabs_Top.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar03claps.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TitlebarButtons.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_center_max.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_corners_claps.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_corners_claps1.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_corners_max.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_glow01a.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_glow01b.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_lights01.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_middle_claps.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_middle_claps_new.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TittlebarButtons.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ToolTip.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ToolTipmsk.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Bottom.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Gradient.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Lights.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Side.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_TitlebarButtons.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Titlebar_Collapsed.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Titlebar_glow01.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TreeIcons.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_White.tga:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Border.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Button.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_ComboBox.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Common.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Edit.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_FreeRealmsDemoMenuBar.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Image.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Label.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Menu.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Panel.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Progress.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Scroll.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_ScrollPanel.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Separator.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_SizeGrip.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Slider.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_SplitPanel.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Tab.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Table.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_ToolTip.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Tree.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Window.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms.thm:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\ScriptsBase.bin:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAbilitiesScreen.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAbilityDesc.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAbilityLeft.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAbilityRight.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAboutMe.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAchievementNotification.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAchievements.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndActivityCalendar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndActivityFinder.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndActivityPortal.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAtlas.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndBlendTest.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndBroker.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndBrowser.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndBugButton.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndBugSubmission.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCannedChat.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCharscreenModes.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndChatLog.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndClaimButton.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndClickGobbler.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndClickGobblerPetition.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCollectionBrowse.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCollectionDetails.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCombatFTEWindow.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCombatGroup.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndConfirm.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndConfirmationWindow.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndConsole.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCountdown.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCredits.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDebugConsole.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDemoHealthBar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDemoScore.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDerbyCrown.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDerbyResults.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDialog.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDialogNew.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipJobScreen.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipmentPane.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipModeSwitch.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipPaneLeft.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipPaneRight.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndError.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndExitButton.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFishFinder.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFishingCaughtStatusText.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFishingCombo.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFishingDistanceMeter.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFishingReel.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFishingStatusText.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFishingTensionMeter.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFishingTutorialSplat.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFlashScore.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFlashTimer.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFriendPicker.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFRProgressBar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFTEQueueIndicator.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndGameDock.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndGuildDialog.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndHousingEditButton.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndHousingEditPanel.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndHousingPreview.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndHousingSubMenu.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndImageLoader.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndInteractionPrompt.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndInventory.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndItemsPaneLeft.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndItemsPaneRight.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndJobscreenDone.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndJobscreenMode1.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndJobscreenMode2.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndJobscreenMode3.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndJobTrialExpired.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndKeyBinds.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLapCount.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLevelProgressPane.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLevelUp.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLoadingLarge.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLoadingProgress.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLobbyBottom.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLobbyLeft.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLobbyLeftSoccer.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLobbyTop.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMarketplace.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMarketplaceRentalNag.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMessage.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMessageWindow.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinChat.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinGaq.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameBackdrop.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameFlash.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameHotColdMeter.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameLevel.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameMineshop.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameOpener.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameStartScreen.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameStatusDescPane.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameStatusGroupPane.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameStatusMinimized.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameStatusObjPane.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameTasks.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameTitleBar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameTutorial.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameWattoshop.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniMap.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMusicBox.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNavigationBar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNotification.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNotificationQuests.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNotificationSm.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNpcMerchant.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndObjectives.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndOnlineHelp.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndOptions.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndOptionsPanel.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPayAttention.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetBrowser.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetDetails.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetNameBar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetPanel.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetProgressBar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetRemote.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPiratesCountdown.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPiratesPopups.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPiratesResultScreen.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPiratesShipSelection.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPiratesStandings.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPiratesTimer.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPlayerInspect.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPlayerTrade.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPortraitButton.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPowerHourButton.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuestEnd.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuestHelper.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuestScreen.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuestStart.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuickItem.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuickMatch.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceBackwards.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceBoostBar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceItemSlots.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceMiniMap.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceOrder.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRacePlaceKeeper.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow1.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow2.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow3.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow4.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow5.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow6.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow7.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow8.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow9.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceResults.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceTimer.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRadialMenu.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRespawn.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRestoreButton.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSCAvailable.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSceneText.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndScorePrototype.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndScoreScreen.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSocial.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow1.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow2.xml:crc:$DATA

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:17:23 PM

•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow3.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow4.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow5.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow6.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow7.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow8.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSChargeMeter.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSGoal.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSHalftimeBoard.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSOpponentGoal.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSPopups.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSReady.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSScores.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSSuddenDeath.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSTimer.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndStarCounter.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndStringTable.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTarget.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndToolTip.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialArrow.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialButton.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialClickGobbler.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialCtrlKey.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialDemoDerbCar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialDialog.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialMouse.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialSpaceBar.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialWasd.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndUpgradeButton.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndUpgradeDialog.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndVideoCaptureHud.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndWelcome.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndWelcomeHud.xml:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe:crc:$DATA
•   C:\Documents and Settings\Timothy Donovan\Application Data\Sony Online Entertainment\Installed Games\Free Realms\welcome.txt:crc:$DATA
[-] Error scanning file C:\Documents and Settings\Timothy Donovan\Desktop\System Repair Engineer 2.5 +ó---¦+˜.htm: 0x05::0x06: The system cannot find the file specified.

[-] Error scanning file C:\Documents and Settings\Timothy Donovan\Desktop\System Repair Engineer 2.5 ¦l--+f+˜.htm: 0x05::0x06: The system cannot find the file specified.



•   C:\Documents and Settings\Timothy Donovan\Favorites\MSN.com.url:favicon:$DATA
•   C:\Documents and Settings\Timothy Donovan\My Documents\Fiesta\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Timothy Donovan\My Documents\My Pictures\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Timothy Donovan\My Documents\My Received Files\Thumbs.db:encryptable:$DATA
•   C:\Documents and Settings\Timothy Donovan\My Documents\Thumbs.db:encryptable:$DATA
[-] Error scanning file C:\hiberfil.sys: 0x05::0x06: The process cannot access the file because it is being used by another process.

[-] Error scanning file C:\pagefile.sys: 0x05::0x06: The process cannot access the file because it is being used by another process.


•   C:\Program Files\Common Files\Services\Thumbs.db:encryptable:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Assets.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Assets_000.dat:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Assets_manifest.dat:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Assets_manifest.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\ChessLib.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\ClientConfig.ini:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\dpvs.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\BeamParticle.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\BeamParticle_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\BeamParticle_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\BeamParticle_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\blit.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\blur.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\blur_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\blur_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ColorKey_1_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ColorKey_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\CrystalInner_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\CrystalInner_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\CrystalOuter_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\CrystalOuter_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Crystal_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\DebugText.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\decal.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\DirectionalLight.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\DirectionalLight_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\DirectionalLight_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\dualTextureRigid.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\dualTextureRigid_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\dualTextureSkin.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\dualTextureSkin_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\dualTextureSpecRigid.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\dualTextureSpecRigid_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\dualTextureSpecSkin.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\dualTextureSpecSkin_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\envRigid.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\envRigidBase_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\envRigidReflect_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\envRigidReflect_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\fadeRigid.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\fadeRigid_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\fadeRigid_depth_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\fadeSkin.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\fadeSkin_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\fadeSkin_depth_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\fillalpha.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\filldepth.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Flare_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\flora.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\flora_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Fog.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Fog_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Fog_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\font.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\FontPrimitive.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\FontPrimitive_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\FontPrimitive_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ForwardLighting.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostRigidAdd_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostRigidAdd_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostRigidAdd_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostRigidBase_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostRigidBase_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostRigidBase_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostSkinAdd_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostSkinAdd_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostSkinAdd_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostSkinBase_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostSkinBase_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ghostSkinBase_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\glowRigidAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\glowRigidAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\glowSkinAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\glowSkinAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\highlightRigid_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\highlightRigid_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\highlightRigid_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\highlightSkin_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\highlightSkin_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\highlightSkin_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\LightBeam.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\LightBeam_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\LightBeam_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Lighting.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\LightShaders.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\modelTintRigid_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\modelTintRigid_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\modelTintRigid_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\modelTintSkin_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\modelTintSkin_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\modelTintSkin_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\PointLight.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\PointLight_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\PointLight_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\post.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Post.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Post_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Post_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\post_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColor.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColorUV.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColorUV_Blue.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColorUV_Blue_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColorUV_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColorUV_Green.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColorUV_Green_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColorUV_Red.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColorUV_Red_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim2DColor_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim3DColor.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\prim3DColor_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Primitive2D.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Primitive2DTexture.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Primitive2DTexture2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Primitive3D.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Primitive3DTexture.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Primitive3DTextureAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Primitive3DTextureAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Primitive3DTexture_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Primitive3D_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\PrimitivePseudo3DTexture.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\PrimitivePseudo3DTexture_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\rigidAlphaTest_depth.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\rigidAlphaTest_depth_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\RigidShaders.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\RigidSharedParameters.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\rigid_depth.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\rigid_depth_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_0.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_0_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_1.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_1_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_2_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_3_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_4.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_4_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_5.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_5_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_depth.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\runtimeterrain_depth_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Satellite_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ShaderStructs.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\shadowBlob_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ShadowFilter.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ShadowFilter_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Shadowing.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ShadowProjector.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ShadowProjector.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\ShadowProjector_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SharedCode.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SharedParameters.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\simpleRigid.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\simpleRigidAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\simpleRigidAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\simpleRigid_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\simpleSkin.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\simpleSkinAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\simpleSkinAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\simpleSkin_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\skinAlphaTest_depth.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\skinAlphaTest_depth_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SkinShaders.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\skin_depth.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\skin_depth_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Sky.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\skyColorUV.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SkyCube.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SkyCube_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SkyLight.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SkyLight_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SkyLight_3.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SkyMask.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Sky_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowBumpRigid_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowBumpSkin_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowRigid.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowRigidAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowRigidAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowRigid_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowSkin.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowSkinAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowSkinAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specGlowSkin_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specRigid.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specRigidAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specRigidAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specRigid_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specSkin.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specSkinAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specSkinAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\specSkin_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SpriteParticle.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SpriteParticleCommon.fxh:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SpriteParticle_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\SpriteParticle_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_0Detail.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_0Detail_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_1Detail.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_1Detail_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_2Detail.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_2Detail_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_3Detail.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_3Detail_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_4Detail.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_4Detail_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\terrain_5Detail_def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_Audit.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Terrain_Audit_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\terrain_depth.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\terrain_depth_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\texProj_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\texProj_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\tintMaskRigid.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\tintMaskRigidAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\tintMaskRigidAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\tintMaskRigid_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\tintMaskSkin.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\tintMaskSkinAlphaTest.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\tintMaskSkinAlphaTest_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\tintMaskSkin_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Water.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Waterfall.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Waterfall_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Waterfall_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Water_2.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\EffectFiles\Water_Def.fx:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\faultlog.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GControl.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GControlForms.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Bitmap.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Infinity.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GDraw.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GDraw_D3D9.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GDI.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GL.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GFont_FT2.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GInput.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GInput_DX8.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GInput_GDI.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GKernel.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GParse.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Graphics.ini:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\lights.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\lights_1.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\locale\en_gb_data.dat:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\locale\en_gb_data.dir:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\locale\en_us_data.dat:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\locale\en_us_data.dir:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\materials_1.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\materials_2.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\materials_3.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcm80.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcp80.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcr80.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Miles\AudioCapture.flt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssdolby.flt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssds3d.flt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssdsp.flt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Miles\msseax.flt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssmp3.asi:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssogg.asi:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Miles\msssrs.flt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Miles\mssvoice.asi:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Models.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\mss32.dll:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\picn1020.ssm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\pipeline_1.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\pipeline_2.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\pipeline_3.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\pipeline_shadowmap.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\rendertargets.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\rendertargets_deferred.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\AbilityEffectTypeSettings.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\ActorCompositeEffectDefinitions.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\ActorSockets.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\AnimationGroups.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\AnimationTransitionRules.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\AnimationTypes.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\AutoDetectDevIDs.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\beam_mask.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\BoneMasks.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bs_cracked_claw_cavernsAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bs_random_encounter_01Areas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\BugCategories.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\BugCategoryMappings.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\BugSeverity.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_briarheart_castle_interior.map:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_briarheart_castle_interiorAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_briarheart_cavernsAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_briar_patchAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_bristlewood_gladeAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_corrupted_valeAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_dm_arenaAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_hedgemazeAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_hedgemaze_returnAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_hidden_valleyAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_kt_trackAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_mo_mushroomsAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_mushroom_caveAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_01Areas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_02Areas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_03Areas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_bristlewood_01Areas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_random_encounter_thistlerow_01Areas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_snarling_hedgesAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_spider_lairAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_tanglewood_fortAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_trail_of_betrayalAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_treeleaf_retreatAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_vale_of_thornsAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\bw_vine_grottoAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\CharacterStatDefinitions.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\CharacterStatSetMappings.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_01.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_02.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_03.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_04.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_05.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_06.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_07.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_08.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_border_09.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_01.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_02.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_03.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_04.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_05.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_06.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_07.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_08.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_fill_09.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_innershadow_01.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_innershadow_02.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\chatbubble_innershadow_03.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\ClientColorDefinitions.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\CodeAnimationMappings.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\CodeEffectVariableMappings.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\CodeStringMappings.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\CollectionCategories.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Console\commands.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\context_cursor_action.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\context_cursor_disabled.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_combat_target_invalid.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_combat_target_valid.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_default_purple.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_default_red.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interactcion_talk02.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interactcion_talk02_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_combat.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_combat_inactive.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_cooking.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_cooking02.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_cooking02_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_cooking_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_default_use.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_default_use_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_fight.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_fight02.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_fight02_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_fight_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_harvesting.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_harvesting_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_hidden_object.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_hidden_object_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_mining.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_mining_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_race_derby.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_race_derby_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_smelting_forging.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_smelting_forging_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_tcg.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_tcg_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_try_pet.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_interaction_try_pet_cannot.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\cursor_talk.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\grooming.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\petting_active.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors\petting_inactive.cur:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Cursors.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\debug_font.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\EquipmentSlotDefinitions.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\ErrorCodeMappings.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\FabledRealms.map:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\FabledRealmsAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\FirstTimeEvents.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\fresnel_func.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\GameTutorialData.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\gl_misty_mountainAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\GodBeams.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\hp_bar_green.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\hp_bar_red.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Images\Images.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Images\ImageSetMappings.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Images\ImageSets.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\Images\ImageSetTypes.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\ItemRarityDefinitions.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\mv_den_of_secretsAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\noise.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\NotificationImages.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\ObjectTerrainData.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\PetEffects.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\PetNames.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\PetTrickGesturePoints.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\PetTrickGestureSettings.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\pow.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\RaceDefinitions.txt:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\ramp.dds:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_ayani_interior.map:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_ayani_interiorAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_bandit_hideoutAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_bear_cave_combatAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_bixie_hiveAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_changeling_cavernsAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_changeling_caverns_returnAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_cliffs_of_insanityAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_crossroads_pet_tutorialAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_dm_arenaAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_floren_forestAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_haunted_minesAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_haunted_mines_150Areas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_highroad_hijinxAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_highroad_junction_pet_tutorialAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_kt_trackAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_mongo_combatAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_mugworts_hollowAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_racing_garageAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_02Areas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_clearingAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_creekAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_skullcampAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_random_encounter_treefortAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_robgoblin_troveAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_sheep_watchAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_stillwater_crossing_combatAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_stillwater_crossing_pet_tutorialAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_tavern_cellarAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_treasure_vault_freeAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_treasure_vault_premiumAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_troll_fortAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_tutorialAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_tutorial_02.map:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sg_tutorial_02Areas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_bat_caveAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_canyon_combatAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_deep_minesAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_dm_arenaAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\Resources\sh_focus_test_caveAreas.xml:crc:$DATA
•   C:\Program Files\Sony Online Ente

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:19:24 PM

•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderGripV_Left.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderGripV_Right.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SliderTrack.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SplitPanelIconsH.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_SplitPanelIconsV.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Statusbar.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TableBorder.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TableCorners.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Table_HInsertIndicator.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Table_VInsertIndicator.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TabsSelect_Bottom.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TabsSelect_Left.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TabsSelect_Right.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TabsSelect_Top.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tabs_Bottom.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tabs_Left.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tabs_Right.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tabs_Top.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar03claps.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TitlebarButtons.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_center_max.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_corners_claps.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_corners_claps1.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_corners_max.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_glow01a.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_glow01b.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_lights01.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_middle_claps.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Titlebar_middle_claps_new.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TittlebarButtons.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ToolTip.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_ToolTipmsk.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Bottom.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Gradient.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Lights.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Side.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_TitlebarButtons.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Titlebar_Collapsed.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_Tool_Titlebar_glow01.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_TreeIcons.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\FreeRealms\FR_White.tga:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Border.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Button.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_ComboBox.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Common.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Edit.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_FreeRealmsDemoMenuBar.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Image.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Label.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Menu.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Panel.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Progress.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Scroll.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_ScrollPanel.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Separator.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_SizeGrip.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Slider.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_SplitPanel.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Tab.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Table.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_ToolTip.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Tree.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms\FreeRealmsTheme_Window.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\Resource\Themes\FreeRealms.thm:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\ScriptsBase.bin:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAbilityDesc.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAbilityLeft.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAbilityRight.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAboutMe.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndAtlas.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndBlendTest.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndBrowser.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndBugButton.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndBugSubmission.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCannedChat.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCharscreenModes.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndChatLog.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndClickGobbler.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCollectionBrowse.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCollectionDetails.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCombatAbilityBar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCombatGroup.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCombatItemBar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndConfirm.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndConsole.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCountdown.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndCredits.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDebugConsole.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDemoHealthBar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDemoScore.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDerbyCrown.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDerbyResults.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDialog.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndDialogNew.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipJobScreen.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipmentPane.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipModeSwitch.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipPaneLeft.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndEquipPaneRight.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndError.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFlashScore.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFlashTimer.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFRProgressBar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndFTEQueueIndicator.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndGameDock.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndGameDock2.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndInventory.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndItemsPaneLeft.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndItemsPaneRight.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndJobscreenDone.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndJobscreenMode1.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndJobscreenMode2.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndJobscreenMode3.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLapCount.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLevelProgressPane.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLevelUp.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLoadingLarge.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLoadingProgress.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLobbyBottom.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLobbyLeft.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndLobbyTop.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMarketplace.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMessage.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinChat.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinGaq.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameBackdrop.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameFlash.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameHotColdMeter.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameLevel.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameMineshop.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameOpener.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameStatusDescPane.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameStatusGroupPane.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameStatusMinimized.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMinigameStatusObjPane.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameTasks.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameTutorial.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniGameWattoshop.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMiniMap.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndMusicBox.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNavigationBar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNonCombatItemBar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNotification.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNotificationQuests.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNotificationSm.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndNpcMerchant.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndObjectives.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndOnlineHelp.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndOptions.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPayAttention.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetBrowser.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetDetails.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetPanel.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetProgressBar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPetRemote.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPlayerTrade.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndPortraitButton.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuestEnd.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuestHelper.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuestScreen.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuestStart.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndQuickItem.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceBackwards.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceBoostBar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceItemSlots.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceMiniMap.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceOrder.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRacePlaceKeeper.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow1.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow2.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow3.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow4.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow5.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow6.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow7.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow8.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceProxArrow9.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceResults.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRaceTimer.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRadialMenu.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRespawn.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndRestoreButton.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSceneText.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndScorePrototype.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndScoreScreen.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSocial.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow1.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow2.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow3.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow4.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow5.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow6.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow7.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSArrow8.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSPopups.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSScores.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndSSSTimer.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndStarCounter.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndStringTable.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTarget.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialArrow.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialButton.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialClickGobbler.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialCtrlKey.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialDemoDerbCar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialDialog.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialMouse.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialSpaceBar.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndTutorialWasd.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndUpgradeButton.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndUpgradeDialog.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndVideoCaptureHud.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\UI\UiModules\Main\wndWelcome.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\_ShipCannonSettings.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\_ShipConfig.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\_ShipPhysicsSettings.xml:crc:$DATA
•   C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\_SoccerSettings.xml:crc:$DATA
•   C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2071\A0400916.ini:crc:$DATA
•   C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2071\A0400917.dll:crc:$DATA
•   C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2071\A0400918.exe:crc:$DATA
•   C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2071\A0400919.dll:crc:$DATA
•   C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2071\A0400920.dir:crc:$DATA
•   C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2071\A0400921.exe:crc:$DATA
•   C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2071\A0400922.dll:crc:$DATA
•   C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2071\A0400923.dll:crc:$DATA
•   C:\WINDOWS\Thumbs.db:encryptable:$DATA

2296 streams found.
20:59:23 - Performing check: "Hidden Registry entries":
Found KiServiceTable @ 8055C700

Found KiServiceTable @ 8055C700

--------------------[HKEY_LOCAL_MACHINE\HARDWARE           ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_LOCAL_MACHINE\SAM                ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SAM\SAM: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_LOCAL_MACHINE\SECURITY           ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SECURITY: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_LOCAL_MACHINE\SOFTWARE           ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Remote Desktop\Pending Help Session: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_LOCAL_MACHINE\SYSTEM             ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{00822C9D-E1B1-4D00-8940-5C0DD5A5090B}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{DB28B382-9162-41C0-949B-7B00A53BCA72}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV\EncryptedDirectories: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{00822C9D-E1B1-4D00-8940-5C0DD5A5090B}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{DB28B382-9162-41C0-949B-7B00A53BCA72}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MRxDAV\EncryptedDirectories: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\.DEFAULT                   ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-21-2213691641-1270660180-3033463972-1010]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-21-2213691641-1270660180-3033463972-1010_Classes]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-18                   ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...DONE.
-------------------------------------------------------------------------------

21:17:32 - Performing check: "Hidden processes":
(01) PID: 0 [00000000] (Idle)
(53) PID: 4 [8A7BD7C0] (System)
(191) PID: 116 [87B3C590] (mcshield.exe)
(175) PID: 280 [898DF1C8] (mfefire.exe)
(191) PID: 344 [87A5F808] (explorer.exe)
(175) PID: 352 [8A64A850] (jusched.exe)
(175) PID: 404 [8A668DA0] (sprtcmd.exe)
(175) PID: 420 [87AB6B40] (sprtcmd.exe)
(175) PID: 456 [87B25588] (mcagent.exe)
(175) PID: 616 [8A6615F0] (pnagent.exe)
(175) PID: 904 [89CF65D8] (MediaDetect.exe)
(175) PID: 916 [87AD37E0] (CTHELPER.EXE)
(175) PID: 944 [89CF7DA0] (IntelMEM.exe)
(175) PID: 956 [87AADDA0] (DVDLauncher.exe)
(175) PID: 964 [87B1BDA0] (CTDVDDET.exe)
(191) PID: 976 [87A9B870] (VolPanel.exe)
(175) PID: 992 [89871A18] (DLLML.exe)
(07) PID: 1000 [89B4C790] (smss.exe)
(191) PID: 1020 [87A9BDA0] (tfswctrl.exe)
(191) PID: 1040 [87B18DA0] (issch.exe)
(175) PID: 1048 [87AADB20] (DMXLauncher.exe)
(191) PID: 1076 [8A68F970] (csrss.exe)
(191) PID: 1100 [87B432B0] (winlogon.exe)
(191) PID: 1152 [87B50420] (services.exe)
(191) PID: 1164 [87A37B10] (lsass.exe)
(191) PID: 1296 [8A6C1020] (DSAgnt.exe)
(191) PID: 1500 [88803020] (mm_tray.exe)
(191) PID: 1560 [87A4B1B8] (AOLacsd.exe)
(191) PID: 1572 [87A325E8] (AppleMobileDeviceService.exe)
(175) PID: 1592 [87A1AB10] (mDNSResponder.exe)
(175) PID: 1632 [87A57B10] (CTSVCCDA.EXE)
(191) PID: 1672 [87A1F1B8] (IntuitUpdateService.exe)
(175) PID: 1836 [879ED020] (AOLSP Scheduler.exe)
(175) PID: 1852 [87B5F980] (ITMRTSVC.exe)
(191) PID: 1864 [87A61B10] (jqs.exe)
(175) PID: 1892 [87A58020] (mfevtps.exe)
(191) PID: 1916 [87A02020] (sqlservr.exe)
(191) PID: 1956 [87B4C948] (nvsvc32.exe)
(175) PID: 1968 [898C8DA0] (sprtsvc.exe)
(175) PID: 2004 [87A4DDA0] (wanmpsvc.exe)
(175) PID: 2020 [878D9B08] (SSScheduler.exe)
(191) PID: 2044 [8A64DDA0] (GoogleDesktop.exe)
(175) PID: 2480 [87820DA0] (radixgui.exe)
(191) PID: 3336 [874D2DA0] (mcuicnt.exe)
21:17:33 - Performing check: "Hidden services":
#   Service         Startup   File
0   .NET CLR Data           Disabled                                        
1   .NET CLR Networking     Disabled                                        
2   .NET Data Provider for Oracle Disabled                                        
3   .NET Data Provider for SqlServer Disabled                                        
4   .NETFramework           Disabled                                        
5   Abiosdsk                Disabled                                        
6   abp480n5                Disabled abp480n5                               
7   ACPI                    Boot     Microsoft ACPI Driver                  
8   ACPIEC                  Disabled                                        
9   adfs                    Auto                                            
10   AdobeDriveCS4_NP        Disabled Adobe Drive CS4 NP                     
11   adpu160m                Disabled adpu160m                               
12   aec                     Demand   Microsoft Kernel Acoustic Echo Canceller
13   AFD                     System   AFD                                    
14   agp440                  Disabled Intel AGP Bus Filter                   
15   agpCPQ                  Disabled Compaq AGP Bus Filter                  
16   Aha154x                 Disabled Aha154x                                
17   aic78u2                 Disabled aic78u2                                
18   aic78xx                 Disabled aic78xx                                
19   Akamai                  Auto     Akamai NetSession Interface            
20   Alerter                 Disabled Alerter                                
21   ALG                     Demand   Application Layer Gateway Service      
22   AliIde                  Disabled AliIde                                 
23   alim1541                Disabled ALI AGP Bus Filter                     
24   amdagp                  Disabled AMD AGP Bus Filter Driver              
25   amsint                  Disabled amsint                                 
26   AOL ACS                 Auto     AOL Connectivity Service               
27   Apple Mobile Device     Auto     Apple Mobile Device                    
28   AppMgmt                 Demand   Application Management                 
29   Arp1394                 Demand   1394 ARP Client Protocol               
30   asc                     Disabled asc                                    
31   asc3350p                Disabled asc3350p                               
32   asc3550                 Disabled asc3550                                
33   ASP.NET                 Disabled                                        
34   ASP.NET_1.1.4322        Disabled                                        
35   ASP.NET_2.0.50727       Disabled                                        
36   aspnet_state            Demand   ASP.NET State Service                  
37   AsyncMac                Demand   RAS Asynchronous Media Driver          
38   atapi                   Boot     Standard IDE/ESDI Hard Disk Controller 
39   Atdisk                  Disabled                                        
40   Atmarpc                 Demand   ATM ARP Client Protocol                
41   AudioSrv                Auto     Windows Audio                          
42   audstub                 Demand   Audio Stub Driver                      
43   BattC                   Disabled                                        
44   Beep                    System                                          
45   BITS                    Demand   Background Intelligent Transfer Service
46   Bonjour Service         Auto     Bonjour Service                        
47   Browser                 Auto     Computer Browser                       
48   BVRPMPR5                Demand   BVRPMPR5 NDIS Protocol Driver          
49   bvrp_pci                Demand                                          
50   catchme                 Demand                                          
51   cbidf                   Disabled cbidf                                  
52   cbidf2k                 Disabled                                        
53   CCALib8                 Auto     Canon Camera Access Library 8          
54   cd20xrnt                Disabled cd20xrnt                               
55   Cdaudio                 System                                          
56   Cdfs                    Disabled                                        
57   Cdr4_xp                 System                                          
58   Cdralw2k                System                                          
59   Cdrom                   System   CD-ROM Driver                          
60   cfwids                  Demand   McAfee Inc. cfwids                     
61   Changer                 System                                          
62   CiSvc                   Demand   Indexing Service                       
63   ClipSrv                 Demand   ClipBook                               
64   clr_optimization_v2.0.50727_32 Demand   .NET Runtime Optimization Service v2.0.50727_X86
65   CmdIde                  Disabled CmdIde                                 
66   COMSysApp               Demand   COM+ System Application                
67   ContentFilter           Disabled                                        
68   ContentIndex            Disabled                                        
69   Cpqarray                Disabled Cpqarray                               
70   Creative Service for CDROM Access Auto     Creative Service for CDROM Access      
71   CryptSvc                Auto     CryptSvc                               
72   ctac32k                 Demand   Creative AC3 Software Decoder          
73   ctaud2k                 Demand   Creative Audio Driver (WDM)            
74   ctdvda2k                Demand   Creative DVD-Audio Device Driver       
75   ctprxy2k                Demand   Creative Proxy Driver                  
76   ctsfm2k                 Demand   Creative SoundFont Management Device Driver
77   dac2w2k                 Disabled dac2w2k                                
78   dac960nt                Disabled dac960nt                               
79   DcomLaunch              Auto     DCOM Server Process Launcher           
80   Dhcp                    Auto     DHCP Client                            
81   Disk                    Boot     Disk Driver                            
82   dmadmin                 Demand   Logical Disk Manager Administrative Service
83   dmboot                  Disabled                                        
84   dmio                    Boot     Logical Disk Manager Driver            
85   dmload                  Boot                                            
86   dmserver                Auto     Logical Disk Manager                   
87   DMusic                  Demand   Microsoft Kernel DLS Syntheiszer       
88   Dnscache                Auto     DNS Client                             
89   Dot3svc                 Demand   Wired AutoConfig                       
90   dot4                    Demand   MS IEEE-1284.4 Driver                  
91   Dot4Print               Demand   Print Class Driver for IEEE-1284.4     
92   Dot4Scan                Demand   Scan Class Driver for IEEE-1284.4      
93   dot4usb                 Demand   Dot4USB Filter Dot4USB Filter          
94   dpti2o                  Disabled dpti2o                                 
95   drmkaud                 Demand   Microsoft Kernel DRM Audio Descrambler 
96   drvmcdb                 Boot                                            
97   drvncdb                 Disabled                                        
98   drvnddm                 Auto                                            
99   DSBrokerService         Demand   DSBrokerService                        
100   DSproct                 Demand   DSproct                                
101   dsunidrv                Auto     DellSupport UniDriver                  
102   E100B                   Demand   Intel(R) PRO Adapter Driver            
103   EapHost                 Demand   Extensible Authentication Protocol Service
104   emupia                  Demand   E-mu Plug-in Architecture Driver       
105   ERSvc                   Auto     Error Reporting Service                
106   Eventlog                Auto     Event Log                              
107   EventSystem             Demand   COM+ Event System                      
108   Fastfat                 Disabled                                        
109   FastUserSwitchingCompatibility Demand   Fast User Switching Compatibility      
110   Fax                     Auto     Fax                                    
111   Fdc                     Demand   Floppy Disk Controller Driver          
112   Fips                    System                                          
113   FLEXnet Licensing Service Demand   FLEXnet Licensing Service              
114   Flpydisk                Demand   Floppy Disk Driver                     
115   FltMgr                  Boot     FltMgr                                 
116   FontCache3.0.0.0        Demand   Windows Presentation Foundation Font Cache 3.0.0.0
117   Fs_Rec                  System                                          
118   Ftdisk                  Boot     Volume Manager Driver                  
119   GEARAspiWDM             Demand   GEAR ASPI Filter Driver                
120   GoogleDesktopManager-093009-130223 Demand   Google Desktop Manager 5.9.909.30391   
121   Gpc                     Demand   Generic Packet Classifier              
122   gupdate                 Auto     Google Update Service (gupdate)        
123   gusvc                   Auto     Google Software Updater                
124   ha20x2k                 Demand   Creative 20X HAL Driver                
125   helpsvc                 Auto     Help and Support                       
126   HidServ                 Disabled Human Interface Device Access          
127   HidUsb                  Demand   Microsoft HID Class Driver             
128   hkmsvc                  Demand   Health Key and Certificate Management Ser

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:22:15 PM

134   i8042prt                System   i8042 Keyboard and PS/2 Mouse Port Driver
135   IDriverT                Demand   InstallDriver Table Manager             
136   idsvc                   Demand   Windows CardSpace                       
137   Imapi                   System   CD-Burning Filter Driver               
138   ImapiService            Demand   IMAPI CD-Burning COM Service           
139   inetaccs                Disabled                                         
140   ini910u                 Disabled ini910u                                 
141   Inport                  Disabled                                         
142   IntelC51                Demand                                           
143   IntelC52                Demand                                           
144   IntelC53                Demand                                           
145   IntelIde                Disabled IntelIde                               
146   intelppm                System   Intel Processor Driver                 
147   IntuitUpdateService     Auto     Intuit Update Service                   
148   Ip6Fw                   Demand   IPv6 Windows Firewall Driver           
149   IpFilterDriver          Demand   IP Traffic Filter Driver               
150   IpInIp                  Demand   IP in IP Tunnel Driver                 
151   IpNat                   Demand   IP Network Address Translator           
152   iPod Service            Demand   iPod Service                           
153   IPSec                   System   IPSEC driver                           
154   IRENUM                  Demand   IR Enumerator Service                   
155   ISAPISearch             Disabled                                         
156   isapnp                  Boot     PnP ISA/EISA Bus Driver                 
157   ITMRTSVC                Auto     CA Pest Patrol Realtime Protection Service
158   JavaQuickStarterService Auto     Java Quick Starter                     
159   Jukebox                 Demand                                           
160   Kbdclass                System   Keyboard Class Driver                   
161   kbdhid                  System   Keyboard HID Driver                     
162   kmixer                  Demand   Microsoft Kernel Wave Audio Mixer       
163   KSecDD                  Boot                                             
164   lanmanserver            Auto     Server                                 
165   lanmanworkstation       Auto     Workstation                             
166   lbrtfdc                 System                                           
167   ldap                    Disabled                                         
168   LicenseService          Disabled                                         
169   LkWebLink               Disabled Inter-Tel Collaboration Remote Client   
170   LmHosts                 Auto     TCP/IP NetBIOS Helper                   
171   McAfee SiteAdvisor Service Auto     McAfee SiteAdvisor Service             
172   McMPFSvc                Auto     McAfee Personal Firewall               
173   mcmscsvc                Auto     McAfee Services                         
174   McNaiAnn                Auto     McAfee VirusScan Announcer             
175   McNASvc                 Auto     McAfee Network Agent                   
176   McODS                   Demand   McAfee Scanner                         
177   McProxy                 Auto     McAfee Proxy Service                   
178   McShield                Auto     McShield                               
179   MDM                     Auto     Machine Debug Manager                   
180   Messenger               Disabled Messenger                               
181   mfeapfk                 Demand   McAfee Inc. mfeapfk                     
182   mfeavfk                 Demand   McAfee Inc. mfeavfk                     
183   mfeavfk01               Demand   McAfee Inc.                             
184   mfebopk                 Demand   McAfee Inc. mfebopk                     
185   mfefire                 Auto     McAfee Firewall Core Service           
186   mfefirek                Demand   McAfee Inc. mfefirek                   
187   mfehidk                 Boot     McAfee Inc. mfehidk                     
188   mfendisk                Demand   McAfee Core NDIS Intermediate Filter   
189   mfendiskmp              Demand                                           
190   mferkdet                Demand   McAfee Inc. mferkdet                   
191   mferkdk                 Demand   McAfee Inc. mferkdk                     
192   mfesmfk                 Demand   McAfee Inc. mfesmfk                     
193   mfetdi2k                System   McAfee Inc. mfetdi2k                   
194   mfevtp                  Auto     McAfee Validation Trust Protection Service
195   mnmdd                   System                                           
196   mnmsrvc                 Demand   NetMeeting Remote Desktop Sharing       
197   Modem                   Demand                                           
198   MODEMCSA                Demand   Unimodem Streaming Filter Device       
199   mohfilt                 Demand                                           
200   Mouclass                System   Mouse Class Driver                     
201   mouhid                  Demand   Mouse HID Driver                       
202   MountMgr                Boot     Mount Point Manager                     
203   mraid35x                Disabled mraid35x                               
204   MRxDAV                  Demand   WebDav Client Redirector               
205   MRxSmb                  System   MRXSMB                                 
206   MSDTC                   Demand   Distributed Transaction Coordinator     
207   MSDTC Bridge 3.0.0.0    Disabled                                         
208   Msfs                    System                                           
209   MSIServer               Demand   Windows Installer                       
210   MSK80Service            Auto     McAfee Anti-Spam Service               
211   MSKSSRV                 Demand   Microsoft Streaming Service Proxy       
212   MSPCLOCK                Demand   Microsoft Streaming Clock Proxy         
213   MSPQM                   Demand   Microsoft Streaming Quality Manager Proxy
214   mssmbios                Demand   Microsoft System Management BIOS Driver
215   MSSQL$MICROSOFTBCM      Auto     MSSQL$MICROSOFTBCM                     
216   MSSQLServerADHelper     Demand   MSSQLServerADHelper                     
217   Mup                     Boot     Mup                                     
218   napagent                Demand   Network Access Protection Agent         
219   NDIS                    Boot     NDIS System Driver                     
220   NdisTapi                Demand   Remote Access NDIS TAPI Driver         
221   Ndisuio                 Demand   NDIS Usermode I/O Protocol             
222   NdisWan                 Demand   Remote Access NDIS WAN Driver           
223   NDProxy                 Demand   NDIS Proxyd                             
224   NetBIOS                 System   NetBIOS Interface                       
225   NetBT                   System   NetBios over Tcpip                     
226   NetDDE                  Disabled Network DDE                             
227   NetDDEdsdm              Disabled Network DDE DSDM                       
228   Netlogon                Demand   Net Logon                               
229   Netman                  Demand   Network Connections                     
230   NetTcpPortSharing       Disabled Net.Tcp Port Sharing Service           
231   NIC1394                 Demand   1394 Net Driver                         
232   Nla                     Demand   Network Location Awareness (NLA)       
233   Npfs                    System                                           
234   npggsvc                 Demand   nProtect GameGuard Service             
235   Ntfs                    Disabled                                         
236   NtLmSsp                 Demand   NT LM Security Support Provider         
237   NtmsSvc                 Demand   Removable Storage                       
238   Null                    System                                           
239   nv                      Demand                                           
240   nvatabus                Boot                                             
241   NVENETFD                Demand   NVIDIA nForce Networking Controller Driver
242   nvnetbus                Demand   NVIDIA Network Bus Enumerator           
243   nvraid                  Boot     NVIDIA nForce(tm) RAID Class Driver     
244   NVSvc                   Auto     NVIDIA Display Driver Service           
245   NwlnkFlt                Demand   IPX Traffic Filter Driver               
246   NwlnkFwd                Demand   IPX Traffic Forwarder Driver           
247   ohci1394                Boot     Texas Instruments OHCI Compliant IEEE 1394 Host Controller
248   ose                     Demand   Office Source Engine                   
249   ossrv                   Demand   Creative OS Services Driver             
250   Outlook                 Disabled                                         
251   Parport                 Demand   Parallel port driver                   
252   PartMgr                 Boot     Partition Manager                       
253   ParVdm                  Disabled                                         
254   PCI                     Boot     PCI Bus Driver                         
255   PCIDump                 System                                           
256   PCIIde                  Boot                                             
257   Pcmcia                  Disabled                                         
258   PDCOMP                  Demand                                           
259   PDFRAME                 Demand                                           
260   PDRELI                  Demand                                           
261   PDRFRAME                Demand                                           
262   perc2                   Disabled perc2                                   
263   perc2hib                Disabled perc2hib                               
264   PerfDisk                Disabled                                         
265   PerfNet                 Disabled                                         
266   PerfOS                  Disabled                                         
267   PerfProc                Disabled                                         
268   PlugPlay                Auto     Plug and Play                           
269   PnSson                  Disabled                                         
270   PolicyAgent             Auto     IPSEC Services                         
271   PptpMiniport            Demand   WAN Miniport (PPTP)                     
272   ProtectedStorage        Auto     Protected Storage                       
273   PSched                  Demand   QoS Packet Scheduler                   
274   Ptilink                 Demand   Direct Parallel Link Driver             
275   PxHelp20                Boot     PxHelp20                               
276   ql1080                  Disabled ql1080                                 
277   Ql10wnt                 Disabled Ql10wnt                                 
278   ql12160                 Disabled ql12160                                 
279   ql1240                  Disabled ql1240                                 
280   ql1280                  Disabled ql1280                                 
281   RasAcd                  System   Remote Access Auto Connection Driver   
282   RasAuto                 Demand   Remote Access Auto Connection Manager   
283   Rasl2tp                 Demand   WAN Miniport (L2TP)                     
284   RasMan                  Demand   Remote Access Connection Manager       
285   RasPppoe                Demand   Remote Access PPPOE Driver             
286   Raspti                  Demand   Direct Parallel                         
287   Rdbss                   System   Rdbss                                   
288   RDPCDD                  System                                           
289   RDPDD                   Disabled                                         
290   rdpdr                   Demand   Terminal Server Device Redirector Driver
291   RDPNP                   Disabled                                         
292   RDPWD                   Demand                                           
293   RDSessMgr               Demand   Remote Desktop Help Session Manager     
294   redbook                 System   Digital CD Audio Playback Filter Driver
295   RemoteAccess            Disabled Routing and Remote Access               
296   RemoteRegistry          Auto     Remote Registry                         
297   RpcLocator              Demand   Remote Procedure Call (RPC) Locator     
298   RpcSs                   Auto     Remote Procedure Call (RPC)             
299   RSVP                    Demand   QoS RSVP                               
300   SamSs                   Auto     Security Accounts Manager               
301   SCardSvr                Demand   Smart Card                             
302   Schedule                Auto     Task Scheduler                         
303   ScsiPort                Disabled                                         
304   SDTHelper               Demand   Helper driver for SDT-Tool             
305   Secdrv                  Demand   Secdrv                                 
306   seclogon                Auto     Secondary Logon                         
307   SENS                    Auto     System Event Notification               
308   serenum                 Demand   Serenum Filter Driver                   
309   Serial                  System   Serial port driver                     
310   ServiceModelEndpoint 3.0.0.0 Disabled                                         
311   ServiceModelOperation 3.0.0.0 Disabled                                         
312   ServiceModelService 3.0.0.0 Disabled                                         
313   Sfloppy                 System                                           
314   SharedAccess            Auto     Windows Firewall/Internet Connection Sharing (ICS)
315   ShellHWDetection        Auto     Shell Hardware Detection               
316   Simbad                  Disabled                                         
317   sisagp                  Disabled SIS AGP Bus Filter                     
318   SMSvcHost 3.0.0.0       Disabled                                         
319   Sparrow                 Disabled Sparrow                                 
320   splitter                Demand   Microsoft Kernel Audio Splitter         
321   Spooler                 Auto     Print Spooler                           
322   sprtsvc_dellsupportcenter Auto     SupportSoft Sprocket Service (dellsupportcenter)
323   SQLAgent$MICROSOFTBCM   Demand   SQLAgent$MICROSOFTBCM                   
324   sr                      Boot     System Restore Filter Driver           
325   srservice               Auto     System Restore Service                 
326   Srv                     Demand   Srv                                     
327   sscdbhk5                System                                           
328   SSDPSRV                 Demand   SSDP Discovery Service                 
329   ssrtln                  System                                           
330   stisvc                  Auto     Windows Image Acquisition (WIA)         
331   swenum                  Demand   Software Bus Driver                     
332   swmidi                  Demand   Microsoft Kernel GS Wavetable Synthesizer
333   SwPrv                   Demand   MS Software Shadow Copy Provider       
334   swwd                    Disabled                                         
335   symc810                 Disabled symc810                                 
336   symc8xx                 Disabled symc8xx                                 
337   sym_hi                  Disabled sym_hi                                 
338   sym_u3                  Disabled sym_u3                                 
339   sysaudio                Demand   Microsoft Kernel System Audio Device   
340   SysmonLog               Demand   Performance Logs and Alerts             
341   TapiSrv                 Demand   Telephony                               
342   Tcpip                   System   TCP/IP Protocol Driver                 
343   TDPIPE                  Demand                                           
344   TDTCP                   Demand                                           
345   TermDD                  System   Terminal Device Driver                 
346   TermService             Demand   Terminal Services                       
347   tfsnboio                Auto                                             
348   tfsncofs                Auto                                             
349   tfsndrct                Auto                                             
350   tfsndres                Auto                                             
351   tfsnifs                 Auto                                             
352   tfsnopio                Auto                                             
353   tfsnpool                Auto                                             
354   tfsnudf                 Auto                                             
355   tfsnudfa                Auto                                             
356   Themes                  Auto     Themes                                 
357   TlntSvr                 Demand   Telnet                                 
358   TosIde                  Disabled TosIde                                 
359   TrkWks                  Auto     Distributed Link Tracking Client       
360   TSDDD                   Disabled                                         
361   Udfs                    Disabled                                         
362   ultra                   Disabled ultra                                   
363   Update                  Demand   Microcode Update Driver                 
364   upnphost                Disabled Universal Plug and Play Device Host     
365   UPS                     Demand   Uninterruptible Power Supply           
366   USBAAPL                 Demand   Apple Mobile USB Driver                 
367   usbccgp                 Demand   Microsoft USB Generic Parent Driver     
368   usbehci                 Demand   Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
369   usbhub                  Demand   USB2 Enabled Hub                       
370   usbohci                 Demand   Microsoft USB Open Host Controller Miniport Driver
371   usbscan                 Demand   USB Scanner Driver                     
372   USBSTOR                 Demand   USB Mass Storage Driver                 
373   usbuhci                 Demand   Microsoft USB Universal Host Controller Miniport Driver
374   VgaSave                 System   VGA Display Controller.                 
375   viaagp                  Disabled VIA AGP Bus Filter                     
376   ViaIde                  Disabled ViaIde                                 
377   Viewpoint Manager Service Auto     Viewpoint Manager Service               
378   VolSnap                 Boot                                             
379   VSS                     Demand   Volume Shadow Copy                     
380   VXD                     Disabled                                         
381   w32time                 Auto     Windows Time                           
382   W3SVC                   Disabled                                         
383   Wanarp                  Demand   Remote Access IP ARP Driver             
384   wanatw                  Demand   WAN Miniport (ATW)                     
385   WANMiniportService      Auto     WAN Miniport (ATW) Service             
386   WDICA                   Demand                                           
387   wdmaud                  Demand   Microsoft WINMM WDM Audio Compatibility Driver
388   WebClient               Auto     WebClient                               
389   WinDefend               Disabled Windows Defender Service               
390   Windows Workflow Foundation 3.0.0.0 Disabled                                         
391   winmgmt                 Auto     Windows Management Instrumentation     
392   Winsock                 Demand                                           
393   WinSock2                Disabled                                         
394   WinTrust                Disabled                                         
395   WLSetupSvc              Demand   Windows Live Setup Service             
396   WmdmPmSN                Demand   Portable Media Serial Number Service   
397   Wmi                     Demand   Windows Management Instrumentation Driver Extensions
398   WmiApRpl                Disabled                                         
399   WmiApSrv                Demand   WMI Performance Adapter                 
400   WMPNetworkSvc           Demand   Windows Media Player Network Sharing Service
401   WpdUsb                  Demand   WpdUsb                                 
402   WS2IFSL                 System                                           
403   wscsvc                  Auto     Security Center                         
404   wuauserv                Auto     Automatic Updates                       
405   WudfPf                  Boot     Windows Driver Foundation - User-mode Driver Framework Platform Driver
406   WudfRd                  Demand   Windows Driver Foundation - User-mode Driver Framework Reflector
407   WudfSvc                 Auto     Windows Driver Foundation - User-mode Driver Framework
408   WZCSVC                  Auto     Wireless Zero Configuration             
409   XDva273                 Demand   XDva273                                 
410   XDva280                 Demand   XDva280                                 
411   XDva281                 Demand   XDva281                                 
412   xmlprov                 Demand   Network Provisioning Service           
413   {484ECE02-AEBF-4B4B-91FA-EC75706C0090} Disabled                                         
414   {B259EDC0-B2CA-4A83-95EC-20E1BD2C4381} Disabled                                         
21:17:34 - Performing check: "Selftest":
Doing a short selftest...
 -> Checking IAT

PID 2480  - C:\Documents and Settings\Timothy Donovan\Desktop\radixgui.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
comdlg32.dll        (763B0000 - 763F9000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
COMCTL32.dll        (5D090000 - 5D12A000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
msvcrt.dll          (77C10000 - 77C68000)
SHLWAPI.dll         (77F60000 - 77FD6000)
ole32.dll           (774E0000 - 7761D000)
VERSION.dll         (77C00000 - 77C08000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
wintrust.dll        (76C30000 - 76C5E000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
sfc.dll             (76BB0000 - 76BB5000)
sfc_os.dll          (76C60000 - 76C8A000)
NTMARTA.DLL         (77690000 - 776B1000)
SAMLIB.dll          (71BF0000 - 71C03000)
WLDAP32.dll         (76F60000 - 76F8C000)
msctfime.ime        (755C0000 - 755EE000)
Selftest complete.

21:17:35 - Performing check: "MBR":
Partition Table:
+----+-----+------Start------+--------End------+----------+----------+----+
| Nr | Act | Head Sect Track | Head Sect Track |  Offset  |  Length  | OS |
+----+-----+-----------------+-----------------+----------+----------+----+
| 1  |  N  | 001   01  0000  | 254   63  0004  | 0000003F | 00013986 | DE |
| 2  |  Y  | 000   01  0005  | 254   63  0255  | 000139C5 | 129ED876 | 07 |
| 3  |  N  | 000   00  0000  | 000   00  0000  | 00000000 | 00000000 | 00 |
| 4  |  N  | 000   00  0000  | 000   00  0000  | 00000000 | 00000000 | 00 |
+----+-----+-----------------+-----------------+----------+----------+----+

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:25:43 PM

MBR seems to be OK.
21:17:35 - Performing check: "Object Routines":
Checking Object procedures:
Type                  Procedure             00458EE0
Process               DumpProcedure         00000000   
Process               OpenProcedure         00000000   
Process               CloseProcedure        00000000   
Process               DeleteProcedure       805D1CB4   
Process               ParseProcedure        00000000   
Process               SecurityProcedure     805F8162   
Process               QueryNameProcedure    00000000   
Process               OkayToCloseProcedure  00000000   
Thread                DumpProcedure         00000000   
Thread                OpenProcedure         00000000   
Thread                CloseProcedure        00000000   
Thread                DeleteProcedure       805D1E3C   
Thread                ParseProcedure        00000000   
Thread                SecurityProcedure     805F8162   
Thread                QueryNameProcedure    00000000   
Thread                OkayToCloseProcedure  00000000   
Key                   DumpProcedure         00000000   
Key                   OpenProcedure         00000000   
Key                   CloseProcedure        80637296   
Key                   DeleteProcedure       8063717C   
Key                   ParseProcedure        8062F062   
Key                   SecurityProcedure     80636FE0   
Key                   QueryNameProcedure    80636016   
Key                   OkayToCloseProcedure  00000000   
Event                 DumpProcedure         00000000   
Event                 OpenProcedure         00000000   
Event                 CloseProcedure        00000000   
Event                 DeleteProcedure       00000000   
Event                 ParseProcedure        00000000   
Event                 SecurityProcedure     805F8162   
Event                 QueryNameProcedure    00000000   
Event                 OkayToCloseProcedure  00000000   
File                  DumpProcedure         00000000   
File                  OpenProcedure         00000000   
File                  CloseProcedure        805836E8   
File                  DeleteProcedure       805839C6   
File                  ParseProcedure        805835D6   
File                  SecurityProcedure     80583D4A   
File                  QueryNameProcedure    80582680   
File                  OkayToCloseProcedure  00000000   
Directory             DumpProcedure         00000000   
Directory             OpenProcedure         00000000   
Directory             CloseProcedure        00000000   
Directory             DeleteProcedure       00000000   
Directory             ParseProcedure        00000000   
Directory             SecurityProcedure     805F8162   
Directory             QueryNameProcedure    00000000   
Directory             OkayToCloseProcedure  00000000   
Port                  DumpProcedure         00000000   
Port                  OpenProcedure         00000000   
Port                  CloseProcedure        805A6876   
Port                  DeleteProcedure       805A68AE   
Port                  ParseProcedure        00000000   
Port                  SecurityProcedure     805F8162   
Port                  QueryNameProcedure    00000000   
Port                  OkayToCloseProcedure  00000000   
Desktop               DumpProcedure         00000000   
Desktop               OpenProcedure         8060CF4A   
Desktop               CloseProcedure        8060CE28   
Desktop               DeleteProcedure       8060CF00   
Desktop               ParseProcedure        00000000   
Desktop               SecurityProcedure     805F8162   
Desktop               QueryNameProcedure    00000000   
Desktop               OkayToCloseProcedure  8060CE8E   
KeyedEvent            DumpProcedure         00000000   
KeyedEvent            OpenProcedure         00000000   
KeyedEvent            CloseProcedure        00000000   
KeyedEvent            DeleteProcedure       00000000   
KeyedEvent            ParseProcedure        00000000   
KeyedEvent            SecurityProcedure     805F8162   
KeyedEvent            QueryNameProcedure    00000000   
KeyedEvent            OkayToCloseProcedure  00000000   
SymbolicLink          DumpProcedure         00000000   
SymbolicLink          OpenProcedure         00000000   
SymbolicLink          CloseProcedure        00000000   
SymbolicLink          DeleteProcedure       805C3980   
SymbolicLink          ParseProcedure        805C3642   
SymbolicLink          SecurityProcedure     805F8162   
SymbolicLink          QueryNameProcedure    00000000   
SymbolicLink          OkayToCloseProcedure  00000000   
Section               DumpProcedure         00000000   
Section               OpenProcedure         00000000   
Section               CloseProcedure        00000000   
Section               DeleteProcedure       805A89FE   
Section               ParseProcedure        00000000   
Section               SecurityProcedure     805F8162   
Section               QueryNameProcedure    00000000   
Section               OkayToCloseProcedure  00000000   
Semaphore             DumpProcedure         00000000   
Semaphore             OpenProcedure         00000000   
Semaphore             CloseProcedure        00000000   
Semaphore             DeleteProcedure       00000000   
Semaphore             ParseProcedure        00000000   
Semaphore             SecurityProcedure     805F8162   
Semaphore             QueryNameProcedure    00000000   
Semaphore             OkayToCloseProcedure  00000000   
WindowStation         DumpProcedure         00000000   
WindowStation         OpenProcedure         8060CF4A   
WindowStation         CloseProcedure        8060CE28   
WindowStation         DeleteProcedure       8060CF00   
WindowStation         ParseProcedure        8060CFBE   
WindowStation         SecurityProcedure     805F8162   
WindowStation         QueryNameProcedure    00000000   
WindowStation         OkayToCloseProcedure  8060CE8E   
Mutant                DumpProcedure         00000000   
Mutant                OpenProcedure         00000000   
Mutant                CloseProcedure        00000000   
Mutant                DeleteProcedure       8053901E   
Mutant                ParseProcedure        00000000   
Mutant                SecurityProcedure     805F8162   
Mutant                QueryNameProcedure    00000000   
Mutant                OkayToCloseProcedure  00000000   
Timer                 DumpProcedure         00000000   
Timer                 OpenProcedure         00000000   
Timer                 CloseProcedure        00000000   
Timer                 DeleteProcedure       80538A94   
Timer                 ParseProcedure        00000000   
Timer                 SecurityProcedure     805F8162   
Timer                 QueryNameProcedure    00000000   
Timer                 OkayToCloseProcedure  00000000   
IoCompletion          DumpProcedure         00000000   
IoCompletion          OpenProcedure         00000000   
IoCompletion          CloseProcedure        00000000   
IoCompletion          DeleteProcedure       80578E36   
IoCompletion          ParseProcedure        00000000   
IoCompletion          SecurityProcedure     805F8162   
IoCompletion          QueryNameProcedure    00000000   
IoCompletion          OkayToCloseProcedure  00000000   
Token                 DumpProcedure         00000000   
Token                 OpenProcedure         00000000   
Token                 CloseProcedure        00000000   
Token                 DeleteProcedure       805F82DC   
Token                 ParseProcedure        00000000   
Token                 SecurityProcedure     805F8162   
Token                 QueryNameProcedure    00000000   
Token                 OkayToCloseProcedure  00000000   
WmiGuid               DumpProcedure         00000000   
WmiGuid               OpenProcedure         00000000   
WmiGuid               CloseProcedure        806038E6   
WmiGuid               DeleteProcedure       80603944   
WmiGuid               ParseProcedure        00000000   
WmiGuid               SecurityProcedure     80603E3E   
WmiGuid               QueryNameProcedure    00000000   
WmiGuid               OkayToCloseProcedure  00000000   
21:17:35 - Performing check: "IRP hooks":
00 \Driver\Beep                   87C29B98 Beep.SYS         
01 \Driver\NDIS                   8A738850 NDIS.sys         
02 \Driver\KSecDD                 8A737F38 KSecDD.sys       
03 \Driver\Mouclass               8A5922B8 mouclass.sys     
04 \Driver\wanatw                 89CF41A0 wanatw4.sys       
05 \Driver\Raspti                 89CF4780 raspti.sys       
06 \Driver\IntelC51               8A3C1030 IntelC51.sys     
06 >\Driver\IntelC52              8A3C1850 IntelC52.sys     
07 >\Driver\mohfilt2              8A417B08 mohfilt.sys       
08 >\Driver\Modemlt2              8A697980 Modem.SYS         
07 \Driver\IntelC52               8A3C1850 IntelC52.sys     
10 \Driver\Kbdclass               89CF2760 kbdclass.sys     
11 \Driver\Fips                   87B93F38 Fips.SYS         
12 \Driver\IntelC53               8A3C1AE0 IntelC53.sys     
13 \Driver\nvatabus               8A774A08 nvatabus.sys     
13 >\Driver\nvraidus              8A775DD0 nvraid.sys       
15 \Driver\VgaSave                882E5538 vga.sys           
16 \Driver\Cdr4_xp                8883A1E0 Cdr4_xp.SYS       
17 \Driver\i2omgmt                8882AE18 i2omgmt.SYS       
18 \Driver\NDProxy                8A3C0350 NDProxy.SYS       
19 \Driver\Ptilink                89CF4C80 ptilink.sys       
20 \Driver\MountMgr               8A7E1F38 MountMgr.sys     
21 \Driver\ohci1394               8A713208 ohci1394.sys     
21 >\Driver\NIC13944              8A3F13B0 nic1394.sys       
23 \Driver\dmload                 8A715030 dmload.sys       
24 \Driver\isapnp                 8A755CB8 isapnp.sys       
25 \Driver\DSproct                8781C650 DSproct.sys       
26 \Driver\redbook                8A69BF38 redbook.sys       
26 >\Driver\GEARAspiWDM           8A68C878 GEARAspiWDM.sys   
28 \Driver\mfetdi2k               883AB398 mfetdi2k.sys     
29 \Driver\atapi                  8A753B30 atapi.sys         
29 >\Driver\Imapi                 8A68B4F0 imapi.sys         
30 >\Driver\PxHelp20              8A749CD8 PxHelp20.sys     
31 >\Driver\drvmcdb0              8A74FC10 drvmcdb.sys       
32 >\FileSystem\sscdbhk5          8A625730 sscdbhk5.sys     
33 >\Driver\Cdromscdbhk5          8A673CC0 cdrom.sys         
34 >\Driver\redbookdbhk5          8A69BF38 redbook.sys       
26 >\Driver\GEARAspiWDM5          8A68C878 GEARAspiWDM.sys   
35 \Driver\dsunidrv               87B88030 dsunidrv.sys     
36 \Driver\USBSTOR                87B439C0 USBSTOR.SYS       
36 >\Driver\drvmcdb               8A74FC10 drvmcdb.sys       
32 >\Driver\Diskcdb               8A721F38 disk.sys         
37 >\Driver\PartMgr               8A753F38 PartMgr.sys       
39 \Driver\IpNat                  8A3C6998 ipnat.sys         
40 \Driver\RasAcd                 88844F38 rasacd.sys       
41 \Driver\PSched                 8A625098 psched.sys       
42 \Driver\dmio                   8A715E18 dmio.sys         
43 \Driver\SDTHelper              8A65BBD8 sdthlpr.sys       
44 \Driver\mouhid                 87B36A88 mouhid.sys       
44 >\Driver\Mouclass              8A5922B8 mouclass.sys     
45 \Driver\NVENETFD               89BF82B8 NVENETFD.sys     
46 \Driver\audstub                8A3C15C0 audstub.sys       
47 \Driver\usbohci                8A626A10 usbohci.sys       
47 >\Driver\usbhubi               8A625CA8 usbhub.sys       
49 \Driver\Win32k                 87B44AE0 win32k.sys       
50 \Driver\emupia                 89876478 emupia2k.sys     
48 \Driver\usbhub                 8A625CA8 usbhub.sys       
48 >\Driver\USBSTOR               87B439C0 USBSTOR.SYS       
51 \Driver\swenum                 89CF1310 swenum.sys       
52 \Driver\rdpdr                  8A598470 rdpdr.sys         
53 \Driver\WudfPf                 8A712A18 WudfPf.sys       
54 \Driver\RDPCDD                 8A67E6F8 RDPCDD.sys       
55 \Driver\Update                 8A68B260 update.sys       
56 \Driver\RasPppoe               8A68C030 raspppoe.sys     
57 \Driver\ossrv                  8A417CA0 ctoss2k.sys       
58 \Driver\HTTP                   89B35830 HTTP.sys         
59 \Driver\TermDD                 89CF9678 termdd.sys       
59 >\Driver\Mouclass              8A5922B8 mouclass.sys     
09 \Driver\Modem                  8A697980 Modem.SYS         
09 >\Driver\MODEMCSA              895AC4D8 MODEMCSA.sys     
61 \Driver\mfehidk                8A7D0960 mfehidk.sys       
62 \Driver\Ftdisk                 8A754230 ftdisk.sys       
62 >\Driver\VolSnap               8A753E40 VolSnap.sys       
64 \Driver\Rasl2tp                8A3CB170 rasl2tp.sys       
65 \Driver\nvnetbus               8A630558 nvnetbus.sys     
65 >\Driver\NVENETFD              89BF82B8 NVENETFD.sys     
66 \Driver\Fdc                    8A6BD5D8 fdc.sys           
66 >\Driver\Flpydisk              8883D638 flpydisk.sys     
68 \Driver\ctaud2k                8A631F38 ctaud2k.sys       
69 \Driver\PptpMiniport           8A416B08 raspptp.sys       
08 \Driver\mohfilt                8A417B08 mohfilt.sys       
70 \Driver\serenum                8A694B90 serenum.sys       
71 \Driver\WMIxWDM                8A79F410 ntkrnlpa.exe     
72 \Driver\ACPI_HAL               8A79F998 hal.dll           
72 >\Driver\ACPI_HAL              8A79C398 ACPI.sys         
74 \Driver\adfs                   8A62BBF8 adfs.SYS         
74 >\FileSystem\FltMgr            8A713B20 fltmgr.sys       
75 >\Driver\mfehidkMgr            8A7D0960 mfehidk.sys       
76 \Driver\Arp1394                895541D8 arp1394.sys       
77 \Driver\ha20x2k                895A8848 ha20x2k.sys       
78 \Driver\NetBT                  8A6298A0 netbt.sys         
34 \Driver\Cdrom                  8A673CC0 cdrom.sys         
34 >\Driver\redbook               8A69BF38 redbook.sys       
26 >\Driver\GEARAspiWDM           8A68C878 GEARAspiWDM.sys   
79 \Driver\mssmbios               89CF8460 mssmbios.sys     
80 \Driver\PCIIde                 8A776158 pciide.sys       
80 >\Driver\atapie                8A753B30 atapi.sys         
81 \Driver\mfeavfk                8A4165B8 mfeavfk.sys       
82 \Driver\mfebopk                8881EB08 mfebopk.sys       
83 \Driver\mfeapfk                87A3CA10 mfeapfk.sys       
84 \Driver\kbdhid                 8A7CCDE8 kbdhid.sys       
84 >\Driver\Kbdclass              89CF2760 kbdclass.sys     
85 \Driver\Wanarp                 883861D8 wanarp.sys       
86 \Driver\Tcpip                  882D07C8 tcpip.sys         
87 \Driver\mnmdd                  8A629998 mnmdd.SYS         
63 \Driver\VolSnap                8A753E40 VolSnap.sys       
88 \Driver\intelppm               8A417030 intelppm.sys     
60 \Driver\MODEMCSA               895AC4D8 MODEMCSA.sys     
89 \Driver\ctprxy2k               8A6251B8 ctprxy2k.sys     
90 \Driver\nv                     8A3C8668 nv4_mini.sys     
22 \Driver\NIC1394                8A3F13B0 nic1394.sys       
14 \Driver\nvraid                 8A775DD0 nvraid.sys       
14 >\Driver\Diskid                8A721F38 disk.sys         
37 >\Driver\PartMgr               8A753F38 PartMgr.sys       
30 \Driver\Imapi                  8A68B4F0 imapi.sys         
30 >\Driver\PxHelp20              8A749CD8 PxHelp20.sys     
31 >\Driver\drvmcdb0              8A74FC10 drvmcdb.sys       
32 >\FileSystem\sscdbhk5          8A625730 sscdbhk5.sys     
33 >\Driver\Cdromscdbhk5          8A673CC0 cdrom.sys         
34 >\Driver\redbookdbhk5          8A69BF38 redbook.sys       
26 >\Driver\GEARAspiWDM5          8A68C878 GEARAspiWDM.sys   
91 \Driver\Null                   87C39CA0 Null.SYS         
92 \Driver\usbehci                8A671720 usbehci.sys       
92 >\Driver\usbhubi               8A625CA8 usbhub.sys       
37 \Driver\Disk                   8A721F38 disk.sys         
93 \Driver\IPSec                  87C29CA0 ipsec.sys         
27 \Driver\GEARAspiWDM            8A68C878 GEARAspiWDM.sys   
94 \Driver\PCI                    8A79F768 pci.sys           
94 >\Driver\nvI                   8A3C8668 nv4_mini.sys     
38 \Driver\PartMgr                8A753F38 PartMgr.sys       
95 \Driver\Serial                 8A62C9F8 serial.sys       
95 >\Driver\serenum               8A694B90 serenum.sys       
96 \Driver\NdisTapi               8A743D30 ndistapi.sys     
97 \Driver\NdisWan                8A68D178 ndiswan.sys       
32 \Driver\drvmcdb                8A74FC10 drvmcdb.sys       
32 >\Driver\Diskcdb               8A721F38 disk.sys         
37 >\Driver\PartMgr               8A753F38 PartMgr.sys       
98 \Driver\Gpc                    8A59A580 msgpc.sys         
99 \Driver\Cdralw2k               888241D8 Cdralw2k.SYS     
73 \Driver\ACPI                   8A79C398 ACPI.sys         
73 >\Driver\Serial                8A62C9F8 serial.sys       
95 >\Driver\serenum               8A694B90 serenum.sys       
67 \Driver\Flpydisk               8883D638 flpydisk.sys     
100 \Driver\PnpManager             8A7A5CF8 ntkrnlpa.exe     
100 >\Driver\mssmbioser            89CF8460 mssmbios.sys     
101 \Driver\AFD                    88319030 afd.sys           
102 \Driver\Ndisuio                87B58CA8 ndisuio.sys       
103 \Driver\HidUsb                 87B96900 hidusb.sys       
103 >\Driver\kbdhid                8A7CCDE8 kbdhid.sys       
84 >\Driver\Kbdclass              89CF2760 kbdclass.sys     
104 \Driver\ctac32k                896E6880 ctac32k.sys       
105 \Driver\mfendiskmp             8A628030 mfendisk.sys     
106 \Driver\ctsfm2k                8970B778 ctsfm2k.sys       
107 \Driver\mfefirek               8A4175E0 mfefirek.sys     
31 \Driver\PxHelp20               8A749CD8 PxHelp20.sys     
31 >\Driver\drvmcdb0              8A74FC10 drvmcdb.sys       
32 >\FileSystem\sscdbhk5          8A625730 sscdbhk5.sys     
33 >\Driver\Cdromscdbhk5          8A673CC0 cdrom.sys         
34 >\Driver\redbookdbhk5          8A69BF38 redbook.sys       
26 >\Driver\GEARAspiWDM5          8A68C878 GEARAspiWDM.sys   
108 \FileSystem\tfsndrct           87A74B10 tfsndrct.sys     
109 \FileSystem\Ntfs               8A771A58 Ntfs.sys         
109 >\FileSystem\FltMgr            8A713B20 fltmgr.sys       
75 >\FileSystem\srtMgr            8A76FB28 sr.sys           
110 >\Driver\mfehidkMgr            8A7D0960 mfehidk.sys       
111 \FileSystem\Fastfat            879F4878 Fastfat.SYS       
111 >\FileSystem\FltMgrt           8A713B20 fltmgr.sys       
75 >\Driver\mfehidkMgrt           8A7D0960 mfehidk.sys       
112 \FileSystem\NetBIOS            87B7E280 netbios.sys       
110 \FileSystem\sr                 8A76FB28 sr.sys           
110 >\Driver\mfehidk               8A7D0960 mfehidk.sys       
113 \FileSystem\tfsnboio           879F8258 tfsnboio.sys     
114 \FileSystem\Rdbss              87B76CD8 rdbss.sys         
33 \FileSystem\sscdbhk5           8A625730 sscdbhk5.sys     
33 >\Driver\Cdromscdbhk5          8A673CC0 cdrom.sys         
34 >\Driver\redbookdbhk5          8A69BF38 redbook.sys       
26 >\Driver\GEARAspiWDM5          8A68C878 GEARAspiWDM.sys   
115 \FileSystem\tfsndres           8A3C2CA0 tfsndres.sys     
116 \FileSystem\ssrtln             8839F4B0 ssrtln.sys       
117 \FileSystem\tfsnifs            879F54E8 tfsnifs.sys       
117 >\FileSystem\FltMgrs           8A713B20 fltmgr.sys       
75 >\Driver\mfehidkMgrs           8A7D0960 mfehidk.sys       
118 \FileSystem\tfsnopio           879F6350 tfsnopio.sys     
119 \FileSystem\Msfs               8A41EF38 Msfs.SYS         
120 \FileSystem\drvnddm            87B4BA10 drvnddm.sys       
121 \FileSystem\MRxSmb             87B89B80 mrxsmb.sys       
122 \FileSystem\Mup                8A7432E8 Mup.sys           
123 \FileSystem\RAW                8A79CC80 ntkrnlpa.exe     
124 \FileSystem\Npfs               8A41C568 Npfs.SYS         
125 \FileSystem\Fs_Rec             882D3340 Fs_Rec.SYS        --[HOOKED]--
This might be a false positive, as I was unable to check.
 * Majorfunction 0D (IRP_MJ_FILE_SYSTEM_CONTROL) hooked at AA019701 by C:\WINDOWS\system32\dla\tfsnifs.sys
-------------------------------------------------------------------------------
Information for module tfsnifs.sys:
-------------------------------------------------------------------------------
Index:      137
Base address:   AA00D000
Size:      00016000
Flags:      01104000
Load count:   8
Imagename:   \SystemRoot\system32\dla\tfsnifs.sys
Name:      (null)
Version:   (null)
Company:   Sonic Solutions
File Version:   1.04.08a
Description:   Drive Letter Access Component
Possible path:   C:\WINDOWS\system32\dla\tfsnifs.sys
Signed:      > NO! <



125 >\Driver\mfehidkRec            8A7D0960 mfehidk.sys       
126 \FileSystem\tfsnudfa           87B655E0 tfsnudfa.sys     
127 \FileSystem\tfsnudf            87B59A10 tfsnudf.sys       
128 \FileSystem\Cdfs               87B3F640 Cdfs.SYS         
128 >\FileSystem\FltMgr            8A713B20 fltmgr.sys       
75 >\Driver\mfehidkMgr            8A7D0960 mfehidk.sys       
129 \FileSystem\tfsnpool           879F45E8 tfsnpool.sys     
75 \FileSystem\FltMgr             8A713B20 fltmgr.sys       
75 >\Driver\mfehidkMgr            8A7D0960 mfehidk.sys       
130 \FileSystem\MRxDAV             8A414250 mrxdav.sys       
131 \FileSystem\tfsncofs           879F4358 tfsncofs.sys     
132 \Driver\sysaudio               87465B38 sysaudio.sys     
21:21:16 - Performing check: "Patched modules":
Module information:

Idx Base     Size     Module           Service          Pre Sig Patched
000 804D7000 0020D000 ntkrnlpa.exe                      YES NO WARNING: SYSTEM FILE IS NOT SIGNED!The code of MmUnmapViewOfSection at 805B2DF4 (28) got patched. Here is the diff:
Address   New-Original
805B2DF4: E9 - 8B 
805B2DF5: 07 - FF 
805B2DF6: 2F - 55 
805B2DF7: 8D - 8B 
--> JMP DWORD PTR DS:[B9E85D00]
Disassembly old code:
805B2DF4: 8BFF         MOV EDI, EDI
805B2DF6: 55           PUSH EBP

Disassembly new code:
805B2DF4: E9 072F8D39  JMP B9E85D00
Function MmUnmapViewOfSection was patched @805B2DF4 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:27:18 PM

-------------------------------------------------------------------------------
Information for module mfehidk.sys:
-------------------------------------------------------------------------------
Index:      23
Base address:   B9E53000
Size:      0005C000
Flags:      01004000
Load count:   1
Imagename:   mfehidk.sys
Name:      SYSCORE
Version:   (null)
Company:   McAfee, Inc.
File Version:   SYSCORE.14.2.0.866.x86
Description:   McAfee Link Driver
Possible path:   C:\WINDOWS\system32\DRIVERS\mfehidk.sys
Signed:      YES


The code of NtMapViewOfSection at 805B1FE6 (0) got patched. Here is the diff:
Address   New-Original
805B1FE6: E9 - 6A 
805B1FE7: FF - 44 
805B1FE8: 3C - 68 
--> JMP DWORD PTR DS:[B9E85CEA]
Disassembly old code:
805B1FE6: 6A44         PUSH 44

Disassembly new code:
805B1FE6: E9 FF3C8D39  JMP B9E85CEA
Function NtMapViewOfSection was patched @805B1FE6 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
The code of NtOpenProcess at 805CB3FA (0) got patched. Here is the diff:
Address   New-Original
805CB3FA: E9 - 68 
805CB3FB: 19 - C4 
805CB3FC: A8 - 00 
805CB3FD: 8B - 00 
805CB3FE: 39 - 00 
--> JMP DWORD PTR DS:[B9E85C18]
Disassembly old code:
805CB3FA: 68 C4000000  PUSH 000000C4

Disassembly new code:
805CB3FA: E9 19A88B39  JMP B9E85C18
Function NtOpenProcess was patched @805CB3FA probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
The code of NtOpenThread at 805CB686 (0) got patched. Here is the diff:
Address   New-Original
805CB686: E9 - 68 
805CB687: A1 - C0 
805CB688: A5 - 00 
805CB689: 8B - 00 
805CB68A: 39 - 00 
--> JMP DWORD PTR DS:[B9E85C2C]
Disassembly old code:
805CB686: 68 C0000000  PUSH 000000C0

Disassembly new code:
805CB686: E9 A1A58B39  JMP B9E85C2C
Function NtOpenThread was patched @805CB686 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
The code of NtSetSecurityObject at 805C05DA (0) got patched. Here is the diff:
Address   New-Original
805C05DA: E9 - 8B 
805C05DB: E1 - FF 
805C05DC: 56 - 55 
805C05DD: 8C - 8B 
805C05DE: 39 - EC 
--> JMP DWORD PTR DS:[B9E85CC0]
Disassembly old code:
805C05DA: 8BFF         MOV EDI, EDI
805C05DC: 55           PUSH EBP
805C05DD: 8BEC         MOV EBP, ESP

Disassembly new code:
805C05DA: E9 E1568C39  JMP B9E85CC0
Function NtSetSecurityObject was patched @805C05DA probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys

001 806E4000 00020D00 hal.dll                           YES NO
002 BA5A8000 00002000 KDCOM.DLL                         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
003 BA4B8000 00003000 BOOTVID.dll                       YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
004 B9F79000 0002E000 ACPI.sys         ACPI             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
005 BA5AA000 00002000 WMILIB.SYS                        YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
006 B9F68000 00011000 pci.sys          PCI              YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
007 BA0A8000 0000A000 isapnp.sys       isapnp           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
008 BA670000 00001000 pciide.sys       PCIIde           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
009 BA328000 00007000 PCIIDEX.SYS                       YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
010 BA0B8000 0000B000 MountMgr.sys     MountMgr         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
011 B9F49000 0001F000 ftdisk.sys       Ftdisk           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
012 BA5AC000 00002000 dmload.sys       dmload           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
013 B9F23000 00026000 dmio.sys         dmio             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
014 B9F10000 00013000 nvraid.sys       nvraid           YES NO
015 BA0C8000 0000D000 CLASSPNP.SYS                      YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
016 BA330000 00005000 PartMgr.sys      PartMgr          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
017 BA0D8000 0000D000 VolSnap.sys      VolSnap          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
018 B9EF8000 00018000 atapi.sys        atapi            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
019 B9EE1000 00017000 nvatabus.sys     nvatabus         YES NO
020 BA0E8000 00009000 disk.sys         Disk             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
021 B9EC1000 00020000 fltmgr.sys       FltMgr           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
022 B9EAF000 00012000 sr.sys           sr               YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
023 B9E53000 0005C000 mfehidk.sys      mfehidk          YES YES
024 B9E3E000 00015000 drvmcdb.sys      drvmcdb          YES NO
025 BA0F8000 00009000 PxHelp20.sys     PxHelp20         YES YES
026 B9E27000 00017000 KSecDD.sys       KSecDD           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
027 B9E14000 00013000 WudfPf.sys       WudfPf           YES NO
028 B9D87000 0008D000 Ntfs.sys         Ntfs             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
029 B9D5A000 0002D000 NDIS.sys         NDIS             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
030 BA108000 00010000 ohci1394.sys     ohci1394         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
031 BA118000 0000E000 1394BUS.SYS                       YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
032 B9D40000 0001A000 Mup.sys          Mup              YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
033 BA228000 00010000 nic1394.sys      NIC1394          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
034 B91D3000 00009000 intelppm.sys     intelppm         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
035 B8E52000 0030D000 nv4_mini.sys     nv               YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
036 B8E3E000 00014000 VIDEOPRT.SYS                      YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
037 BA480000 00007000 fdc.sys          Fdc              YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
038 B91C3000 00010000 serial.sys       Serial           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
039 BA5A4000 00004000 serenum.sys      serenum          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
040 BA488000 00005000 usbohci.sys      usbohci          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
041 B8E1A000 00024000 USBPORT.SYS                       YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
042 BA490000 00008000 usbehci.sys      usbehci          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
043 BA2B8000 0000B000 imapi.sys        Imapi            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
044 BA666000 00002000 sscdbhk5.sys     sscdbhk5         YES NO
045 BA2C8000 00010000 cdrom.sys        Cdrom            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
046 BA2D8000 0000F000 redbook.sys      redbook          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
047 B8DF7000 00023000 ks.sys                            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
048 BA498000 00006000 GEARAspiWDM.sys  GEARAspiWDM      YES YES
049 B8D8B000 0006C000 ctaud2k.sys      ctaud2k          YES NO
050 B8D67000 00024000 portcls.sys                       YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
051 BA2E8000 0000F000 drmk.sys                          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
052 B8D35000 00032000 ctoss2k.sys      ossrv            YES NO
053 B8D11000 00024000 mfeavfk.sys      mfeavfk          YES YES
054 B8CC6000 0004B000 mfefirek.sys     mfefirek         YES YES
055 BA4A0000 00008000 ctprxy2k.sys     ctprxy2k         YES NO
056 BA2F8000 0000F000 IntelC53.sys     IntelC53         YES NO
057 B8B9F000 00127000 IntelC51.sys     IntelC51         YES NO
058 B8B0A000 00095000 IntelC52.sys     IntelC52         YES NO
059 BA4A8000 00006000 mohfilt.sys      mohfilt          YES NO
060 BA4B0000 00008000 Modem.SYS        Modem            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
061 B9CF3000 00004000 nvnetbus.sys     nvnetbus         YES NO
062 B8AC4000 00046000 NVNRM.SYS                         YES NO
063 B8A90000 00034000 NVSNPU.SYS                        YES NO
064 BA6BB000 00001000 audstub.sys      audstub          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
065 B8A7C000 00014000 mfendisk.sys     mfendisk         YES YES
066 BA308000 0000D000 rasl2tp.sys      Rasl2tp          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
067 B9CEB000 00003000 ndistapi.sys     NdisTapi         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
068 B8A65000 00017000 ndiswan.sys      NdisWan          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
069 BA318000 0000B000 raspppoe.sys     RasPppoe         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
070 BA138000 0000C000 raspptp.sys      PptpMiniport     YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
071 BA340000 00005000 TDI.SYS                           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
072 B8A54000 00011000 psched.sys       PSched           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
073 BA148000 00009000 msgpc.sys        Gpc              YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
074 BA358000 00005000 ptilink.sys      Ptilink          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
075 BA360000 00005000 raspti.sys       Raspti           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
076 BA368000 00006000 wanatw4.sys      wanatw           YES NO
077 B8A24000 00030000 rdpdr.sys        rdpdr            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
078 BA158000 0000A000 termdd.sys       TermDD           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
079 BA370000 00006000 kbdclass.sys     Kbdclass         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
080 BA380000 00006000 mouclass.sys     Mouclass         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
081 BA66A000 00002000 swenum.sys       swenum           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
082 B899E000 0005E000 update.sys       Update           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
083 BA560000 00004000 mssmbios.sys     mssmbios         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
084 BA168000 00009000 NVENETFD.sys     NVENETFD         YES NO
085 BA178000 0000A000 NDProxy.SYS      NDProxy          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
086 BA1D8000 0000F000 usbhub.sys       usbhub           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
087 BA5B2000 00002000 USBD.SYS                          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
088 B9C3C000 00004000 MODEMCSA.sys     MODEMCSA         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
089 B5703000 00110000 ha20x2k.sys      ha20x2k          YES NO
090 B56D6000 0002D000 emupia2k.sys     emupia           YES NO
091 B566F000 00027000 ctsfm2k.sys      ctsfm2k          YES NO
092 B55D3000 0009C000 ctac32k.sys      ctac32k          YES NO
093 B5DAC000 00005000 flpydisk.sys     Flpydisk         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
094 B8A00000 00003000 i2omgmt.SYS      i2omgmt          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
095 BA6FB000 00001000 Cdr4_xp.SYS      Cdr4_xp          YES NO
096 BA7B1000 00001000 Cdralw2k.SYS     Cdralw2k         YES NO
097 BA602000 00002000 Fs_Rec.SYS       Fs_Rec           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
098 BA7B2000 00001000 Null.SYS         Null             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
099 BA604000 00002000 Beep.SYS         Beep             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
100 B5D8C000 00006000 ssrtln.sys       ssrtln           YES NO
101 B50FA000 00007000 HIDPARSE.SYS                      YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
102 B50F2000 00006000 vga.sys          VgaSave          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
103 BA606000 00002000 mnmdd.SYS        mnmdd            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
104 BA608000 00002000 RDPCDD.sys       RDPCDD           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
105 B50EA000 00005000 Msfs.SYS         Msfs             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
106 B50E2000 00008000 Npfs.SYS         Npfs             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
107 B8992000 00003000 rasacd.sys       RasAcd           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
108 B2D0D000 00013000 ipsec.sys        IPSec            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
109 B2CB4000 00059000 tcpip.sys        Tcpip            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
110 B29D9000 00013000 mfetdi2k.sys     mfetdi2k         YES YES
111 B1D33000 00026000 ipnat.sys        IpNat            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
112 B1CE3000 00028000 netbt.sys        NetBT            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
113 B5ED0000 00009000 wanarp.sys       Wanarp           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
114 B1CC1000 00022000 afd.sys          AFD              YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
115 B5EC0000 00009000 netbios.sys      NetBIOS          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
116 B5EB0000 0000F000 arp1394.sys      Arp1394          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
117 B1C96000 0002B000 rdbss.sys        Rdbss            YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
118 B1C26000 00070000 mrxsmb.sys       MRxSmb           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
119 B5EA0000 0000B000 Fips.SYS         Fips             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
120 B5E7C000 00003000 hidusb.sys       HidUsb           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
121 B5E80000 00009000 HIDCLASS.SYS                      YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
122 B3766000 00007000 USBSTOR.SYS      USBSTOR          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
123 B35ED000 00003000 mouhid.sys       mouhid           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
124 B35D5000 00004000 kbdhid.sys       kbdhid           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
125 AAFD7000 00024000 Fastfat.SYS      Fastfat          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
126 AAFC4000 00013000 dump_nvraid.sys                   NO  NO
127 B12DE000 0000D000 dump_CLASSPNP.SYS                  NO  NO
128 BF800000 001C4000 win32k.sys                        YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
129 B35D9000 00003000 Dxapi.sys                         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
130 B50DA000 00005000 watchdog.sys                      YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
131 BF000000 00012000 dxg.sys                           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
132 BA6FE000 00001000 dxgthk.sys                        YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
133 BF012000 003BB000 nv4_disp.dll                      YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
134 BFFA0000 00046000 ATMFD.DLL                         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
135 AFAA9000 0000A000 drvnddm.sys      drvnddm          YES NO
136 BA7D2000 00001000 tfsndres.sys     tfsndres         YES NO
137 AA00D000 00016000 tfsnifs.sys      tfsnifs          YES NO
138 ABC1E000 00004000 tfsnopio.sys     tfsnopio         YES NO
139 B07D6000 00002000 tfsnpool.sys     tfsnpool         YES NO
140 B50D2000 00007000 tfsnboio.sys     tfsnboio         YES NO
141 AFA99000 00009000 tfsncofs.sys     tfsncofs         YES NO
142 BA7E9000 00001000 tfsndrct.sys     tfsndrct         YES NO
143 A9FF4000 00019000 tfsnudf.sys      tfsnudf          YES NO
144 A9FDB000 00019000 tfsnudfa.sys     tfsnudfa         YES NO
145 B1D2B000 00004000 ndisuio.sys      Ndisuio          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
146 A97AE000 0002D000 mrxdav.sys       MRxDAV           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
147 A979D000 00011000 adfs.SYS         adfs             YES YES
148 BA5D4000 00002000 dsunidrv.sys     dsunidrv         YES NO
149 A975C000 00041000 HTTP.sys         HTTP             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
150 A9606000 00016000 mfeapfk.sys      mfeapfk          YES YES
151 B3282000 0000B000 mfebopk.sys      mfebopk          YES YES
152 AFAD9000 00010000 Cdfs.SYS         Cdfs             YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
153 BA5B6000 00002000 DSproct.sys      DSproct          YES NO
154 A9458000 00004000 sdthlpr.sys      SDTHelper        YES NO
155 AFA79000 0000F000 sysaudio.sys     sysaudio         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
156 BA616000 00002000 splitter.sys     (null)           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
157 A82D1000 00023000 aec.sys          (null)           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
158 B3232000 0000E000 swmidi.sys       (null)           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
159 A8364000 0000D000 DMusic.sys       DMusic           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
160 A82A6000 0002B000 kmixer.sys       kmixer           YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
161 AB191000 00001000 drmkaud.sys      drmkaud          YES NO WARNING: SYSTEM FILE IS NOT SIGNED!
162 7C900000 000B2000 ntdll.dll                         YES NO WARNING: SYSTEM FILE IS NOT SIGNED!

Number of Module Table entries patched = 1
21:21:33 - Performing check: "SDT hooks":
Found KiServiceTable @ 8055C700

  0 ZwAcceptConnectPort                                   805A45F6
  1 ZwAccessCheck                                         805F0AD8
  2 ZwAccessCheckAndAuditAlarm                            805F430E
  3 ZwAccessCheckByType                                   805F0B0A
  4 ZwAccessCheckByTypeAndAuditAlarm                      805F4348
  5 ZwAccessCheckByTypeResultList                         805F0B40
  6 ZwAccessCheckByTypeResultListAndAuditAl arm            805F438C
  7 ZwAccessCheckByTypeResultListAndAuditAl armByHandle    805F43D0
  8 ZwAddAtom                                             806153D4
  9 ZwAddBootEntry                                        80616108
 10 ZwAdjustGroupsToken                                   805EBEBE
 11 ZwAdjustPrivilegesToken                               805EBB16
 12 ZwAlertResumeThread                                   805D4B1E
 13 ZwAlertThread                                         805D4ACE
 14 ZwAllocateLocallyUniqueId                             806159FA
 15 ZwAllocateUserPhysicalPages                           805B5F62
 16 ZwAllocateUuids                                       80615016
 17 ZwAllocateVirtualMemory                               805A8A80
 18 ZwAreMappedFilesTheSame                               805B0576
 19 ZwAssignProcessToJobObject                            805D65E2
 20 ZwCallbackReturn                                      8050189C
 21 ZwCancelDeviceWakeupRequest                           805C861C
 22 ZwCancelIoFile                                        80576AE6
 23 ZwCancelTimer                                         80538BEE
 24 ZwClearEvent                                          8060E5E4
 25 ZwClose                                               805BC4DC
 26 ZwCloseObjectAuditAlarm                               805F4848
 27 ZwCompactKeys                                         80623398
 28 ZwCompareTokens                                       805F8D5C
 29 ZwCompleteConnectPort                                 805A4CE4
 30 ZwCompressKey                                         806235EC
 31 ZwConnectPort                                         805A4596
 32 ZwContinue                                            80544EA4
 33 ZwCreateDebugObject                                   80642132
 34 ZwCreateDirectoryObject                               805BE48C
 35 ZwCreateEvent                                         8060E634
 36 ZwCreateEventPair                                     8061697E
 37 ZwCreateFile                                          80579084
 38 ZwCreateIoCompletion                                  80578A62
 39 ZwCreateJobObject                                     805D55A6
 40 ZwCreateJobSet                                        805D52DE
The code of ZwCreateKey at 806237C8 (0) got patched. Here is the diff:
Address   New-Original
806237C8: E9 - 68 
806237C9: 87 - C8 
806237CA: 24 - 00 
806237CB: 86 - 00 
806237CC: 39 - 00 
--> JMP DWORD PTR DS:[B9E85C54]
Disassembly old code:
806237C8: 68 C8000000  PUSH 000000C8

Disassembly new code:
806237C8: E9 87248639  JMP B9E85C54
 41 ZwCreateKey                             --[PATCHED]-- 806237C8  @806237C8 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
 42 ZwCreateMailslotFile                                  80579192
 43 ZwCreateMutant                                        80616D76
 44 ZwCreateNamedPipeFile                                 805790BE
 45 ZwCreatePagingFile                                    805AB9B4
 46 ZwCreatePort                                          805A50B2
 47 ZwCreateProcess                                       805D11EA
 48 ZwCreateProcessEx                                     805D1134
 49 ZwCreateProfile                                       80617196
 50 ZwCreateSection                                       805AB38E
 51 ZwCreateSemaphore                                     80614734
 52 ZwCreateSymbolicLinkObject                            805C39A6
 53 ZwCreateThread                                        805D0FD2
 54 ZwCreateTimer                                         80616646
 55 ZwCreateToken                                         805F9104
 56 ZwCreateWaitablePort                                  805A50D6
 57 ZwDebugActiveProcess                                  8064320E
 58 ZwDebugContinue                                       8064335E
 59 ZwDelayExecution                                      80616058
 60 ZwDeleteAtom                                          8061588A
 61 ZwDeleteBootEntry                                     805C861C
 62 ZwDeleteFile                                          80576C2C
The code of ZwDeleteKey at 80623C64 (0) got patched. Here is the diff:
Address   New-Original
80623C64: E9 - 6A 
80623C65: FF - 38 
80623C66: 1F - 68 
--> JMP DWORD PTR DS:[B9E85C68]
Disassembly old code:
80623C64: 6A38         PUSH 38

Disassembly new code:
80623C64: E9 FF1F8639  JMP B9E85C68
 63 ZwDeleteKey                             --[PATCHED]-- 80623C64  @80623C64 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
 64 ZwDeleteObjectAuditAlarm                              805F4954
The code of ZwDeleteValueKey at 80623E34 (0) got patched. Here is the diff:
Address   New-Original
80623E34: E9 - 6A 
80623E35: 5B - 48 
80623E36: 1E - 68 
--> JMP DWORD PTR DS:[B9E85C94]
Disassembly old code:
80623E34: 6A48         PUSH 48

Disassembly new code:
80623E34: E9 5B1E8639  JMP B9E85C94
 65 ZwDeleteValueKey                        --[PATCHED]-- 80623E34  @80623E34 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
 66 ZwDeviceIoControlFile                                 8057924A
 67 ZwDisplayString                                       806126B2
 68 ZwDuplicateObject                                     805BDFB4
 69 ZwDuplicateToken                                      805ECD6C
 70 ZwEnumerateBootEntries                                80616108
 71 ZwEnumerateKey                                        80624014
 72 ZwEnumerateSystemEnvironmentValuesEx                  806160FA
 73 ZwEnumerateValueKey                                   8062427E
 74 ZwExtendSection                                       805B3C82
 75 ZwFilterToken                                         805ECF18
 76 ZwFindAtom                                            8061563E
 77 ZwFlushBuffersFile                                    80576CF8
 78 ZwFlushInstructionCache                               805B67F6
 79 ZwFlushKey                                            806244E8
 80 ZwFlushVirtualMemory                                  805AC6C8
 81 ZwFlushWriteBuffer                                    805B6798
 82 ZwFreeUserPhysicalPages                               805B6304
 83 ZwFreeVirtualMemory                                   805B2F5E
 84 ZwFsControlFile                                       8057927E
 85 ZwGetContextThread                                    805D14E4
 86 ZwGetDevicePowerState                                 805C863E
 87 ZwGetPlugPlayEvent                                    80599116
 88 ZwGetWriteWatch                                       80521196
 89 ZwImpersonateAnonymousToken                           805F8A50
 90 ZwImpersonateClientOfPort                             805A5140
 91 ZwImpersonateThread                                   805D77A2
 92 ZwInitializeRegistry                                  8062190A
 93 ZwInitiatePowerAction                                 805C8416
 94 ZwIsProcessInJob                                      805D51A2
 95 ZwIsSystemResumeAutomatic                             805C862A
 96 ZwListenPort                                          805A534C
 97 ZwLoadDriver                                          8058413A
 98 ZwLoadKey                                             806259EC
 99 ZwLoadKey2                                            806255F8
100 ZwLockFile                                            805792B2
101 ZwLockProductActivationKeys                           80612CA4
102 ZwLockRegistryKey                                     80623698
103 ZwLockVirtualMemory                                   805B68FE
104 ZwMakePermanentObject                                 805BE282
105 ZwMakeTemporaryObject                                 805BC580
106 ZwMapUserPhysicalPages                                805B53C2
107 ZwMapUserPhysicalPagesScatter                         805B5912
The code of ZwMapViewOfSection at 805B1FE6 (0) got patched. Here is the diff:
Address   New-Original
805B1FE6: E9 - 6A 
805B1FE7: FF - 44 
805B1FE8: 3C - 68 
--> JMP DWORD PTR DS:[B9E85CEA]
Disassembly old code:
805B1FE6: 6A44         PUSH 44

Disassembly new code:
805B1FE6: E9 FF3C8D39  JMP B9E85CEA
108 ZwMapViewOfSection                      --[PATCHED]-- 805B1FE6  @805B1FE6 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
109 ZwModifyBootEntry                                     805C861C
110 ZwNotifyChangeDirectoryFile                           80579ECA
111 ZwNotifyChangeKey                                     806259B6
112 ZwNotifyChangeMultipleKeys                            806245EA
113 ZwOpenDirectoryObject                                 805BE55E
114 ZwOpenEvent                                           8060E734
115 ZwOpenEventPair                                       80616A56
116 ZwOpenFile                                            8057A182
117 ZwOpenIoCompletion                                    80578B3A
118 ZwOpenJobObject                                       805D572C
The code of ZwOpenKey at 80624BA6 (0) got patched. Here is the diff:
Address   New-Original
80624BA6: E9 - 68 
80624BA7: 95 - BC 
80624BA8: 10 - 00 
80624BA9: 86 - 00 
80624BAA: 39 - 00 
--> JMP DWORD PTR DS:[B9E85C40]
Disassembly old code:
80624BA6: 68 BC000000  PUSH 000000BC

Disassembly new code:
80624BA6: E9 95108639  JMP B9E85C40
119 ZwOpenKey                               --[PATCHED]-- 80624BA6  @80624BA6 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
120 ZwOpenMutant                                          80616E4E
121 ZwOpenObjectAuditAlarm                                805F4416
The code of ZwOpenProcess at 805CB3FA (0) got patched. Here is the diff:
Address   New-Original
805CB3FA: E9 - 68 
805CB3FB: 19 - C4 
805CB3FC: A8 - 00 
805CB3FD: 8B - 00 
805CB3FE: 39 - 00 
--> JMP DWORD PTR DS:[B9E85C18]
Disassembly old code:
805CB3FA: 68 C4000000  PUSH 000000C4

Disassembly new code:
805CB3FA: E9 19A88B39  JMP B9E85C18
122 ZwOpenProcess                           --[PATCHED]-- 805CB3FA  @805CB3FA probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
123 ZwOpenProcessToken                                    805ED706
124 ZwOpenProcessTokenEx                                  805ED36A
125 ZwOpenSection                                         805AA3B2
126 ZwOpenSemaphore                                       8061482E
127 ZwOpenSymbolicLinkObject                              805C3B8C
The code of ZwOpenThread at 805CB686 (0) got patched. Here is the diff:
Address   New-Original
805CB686: E9 - 68 
805CB687: A1 - C0 
805CB688: A5 - 00 
805CB689: 8B - 00 
805CB68A: 39 - 00 
--> JMP DWORD PTR DS:[B9E85C2C]
Disassembly old code:
805CB686: 68 C0000000  PUSH 000000C0

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:28:05 PM

Disassembly new code:
805CB686: E9 A1A58B39  JMP B9E85C2C
128 ZwOpenThread                            --[PATCHED]-- 805CB686  @805CB686 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
129 ZwOpenThreadToken                                     805ED724
130 ZwOpenThreadTokenEx                                   805ED4DA
131 ZwOpenTimer                                           80616768
132 ZwPlugPlayControl                                     80645400
133 ZwPowerInformation                                    805C94AC
134 ZwPrivilegeCheck                                      805F7B02
135 ZwPrivilegeObjectAuditAlarm                           805F3728
136 ZwPrivilegedServiceAuditAlarm                         805F3914
137 ZwProtectVirtualMemory                                805B83CA
138 ZwPulseEvent                                          8060E7EC
139 ZwQueryAttributesFile                                 80576ED6
140 ZwQueryBootEntryOrder                                 80616108
141 ZwQueryBootOptions                                    80616108
142 ZwQueryDebugFilterState                               8053FBD6
143 ZwQueryDefaultLocale                                  806103DE
144 ZwQueryDefaultUILanguage                              8061103E
145 ZwQueryDirectoryFile                                  80579E64
146 ZwQueryDirectoryObject                                805BE5FE
147 ZwQueryEaFile                                         8057A1B2
148 ZwQueryEvent                                          8060E8B4
149 ZwQueryFullAttributesFile                             8057702A
150 ZwQueryInformationAtom                                806158B2
151 ZwQueryInformationFile                                8057AA1E
152 ZwQueryInformationJobObject                           805D5BFE
153 ZwQueryInformationPort                                805A53AA
154 ZwQueryInformationProcess                             805CCF4E
155 ZwQueryInformationThread                              805CBB7C
156 ZwQueryInformationToken                               805ED804
157 ZwQueryInstallUILanguage                              806107DC
158 ZwQueryIntervalProfile                                80617618
159 ZwQueryIoCompletion                                   80578BE2
160 ZwQueryKey                                            80624EE8
161 ZwQueryMultipleValueKey                               80622916
162 ZwQueryMutant                                         80616EF6
163 ZwQueryObject                                         805C5278
164 ZwQueryOpenSubKeys                                    80622FC2
165 ZwQueryPerformanceCounter                             806176A6
166 ZwQueryQuotaInformationFile                           8057B800
167 ZwQuerySection                                        805B858C
168 ZwQuerySecurityObject                                 805C0046
169 ZwQuerySemaphore                                      806148E6
170 ZwQuerySymbolicLinkObject                             805C3C2C
171 ZwQuerySystemEnvironmentValue                         80616124
172 ZwQuerySystemEnvironmentValueEx                       806160EC
173 ZwQuerySystemInformation                              806110BE
174 ZwQuerySystemTime                                     8061287E
175 ZwQueryTimer                                          80616820
176 ZwQueryTimerResolution                                80612910
177 ZwQueryValueKey                                       806219EC
178 ZwQueryVirtualMemory                                  805B8C1A
179 ZwQueryVolumeInformationFile                          8057BCEA
180 ZwQueueApcThread                                      805D1230
181 ZwRaiseException                                      80544EEC
182 ZwRaiseHardError                                      80614558
183 ZwReadFile                                            8057C48A
184 ZwReadFileScatter                                     8057C9F4
185 ZwReadRequestData                                     805A5E32
186 ZwReadVirtualMemory                                   805B426E
187 ZwRegisterThreadTerminatePort                         805D2738
188 ZwReleaseMutant                                       8061702E
189 ZwReleaseSemaphore                                    80614A16
190 ZwRemoveIoCompletion                                  80578EDA
191 ZwRemoveProcessDebug                                  806432DE
The code of ZwRenameKey at 806231EA (0) got patched. Here is the diff:
Address   New-Original
806231EA: E9 - 6A 
806231EB: 8F - 34 
806231EC: 2A - 68 
--> JMP DWORD PTR DS:[B9E85C7E]
Disassembly old code:
806231EA: 6A34         PUSH 34

Disassembly new code:
806231EA: E9 8F2A8639  JMP B9E85C7E
192 ZwRenameKey                             --[PATCHED]-- 806231EA  @806231EA probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
193 ZwReplaceKey                                          8062589C
194 ZwReplyPort                                           805A54B2
195 ZwReplyWaitReceivePort                                805A647A
196 ZwReplyWaitReceivePortEx                              805A5E82
197 ZwReplyWaitReplyPort                                  805A579C
198 ZwRequestDeviceWakeup                                 805C85AE
199 ZwRequestPort                                         805A2A10
200 ZwRequestWaitReplyPort                                805A2D3C
201 ZwRequestWakeupLatency                                805C83BC
202 ZwResetEvent                                          8060E9C6
203 ZwResetWriteWatch                                     8052167E
204 ZwRestoreKey                                          806251A8
205 ZwResumeProcess                                       805D4A78
206 ZwResumeThread                                        805D495A
207 ZwSaveKey                                             806252A4
208 ZwSaveKeyEx                                           8062538A
209 ZwSaveMergedKeys                                      806254B2
210 ZwSecureConnectPort                                   805A3D2A
211 ZwSetBootEntryOrder                                   80616108
212 ZwSetBootOptions                                      80616108
213 ZwSetContextThread                                    805D16F4
214 ZwSetDebugFilterState                                 80645F96
215 ZwSetDefaultHardErrorPort                             80614402
216 ZwSetDefaultLocale                                    8061052E
217 ZwSetDefaultUILanguage                                80610DA0
218 ZwSetEaFile                                           8057A6C6
219 ZwSetEvent                                            8060EA86
220 ZwSetEventBoostPriority                               8060EB50
221 ZwSetHighEventPair                                    80616D12
222 ZwSetHighWaitLowEventPair                             80616C42
223 ZwSetInformationDebugObject                           80642CA8
224 ZwSetInformationFile                                  8057B010
225 ZwSetInformationJobObject                             805D690C
226 ZwSetInformationKey                                   806224E2
227 ZwSetInformationObject                                805C47EE
228 ZwSetInformationProcess                               805CDE44
229 ZwSetInformationThread                                805CC0C8
230 ZwSetInformationToken                                 805F9E7E
231 ZwSetIntervalProfile                                  8061717A
232 ZwSetIoCompletion                                     80578E78
233 ZwSetLdtEntries                                       805D38A4
234 ZwSetLowEventPair                                     80616CAE
235 ZwSetLowWaitHighEventPair                             80616BD6
236 ZwSetQuotaInformationFile                             8057B7DE
The code of ZwSetSecurityObject at 805C05DA (0) got patched. Here is the diff:
Address   New-Original
805C05DA: E9 - 8B 
805C05DB: E1 - FF 
805C05DC: 56 - 55 
805C05DD: 8C - 8B 
805C05DE: 39 - EC 
--> JMP DWORD PTR DS:[B9E85CC0]
Disassembly old code:
805C05DA: 8BFF         MOV EDI, EDI
805C05DC: 55           PUSH EBP
805C05DD: 8BEC         MOV EBP, ESP

Disassembly new code:
805C05DA: E9 E1568C39  JMP B9E85CC0
237 ZwSetSecurityObject                     --[PATCHED]-- 805C05DA  @805C05DA probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
238 ZwSetSystemEnvironmentValue                           806163A8
239 ZwSetSystemEnvironmentValueEx                         806160EC
240 ZwSetSystemInformation                                8060F3EC
241 ZwSetSystemPowerState                                 80652E18
242 ZwSetSystemTime                                       80613B86
243 ZwSetThreadExecutionState                             805C82D0
244 ZwSetTimer                                            80538D7E
245 ZwSetTimerResolution                                  80613058
246 ZwSetUuidSeed                                         80614ECC
The code of ZwSetValueKey at 80621D3A (0) got patched. Here is the diff:
Address   New-Original
80621D3A: E9 - 6A 
80621D3B: 6B - 5C 
80621D3C: 3F - 68 
--> JMP DWORD PTR DS:[B9E85CAA]
Disassembly old code:
80621D3A: 6A5C         PUSH 5C

Disassembly new code:
80621D3A: E9 6B3F8639  JMP B9E85CAA
247 ZwSetValueKey                           --[PATCHED]-- 80621D3A  @80621D3A probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
248 ZwSetVolumeInformationFile                            8057C0F4
249 ZwShutdownSystem                                      80612676
250 ZwSignalAndWaitForSingleObject                        80526774
251 ZwStartProfile                                        806173C4
252 ZwStopProfile                                         8061756E
253 ZwSuspendProcess                                      805D4A22
254 ZwSuspendThread                                       805D4894
255 ZwSystemDebugControl                                  80617792
256 ZwTerminateJobObject                                  805D74A0
The code of ZwTerminateProcess at 805D2982 (0) got patched. Here is the diff:
Address   New-Original
805D2982: E9 - 8B 
805D2983: 8D - FF 
805D2984: 33 - 55 
805D2986: 39 - EC 
--> JMP DWORD PTR DS:[B9E85D14]
Disassembly old code:
805D2982: 8BFF         MOV EDI, EDI
805D2984: 55           PUSH EBP
805D2985: 8BEC         MOV EBP, ESP

Disassembly new code:
805D2982: E9 8D338B39  JMP B9E85D14
257 ZwTerminateProcess                      --[PATCHED]-- 805D2982  @805D2982 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
258 ZwTerminateThread                                     805D2B7C
259 ZwTestAlert                                           805D4BE2
260 ZwTraceEvent                                          80535114
261 ZwTranslateFilePath                                   80616116
262 ZwUnloadDriver                                        805842CE
263 ZwUnloadKey                                           80622064
264 ZwUnloadKeyEx                                         80622286
265 ZwUnlockFile                                          80579656
266 ZwUnlockVirtualMemory                                 805B6E8C
The code of ZwUnmapViewOfSection at 805B2DF4 (0) got patched. Here is the diff:
Address   New-Original
805B2DF4: E9 - 8B 
805B2DF5: 07 - FF 
805B2DF6: 2F - 55 
805B2DF7: 8D - 8B 
805B2DF8: 39 - EC 
--> JMP DWORD PTR DS:[B9E85D00]
Disassembly old code:
805B2DF4: 8BFF         MOV EDI, EDI
805B2DF6: 55           PUSH EBP
805B2DF7: 8BEC         MOV EBP, ESP

Disassembly new code:
805B2DF4: E9 072F8D39  JMP B9E85D00
267 ZwUnmapViewOfSection                    --[PATCHED]-- 805B2DF4  @805B2DF4 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
268 ZwVdmControl                                          805FB236
269 ZwWaitForDebugEvent                                   80642A10
270 ZwWaitForMultipleObjects                              805C0790
271 ZwWaitForSingleObject                                 805C06A6
272 ZwWaitHighEventPair                                   80616B72
273 ZwWaitLowEventPair                                    80616B0E
274 ZwWriteFile                                           8057CEF2
275 ZwWriteFileGather                                     8057D4D6
276 ZwWriteRequestData                                    805A5E5A
277 ZwWriteVirtualMemory                                  805B4378
The code of ZwYieldExecution at 80504AF4 (0) got patched. Here is the diff:
Address   New-Original
80504AF4: E9 - 83 
80504AF5: DB - 3D 
80504AFA: 90 - 00 
--> JMP DWORD PTR DS:[B9E85CD4]
Disassembly old code:
80504AF4: 833D88CE4700 00 CMP DWORD PTR DS:[0047CE88],00H

Disassembly new code:
80504AF4: E9 DB119839  JMP B9E85CD4
80504AF9: 90           NOP
278 ZwYieldExecution                        --[PATCHED]-- 80504AF4  @80504AF4 probably by C:\WINDOWS\system32\DRIVERS\mfehidk.sys
279 ZwCreateKeyedEvent                                    80617BEA
280 ZwOpenKeyedEvent                                      80617CD4
281 ZwReleaseKeyedEvent                                   80617D86
282 ZwWaitForKeyedEvent                                   80617FE2
283 ZwQueryPortInformationProcess                         805CB8FC

Number of Service Table entries hooked = 0
Number of Service Table entries patched = 13
21:21:37 - Performing check: "IDT hooks":
IDT offset in kernel: 0x05E8AF54
IDT address: 0x8003F400 (phys.: 0x018AF400)

INT#    SegType DPL ISR
000(00) IntG32   00  0008:805421C0
001(01) IntG32   00  0008:8054233C
002(02) TaskG32  00  0058:805528A6
003(03) IntG32   03  0008:80542750
004(04) IntG32   03  0008:805428D0
005(05) IntG32   00  0008:80542A30
006(06) IntG32   00  0008:80542BA4
007(07) IntG32   00  0008:8054321C
008(08) TaskG32  00  0050:80552898
009(09) IntG32   00  0008:80543620
010(0A) IntG32   00  0008:80543740
011(0B) IntG32   00  0008:80543880
012(0C) IntG32   00  0008:80543AE0
013(0D) IntG32   00  0008:80543DCC
014(0E) IntG32   00  0008:805444E0
015(0F) IntG32   00  0008:80544818
016(10) IntG32   00  0008:80544938
017(11) IntG32   00  0008:80544A74
018(12) TaskG32  00  00A0:0ACF7918 (hooked) 
019(13) IntG32   00  0008:80544BDC
020(14) IntG32   00  0008:80544818
021(15) IntG32   00  0008:80544818
022(16) IntG32   00  0008:80544818
023(17) IntG32   00  0008:80544818
024(18) IntG32   00  0008:80544818
025(19) IntG32   00  0008:80544818
026(1A) IntG32   00  0008:80544818
027(1B) IntG32   00  0008:80544818
028(1C) IntG32   00  0008:80544818
029(1D) IntG32   00  0008:80544818
030(1E) IntG32   00  0008:80544818
031(1F) IntG32   00  0008:806E610C
032(20) Not present
033(21) Not present
034(22) Not present
035(23) Not present
036(24) Not present
037(25) Not present
038(26) Not present
039(27) Not present
040(28) Not present
041(29) Not present
042(2A) IntG32   03  0008:805419EE
043(2B) IntG32   03  0008:80541AF0
044(2C) IntG32   03  0008:80541CA0
045(2D) IntG32   03  0008:8054262C
046(2E) IntG32   03  0008:80541471
047(2F) IntG32   00  0008:80544818
048(30) IntG32   00  0008:80540B30
049(31) IntG32   00  0008:80540B3A
050(32) IntG32   00  0008:80540B44
051(33) IntG32   00  0008:80540B4E
052(34) IntG32   00  0008:80540B58
053(35) IntG32   00  0008:80540B62
054(36) IntG32   00  0008:80540B6C
055(37) IntG32   00  0008:806E5864
056(38) IntG32   00  0008:80540B80
057(39) IntG32   00  0008:80540B8A
058(3A) IntG32   00  0008:80540B94
059(3B) IntG32   00  0008:80540B9E
060(3C) IntG32   00  0008:80540BA8
061(3D) IntG32   00  0008:806E6E2C
062(3E) IntG32   00  0008:80540BBC
063(3F) IntG32   00  0008:80540BC6
064(40) IntG32   00  0008:80540BD0
065(41) IntG32   00  0008:806E6C88
066(42) IntG32   00  0008:80540BE4
067(43) IntG32   00  0008:80540BEE
068(44) IntG32   00  0008:80540BF8
069(45) IntG32   00  0008:80540C02
070(46) IntG32   00  0008:80540C0C
071(47) IntG32   00  0008:80540C16
072(48) IntG32   00  0008:80540C20
073(49) IntG32   00  0008:80540C2A
074(4A) IntG32   00  0008:80540C34
075(4B) IntG32   00  0008:80540C3E
076(4C) IntG32   00  0008:80540C48
077(4D) IntG32   00  0008:80540C52
078(4E) IntG32   00  0008:80540C5C
079(4F) IntG32   00  0008:80540C66
080(50) IntG32   00  0008:806E593C
081(51) IntG32   00  0008:80540C7A
082(52) IntG32   00  0008:80540C84
083(53) IntG32   00  0008:80540C8E
084(54) IntG32   00  0008:80540C98
085(55) IntG32   00  0008:80540CA2
086(56) IntG32   00  0008:80540CAC
087(57) IntG32   00  0008:80540CB6
088(58) IntG32   00  0008:80540CC0
089(59) IntG32   00  0008:80540CCA
090(5A) IntG32   00  0008:80540CD4
091(5B) IntG32   00  0008:80540CDE
092(5C) IntG32   00  0008:80540CE8
093(5D) IntG32   00  0008:80540CF2
094(5E) IntG32   00  0008:80540CFC
095(5F) IntG32   00  0008:80540D06
096(60) IntG32   00  0008:80540D10
097(61) IntG32   00  0008:80540D1A
098(62) IntG32   00  0008:8A7CE044 (hooked) 
099(63) IntG32   00  0008:8A7CD044 (hooked) 
100(64) IntG32   00  0008:80540D38
101(65) IntG32   00  0008:80540D42
102(66) IntG32   00  0008:80540D4C
103(67) IntG32   00  0008:80540D56
104(68) IntG32   00  0008:80540D60
105(69) IntG32   00  0008:80540D6A
106(6A) IntG32   00  0008:80540D74
107(6B) IntG32   00  0008:80540D7E
108(6C) IntG32   00  0008:80540D88
109(6D) IntG32   00  0008:80540D92
110(6E) IntG32   00  0008:80540D9C
111(6F) IntG32   00  0008:80540DA6
112(70) IntG32   00  0008:80540DB0
113(71) IntG32   00  0008:80540DBA
114(72) IntG32   00  0008:80540DC4
115(73) IntG32   00  0008:8A751BEC (hooked) 
116(74) IntG32   00  0008:80540DD8
117(75) IntG32   00  0008:80540DE2
118(76) IntG32   00  0008:80540DEC
119(77) IntG32   00  0008:80540DF6
120(78) IntG32   00  0008:80540E00
121(79) IntG32   00  0008:80540E0A
122(7A) IntG32   00  0008:80540E14
123(7B) IntG32   00  0008:80540E1E
124(7C) IntG32   00  0008:80540E28
125(7D) IntG32   00  0008:80540E32
126(7E) IntG32   00  0008:80540E3C
127(7F) IntG32   00  0008:80540E46
128(80) IntG32   00  0008:80540E50
129(81) IntG32   00  0008:80540E5A
130(82) IntG32   00  0008:80540E64
131(83) IntG32   00  0008:8A772BEC (hooked) 
132(84) IntG32   00  0008:80540E78
133(85) IntG32   00  0008:80540E82
134(86) IntG32   00  0008:80540E8C
135(87) IntG32   00  0008:80540E96
136(88) IntG32   00  0008:80540EA0
137(89) IntG32   00  0008:80540EAA
138(8A) IntG32   00  0008:80540EB4
139(8B) IntG32   00  0008:80540EBE
140(8C) IntG32   00  0008:80540EC8
141(8D) IntG32   00  0008:80540ED2
142(8E) IntG32   00  0008:80540EDC
143(8F) IntG32   00  0008:80540EE6
144(90) IntG32   00  0008:80540EF0
145(91) IntG32   00  0008:80540EFA
146(92) IntG32   00  0008:8858E1A4 (hooked) 
147(93) IntG32   00  0008:80540F0E
148(94) IntG32   00  0008:89341874 (hooked) 
149(95) IntG32   00  0008:80540F22
150(96) IntG32   00  0008:80540F2C
151(97) IntG32   00  0008:80540F36
152(98) IntG32   00  0008:80540F40
153(99) IntG32   00  0008:80540F4A
154(9A) IntG32   00  0008:80540F54
155(9B) IntG32   00  0008:80540F5E
156(9C) IntG32   00  0008:80540F68
157(9D) IntG32   00  0008:80540F72
158(9E) IntG32   00  0008:80540F7C
159(9F) IntG32   00  0008:80540F86
160(A0) IntG32   00  0008:80540F90
161(A1) IntG32   00  0008:80540F9A
162(A2) IntG32   00  0008:80540FA4
163(A3) IntG32   00  0008:80540FAE
164(A4) IntG32   00  0008:8988ABEC (hooked) 
165(A5) IntG32   00  0008:80540FC2
166(A6) IntG32   00  0008:80540FCC
167(A7) IntG32   00  0008:80540FD6
168(A8) IntG32   00  0008:80540FE0
169(A9) IntG32   00  0008:80540FEA
170(AA) IntG32   00  0008:80540FF4
171(AB) IntG32   00  0008:80540FFE
172(AC) IntG32   00  0008:80541008
173(AD) IntG32   00  0008:80541012
174(AE) IntG32   00  0008:8054101C
175(AF) IntG32   00  0008:80541026
176(B0) IntG32   00  0008:80541030
177(B1) IntG32   00  0008:8A7E067C (hooked) 
178(B2) IntG32   00  0008:80541044
179(B3) IntG32   00  0008:8054104E
180(B4) IntG32   00  0008:89882534 (hooked) 
181(B5) IntG32   00  0008:80541062
182(B6) IntG32   00  0008:8054106C
183(B7) IntG32   00  0008:80541076
184(B8) IntG32   00  0008:80541080
185(B9) IntG32   00  0008:8054108A
186(BA) IntG32   00  0008:80541094
187(BB) IntG32   00  0008:8054109E
188(BC) IntG32   00  0008:805410A8
189(BD) IntG32   00  0008:805410B2
190(BE) IntG32   00  0008:805410BC
191(BF) IntG32   00  0008:805410C6
192(C0) IntG32   00  0008:805410D0
193(C1) IntG32   00  0008:806E5AC0
194(C2) IntG32   00  0008:805410E4
195(C3) IntG32   00  0008:805410EE
196(C4) IntG32   00  0008:805410F8
197(C5) IntG32   00  0008:80541102
198(C6) IntG32   00  0008:8054110C
199(C7) IntG32   00  0008:80541116
200(C8) IntG32   00  0008:80541120
201(C9) IntG32   00  0008:8054112A
202(CA) IntG32   00  0008:80541134
203(CB) IntG32   00  0008:8054113E
204(CC) IntG32   00  0008:80541148
205(CD) IntG32   00  0008:80541152
206(CE) IntG32   00  0008:8054115C
207(CF) IntG32   00  0008:80541166
208(D0) IntG32   00  0008:80541170
209(D1) IntG32   00  0008:806E4E54
210(D2) IntG32   00  0008:80541184
211(D3) IntG32   00  0008:8054118E
212(D4) IntG32   00  0008:80541198
213(D5) IntG32   00  0008:805411A2
214(D6) IntG32   00  0008:805411AC
215(D7) IntG32   00  0008:805411B6
216(D8) IntG32   00  0008:805411C0
217(D9) IntG32   00  0008:805411CA
218(DA) IntG32   00  0008:805411D4
219(DB) IntG32   00  0008:805411DE
220(DC) IntG32   00  0008:805411E8
221(DD) IntG32   00  0008:805411F2
222(DE) IntG32   00  0008:805411FC
223(DF) IntG32   00  0008:80541206
224(E0) IntG32   00  0008:80541210
225(E1) IntG32   00  0008:806E6048
226(E2) IntG32   00  0008:80541224
227(E3) IntG32   00  0008:806E5DAC
228(E4) IntG32   00  0008:80541238
229(E5) IntG32   00  0008:80541242
230(E6) IntG32   00  0008:8054124C
231(E7) IntG32   00  0008:80541256
232(E8) IntG32   00  0008:80541260
233(E9) IntG32   00  0008:8054126A
234(EA) IntG32   00  0008:80541274
235(EB) IntG32   00  0008:8054127E
236(EC) IntG32   00  0008:80541288
237(ED) IntG32   00  0008:80541292
238(EE) IntG32   00  0008:80541299
239(EF) IntG32   00  0008:805412A0
240(F0) IntG32   00  0008:805412A7
241(F1) IntG32   00  0008:805412AE
242(F2) IntG32   00  0008:805412B5
243(F3) IntG32   00  0008:805412BC
244(F4) IntG32   00  0008:805412C3
245(F5) IntG32   00  0008:805412CA
246(F6) IntG32   00  0008:805412D1
247(F7) IntG32   00  0008:805412D8
248(F8) IntG32   00  0008:805412DF
249(F9) IntG32   00  0008:805412E6
250(FA) IntG32   00  0008:805412ED
251(FB) IntG32   00  0008:805412F4
252(FC) IntG32   00  0008:805412FB
253(FD) IntG32   00  0008:806E65A8
254(FE) IntG32   00  0008:806E6748
255(FF) IntG32   00  0008:80541310
21:21:37 - Performing check: "SYSENTER hook":
SYSENTER offset in kernel: 0x0046A540 (=0x80541540)
SYSENTER EIP: 0008:80541540  [OK]
21:21:37 - Performing check: "IAT hooks":

PID 1000  - C:\WINDOWS\System32\smss.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)

PID 1076  - C:\WINDOWS\system32\csrss.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
CSRSRV.dll          (75B40000 - 75B4B000)
basesrv.dll         (75B50000 - 75B60000)
winsrv.dll          (75B60000 - 75BAB000)
GDI32.dll           (77F10000 - 77F59000)
KERNEL32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
sxs.dll             (7E720000 - 7E7D0000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)

PID 1100  - C:\WINDOWS\system32\winlogon.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
AUTHZ.dll           (776C0000 - 776D2000)
msvcrt.dll          (77C10000 - 77C68000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
NDdeApi.dll         (75940000 - 75948000)
PROFMAP.dll         (75930000 - 7593A000)
NETAPI32.dll        (5B860000 - 5B8B5000)
USERENV.dll         (769C0000 - 76A74000)
PSAPI.DLL           (76BF0000 - 76BFB000)
REGAPI.dll          (76BC0000 - 76BCF000)
SETUPAPI.dll        (77920000 - 77A13000)
VERSION.dll         (77C00000 - 77C08000)
WINSTA.dll          (76360000 - 76370000)
WINTRUST.dll        (76C30000 - 76C5E000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
IMM32.DLL           (76390000 - 763AD000)
MSGINA.dll          (75970000 - 75A68000)
COMCTL32.dll        (5D090000 - 5D12A000)
ODBC32.dll          (74320000 - 7435D000)
comdlg32.dll        (763B0000 - 763F9000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
comctl32.dll        (773D0000 - 774D3000)
odbcint.dll         (00970000 - 00987000)
SHSVCS.dll          (776E0000 - 77703000)
sfc.dll             (76BB0000 - 76BB5000)
sfc_os.dll          (76C60000 - 76C8A000)
ole32.dll           (774E0000 - 7761D000)
Apphelp.dll         (77B40000 - 77B62000)
msctfime.ime        (755C0000 - 755EE000)
WINSCARD.DLL        (723D0000 - 723EC000)
WTSAPI32.dll        (76F50000 - 76F58000)
sxs.dll             (7E720000 - 7E7D0000)
cscdll.dll          (76600000 - 7661D000)
dimsntfy.dll        (47020000 - 47028000)
rsaenh.dll          (68000000 - 68036000)
WlNotify.dll        (75950000 - 7596A000)
MPR.dll             (71B20000 - 71B32000)
WINMM.dll           (76B40000 - 76B6D000)
WINSPOOL.DRV        (73000000 - 73026000)
WgaLogon.dll        (01420000 - 0145C000)
OLEAUT32.dll        (77120000 - 771AB000)
NTMARTA.DLL         (77690000 - 776B1000)
SAMLIB.dll          (71BF0000 - 71C03000)
WLDAP32.dll         (76F60000 - 76F8C000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
UxTheme.dll         (5AD70000 - 5ADA8000)
msv1_0.dll          (77C70000 - 77C95000)
cryptdll.dll        (76790000 - 7679C000)
iphlpapi.dll        (76D60000 - 76D79000)
AdobeDriveCS4_NP.dll(10000000 - 10013000)
pnsson.dll          (66690000 - 6669B000)
cscui.dll           (77A20000 - 77A74000)
xpsp2res.dll        (016C0000 - 01985000)

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:29:46 PM

PID 1152  - C:\WINDOWS\system32\services.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
The code of NtCreateFile at 7C90D0AE (0) got patched. Here is the diff:
Address   New-Original
7C90D0AE: E9 - B8 
7C90D0AF: 32 - 25 
7C90D0B0: 3F - 00 
7C90D0B1: 74 - 00 
7C90D0B2: 83 - 00 
--> JMP DWORD PTR DS:[00050FE5]
Disassembly old code:
7C90D0AE: B8 25000000  MOV EAX, 00000025

Disassembly new code:
7C90D0AE: E9 323F7483  JMP 00050FE5
Disassembly of hooker:
00050FE5: 68 25B8E9C4  PUSH C4E9B825
00050FEA: E8 CFCF8B7C  CALL 7C90DFBE
00050FEF: 58           POP EAX
00050FF0: C2 2C00      RET 002C
00050FF3: C3           RET ; Pop IP
00050FF4: 0400         ADD AL, 00
00050FF6: 0000         ADD BYTE PTR DS:[EAX],AL
00050FF8: 0000         ADD BYTE PTR DS:[EAX],AL
00050FFA: 0000         ADD BYTE PTR DS:[EAX],AL
00050FFC: 0000         ADD BYTE PTR DS:[EAX],AL
00050FFE: 0000         ADD BYTE PTR DS:[EAX],AL
00051000: 0000         ADD BYTE PTR DS:[EAX],AL
00051002: 0000         ADD BYTE PTR DS:[EAX],AL
00051004: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of NtCreateProcess at 7C90D14E (0) got patched. Here is the diff:
Address   New-Original
7C90D14E: E9 - B8 
7C90D14F: 81 - 2F 
7C90D150: 3E - 00 
7C90D151: 74 - 00 
7C90D152: 83 - 00 
--> JMP DWORD PTR DS:[00050FD4]
Disassembly old code:
7C90D14E: B8 2F000000  MOV EAX, 0000002F

Disassembly new code:
7C90D14E: E9 813E7483  JMP 00050FD4
Disassembly of hooker:
00050FD4: 68 25B8E9C4  PUSH C4E9B825
00050FD9: E8 E0CF8B7C  CALL 7C90DFBE
00050FDE: 58           POP EAX
00050FDF: C2 2000      RET 0020
00050FE2: C3           RET ; Pop IP
00050FE3: 06           PUSH ES ; Push ES register to the stack
00050FE4: 006825       ADD BYTE PTR DS:[EAX+25H],CH
00050FE7: B8 E9C4E8CF  MOV EAX, CFE8C4E9
00050FEC: CF           IRETD
00050FED: 8B7C58C2     MOV EDI,DWORD PTR DS:[EBX*2+EAX-3EH]
00050FF1: 2C00         SUB AL, 00
00050FF3: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of NtProtectVirtualMemory at 7C90D6EE (0) got patched. Here is the diff:
Address   New-Original
7C90D6EE: E9 - B8 
7C90D6EF: 0D - 89 
7C90D6F0: 29 - 00 
7C90D6F1: 74 - 00 
7C90D6F2: 83 - 00 
--> JMP DWORD PTR DS:[00050000]
Disassembly old code:
7C90D6EE: B8 89000000  MOV EAX, 00000089

Disassembly new code:
7C90D6EE: E9 0D297483  JMP 00050000
Disassembly of hooker:
00050000: 68 25B8E9C4  PUSH C4E9B825
00050005: E8 B4DF8B7C  CALL 7C90DFBE
0005000A: 58           POP EAX
0005000B: C2 1400      RET 0014
0005000E: C3           RET ; Pop IP
0005000F: 05 00B88900  ADD EAX, 0089B800
00050014: 0000         ADD BYTE PTR DS:[EAX],AL
00050016: E9 D8D68B7C  JMP 7C90D6F3
0005001B: B8 2F000000  MOV EAX, 0000002F
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwCreateFile at 7C90D0AE (0) got patched. Here is the diff:
Address   New-Original
7C90D0AE: E9 - B8 
7C90D0AF: 32 - 25 
7C90D0B0: 3F - 00 
7C90D0B1: 74 - 00 
7C90D0B2: 83 - 00 
--> JMP DWORD PTR DS:[00050FE5]
Disassembly old code:
7C90D0AE: B8 25000000  MOV EAX, 00000025

Disassembly new code:
7C90D0AE: E9 323F7483  JMP 00050FE5
Disassembly of hooker:
00050FE5: 68 25B8E9C4  PUSH C4E9B825
00050FEA: E8 CFCF8B7C  CALL 7C90DFBE
00050FEF: 58           POP EAX
00050FF0: C2 2C00      RET 002C
00050FF3: C3           RET ; Pop IP
00050FF4: 0400         ADD AL, 00
00050FF6: 0000         ADD BYTE PTR DS:[EAX],AL
00050FF8: 0000         ADD BYTE PTR DS:[EAX],AL
00050FFA: 0000         ADD BYTE PTR DS:[EAX],AL
00050FFC: 0000         ADD BYTE PTR DS:[EAX],AL
00050FFE: 0000         ADD BYTE PTR DS:[EAX],AL
00051000: 0000         ADD BYTE PTR DS:[EAX],AL
00051002: 0000         ADD BYTE PTR DS:[EAX],AL
00051004: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwCreateProcess at 7C90D14E (0) got patched. Here is the diff:
Address   New-Original
7C90D14E: E9 - B8 
7C90D14F: 81 - 2F 
7C90D150: 3E - 00 
7C90D151: 74 - 00 
7C90D152: 83 - 00 
--> JMP DWORD PTR DS:[00050FD4]
Disassembly old code:
7C90D14E: B8 2F000000  MOV EAX, 0000002F

Disassembly new code:
7C90D14E: E9 813E7483  JMP 00050FD4
Disassembly of hooker:
00050FD4: 68 25B8E9C4  PUSH C4E9B825
00050FD9: E8 E0CF8B7C  CALL 7C90DFBE
00050FDE: 58           POP EAX
00050FDF: C2 2000      RET 0020
00050FE2: C3           RET ; Pop IP
00050FE3: 06           PUSH ES ; Push ES register to the stack
00050FE4: 006825       ADD BYTE PTR DS:[EAX+25H],CH
00050FE7: B8 E9C4E8CF  MOV EAX, CFE8C4E9
00050FEC: CF           IRETD
00050FED: 8B7C58C2     MOV EDI,DWORD PTR DS:[EBX*2+EAX-3EH]
00050FF1: 2C00         SUB AL, 00
00050FF3: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwProtectVirtualMemory at 7C90D6EE (0) got patched. Here is the diff:
Address   New-Original
7C90D6EE: E9 - B8 
7C90D6EF: 0D - 89 
7C90D6F0: 29 - 00 
7C90D6F1: 74 - 00 
7C90D6F2: 83 - 00 
--> JMP DWORD PTR DS:[00050000]
Disassembly old code:
7C90D6EE: B8 89000000  MOV EAX, 00000089

Disassembly new code:
7C90D6EE: E9 0D297483  JMP 00050000
Disassembly of hooker:
00050000: 68 25B8E9C4  PUSH C4E9B825
00050005: E8 B4DF8B7C  CALL 7C90DFBE
0005000A: 58           POP EAX
0005000B: C2 1400      RET 0014
0005000E: C3           RET ; Pop IP
0005000F: 05 00B88900  ADD EAX, 0089B800
00050014: 0000         ADD BYTE PTR DS:[EAX],AL
00050016: E9 D8D68B7C  JMP 7C90D6F3
0005001B: B8 2F000000  MOV EAX, 0000002F
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
kernel32.dll        (7C800000 - 7C8F6000)
  services.exe:LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\CA\PPRT\bin\CACheck.dll:
Base address:   10000000
Size:      00021000
Flags:      800C4004
Load count:   1
Name:      eTrust PestPatrol Realtime Protection
Prod. Version:   1.1.0.24
Company:   CA, Inc.
File Version:   1.1.0.24
Description:   API interceptors
Location:   C:\Program Files\CA\PPRT\bin\CACheck.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  services.exe:CreateProcessW           --[HOOKED]--  @10010160 by C:\Program Files\CA\PPRT\bin\CACheck.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\CA\PPRT\bin\CACheck.dll:
Base address:   10000000
Size:      00021000
Flags:      800C4004
Load count:   1
Name:      eTrust PestPatrol Realtime Protection
Prod. Version:   1.1.0.24
Company:   CA, Inc.
File Version:   1.1.0.24
Description:   API interceptors
Location:   C:\Program Files\CA\PPRT\bin\CACheck.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  services.exe:GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\CA\PPRT\bin\CACheck.dll:
Base address:   10000000
Size:      00021000
Flags:      800C4004
Load count:   1
Name:      eTrust PestPatrol Realtime Protection
Prod. Version:   1.1.0.24
Company:   CA, Inc.
File Version:   1.1.0.24
Description:   API interceptors
Location:   C:\Program Files\CA\PPRT\bin\CACheck.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  services.exe:LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\CA\PPRT\bin\CACheck.dll:
Base address:   10000000
Size:      00021000
Flags:      800C4004
Load count:   1
Name:      eTrust PestPatrol Realtime Protection
Prod. Version:   1.1.0.24
Company:   CA, Inc.
File Version:   1.1.0.24
Description:   API interceptors
Location:   C:\Program Files\CA\PPRT\bin\CACheck.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  ADVAPI32.dll:LoadLibraryExW           --[HOOKED]--  @1000F6C0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  ADVAPI32.dll:LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  ADVAPI32.dll:LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  ADVAPI32.dll:GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  RPCRT4.dll  :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  RPCRT4.dll  :LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  RPCRT4.dll  :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  Secur32.dll :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  Secur32.dll :LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  Secur32.dll :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  msvcrt.dll  :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  msvcrt.dll  :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  msvcrt.dll  :CreateProcessA           --[HOOKED]--  @1000FF90 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  msvcrt.dll  :CreateProcessW           --[HOOKED]--  @10010160 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  SCESRV.dll  :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  SCESRV.dll  :LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  SCESRV.dll  :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  SCESRV.dll  :LoadLibraryExA           --[HOOKED]--  @1000F4B0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  AUTHZ.dll   :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  AUTHZ.dll   :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USER32.dll  :LoadLibraryExW           --[HOOKED]--  @1000F6C0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USER32.dll  :CreateProcessW           --[HOOKED]--  @10010160 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USER32.dll  :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USER32.dll  :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USER32.dll  :LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  GDI32.dll   :LoadLibraryExW           --[HOOKED]--  @1000F6C0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  GDI32.dll   :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  GDI32.dll   :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  GDI32.dll   :LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USERENV.dll :LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USERENV.dll :LoadLibraryExA           --[HOOKED]--  @1000F4B0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USERENV.dll :CreateProcessW           --[HOOKED]--  @10010160 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USERENV.dll :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  USERENV.dll :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  umpnpmgr.dll:GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  umpnpmgr.dll:LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  NETAPI32.dll:LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  NETAPI32.dll:LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  NETAPI32.dll:GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  ShimEng.dll :CreateProcessW           --[HOOKED]--  @10010160 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  AcAdProc.dll:LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  AcAdProc.dll:GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  IMM32.DLL   :LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  IMM32.DLL   :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  eventlog.dll:LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  eventlog.dll:LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  eventlog.dll:GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  eventlog.dll:LoadLibraryExW           --[HOOKED]--  @1000F6C0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  PSAPI.DLL   :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  PSAPI.DLL   :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  WS2_32.dll  :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  WS2_32.dll  :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  WS2HELP.dll :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  WS2HELP.dll :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  wtsapi32.dll:LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  wtsapi32.dll:GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  Apphelp.dll :CreateProcessW           --[HOOKED]--  @10010160 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  Apphelp.dll :LoadLibraryW             --[HOOKED]--  @1000FA50 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  Apphelp.dll :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  Apphelp.dll :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  MSVCR71.dll :GetProcAddress           --[HOOKED]--  @1000F330 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  MSVCR71.dll :LoadLibraryA             --[HOOKED]--  @1000F8D0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  MSVCR71.dll :CreateProcessA           --[HOOKED]--  @1000FF90 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  MSVCR71.dll :CreateProcessW           --[HOOKED]--  @10010160 by C:\Program Files\CA\PPRT\bin\CACheck.dll
The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff:
Address   New-Original
7C801A28: E9 - 8B 
7C801A29: C2 - FF 
7C801A2A: F5 - 55 
7C801A2B: 83 - 8B 
7C801A2C: 83 - EC 
--> JMP DWORD PTR DS:[00040FEF]
Disassembly old code:
7C801A28: 8BFF         MOV EDI, EDI
7C801A2A: 55           PUSH EBP
7C801A2B: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801A28: E9 C2F58383  JMP 00040FEF
Disassembly of hooker:
00040FEF: 68 25B8E9C4  PUSH C4E9B825
00040FF4: E8 C5CF8C7C  CALL 7C90DFBE
00040FF9: 58           POP EAX
00040FFA: C2 1C00      RET 001C
00040FFD: C3           RET ; Pop IP
00040FFE: 0100         ADD DWORD PTR DS:[EAX],EAX
00041000: 0000         ADD BYTE PTR DS:[EAX],AL
00041002: 0000         ADD BYTE PTR DS:[EAX],AL
00041004: 0000         ADD BYTE PTR DS:[EAX],AL
00041006: 0000         ADD BYTE PTR DS:[EAX],AL
00041008: 0000         ADD BYTE PTR DS:[EAX],AL
0004100A: 0000         ADD BYTE PTR DS:[EAX],AL
0004100C: 0000         ADD BYTE PTR DS:[EAX],AL
0004100E: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateFileW at 7C810800 (0) got patched. Here is the diff:
Address   New-Original
7C810800: E9 - 8B 
7C810801: FB - FF 
7C810802: F7 - 55 
7C810803: 82 - 8B 
7C810804: 83 - EC 
--> JMP DWORD PTR DS:[00040000]
Disassembly old code:
7C810800: 8BFF         MOV EDI, EDI
7C810802: 55           PUSH EBP
7C810803: 8BEC         MOV EBP, ESP

Disassembly new code:
7C810800: E9 FBF78283  JMP 00040000
Disassembly of hooker:
00040000: 68 25B8E9C4  PUSH C4E9B825
00040005: E8 B4DF8C7C  CALL 7C90DFBE
0004000A: 58           POP EAX
0004000B: C2 1C00      RET 001C
0004000E: C3           RET ; Pop IP
0004000F: 0200         ADD AL,BYTE PTR DS:[EAX]
00040011: 8BFF         MOV EDI, EDI
00040013: 55           PUSH EBP
00040014: 8BEC         MOV EBP, ESP
00040016: E9 EA077D7C  JMP 7C810805
0004001B: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateNamedPipeA at 7C860CDC (0) got patched. Here is the diff:
Address   New-Original
7C860CDC: E9 - 8B 
7C860CDD: F3 - FF 
7C860CDE: 02 - 55 
7C860CDF: 7E - 8B 
7C860CE0: 83 - EC 
--> JMP DWORD PTR DS:[00040FD4]
Disassembly old code:
7C860CDC: 8BFF         MOV EDI, EDI
7C860CDE: 55           PUSH EBP
7C860CDF: 8BEC         MOV EBP, ESP

Disassembly new code:
7C860CDC: E9 F3027E83  JMP 00040FD4
Disassembly of hooker:
00040FD4: 68 25B8E9C4  PUSH C4E9B825
00040FD9: E8 E0CF8C7C  CALL 7C90DFBE
00040FDE: 58           POP EAX
00040FDF: C2 2000      RET 0020
00040FE2: C3           RET ; Pop IP
00040FE3: 0300         ADD EAX,DWORD PTR DS:[EAX]
00040FE5: 8BFF         MOV EDI, EDI
00040FE7: 55           PUSH EBP
00040FE8: 8BEC         MOV EBP, ESP
00040FEA: E9 3E0A7C7C  JMP 7C801A2D
00040FEF: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateNamedPipeW at 7C82F0DD (0) got patched. Here is the diff:
Address   New-Original
7C82F0DD: E9 - 8B 
7C82F0DE: CD - FF 
7C82F0DF: 1E - 55 
7C82F0E0: 81 - 8B 
7C82F0E1: 83 - EC 
--> JMP DWORD PTR DS:[00040FAF]
Disassembly old code:
7C82F0DD: 8BFF         MOV EDI, EDI
7C82F0DF: 55           PUSH EBP
7C82F0E0: 8BEC         MOV EBP, ESP

Disassembly new code:
7C82F0DD: E9 CD1E8183  JMP 00040FAF
Disassembly of hooker:
00040FAF: 68 25B8E9C4  PUSH C4E9B825
00040FB4: E8 05D08C7C  CALL 7C90DFBE
00040FB9: 58           POP EAX
00040FBA: C2 2000      RET 0020
00040FBD: C3           RET ; Pop IP
00040FBE: 16           PUSH SS ; Push SS register to the stack
00040FBF: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
00040FC5: E9 18E17E7C  JMP 7C82F0E2
00040FCA: 8BFF         MOV EDI, EDI
00040FCC: 55           PUSH EBP
00040FCD: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreatePipe at 7C81D83F (0) got patched. Here is the diff:
Address   New-Original
7C81D83F: E9 - 8B 
7C81D840: 1E - FF 
7C81D841: 28 - 55 
7C81D842: 82 - 8B 
7C81D843: 83 - EC 
--> JMP DWORD PTR DS:[00040062]
Disassembly old code:
7C81D83F: 8BFF         MOV EDI, EDI
7C81D841: 55           PUSH EBP
7C81D842: 8BEC         MOV EBP, ESP

Disassembly new code:
7C81D83F: E9 1E288283  JMP 00040062
Disassembly of hooker:
00040062: 68 25B8E9C4  PUSH C4E9B825
00040067: E8 52DF8C7C  CALL 7C90DFBE
0004006C: 58           POP EAX
0004006D: C2 1000      RET 0010
00040070: C3           RET ; Pop IP
00040071: 1D 008BFF55  SBB EAX, 55FF8B00
00040076: 8BEC         MOV EBP, ESP
00040078: E9 C7D77D7C  JMP 7C81D844
0004007D: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address   New-Original
7C80236B: E9 - 8B 
7C80236C: 56 - FF 
7C80236D: DD - 55 
7C80236E: 83 - 8B 
7C80236F: 83 - EC 
--> JMP DWORD PTR DS:[000400C6]
Disassembly old code:
7C80236B: 8BFF         MOV EDI, EDI
7C80236D: 55           PUSH EBP
7C80236E: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80236B: E9 56DD8383  JMP 000400C6
Disassembly of hooker:
000400C6: 68 25B8E9C4  PUSH C4E9B825
000400CB: E8 EEDE8C7C  CALL 7C90DFBE
000400D0: 58           POP EAX
000400D1: C2 2800      RET 0028
000400D4: C3           RET ; Pop IP
000400D5: 2100         AND DWORD PTR DS:[EAX],EAX
000400D7: 8BFF         MOV EDI, EDI
000400D9: 55           PUSH EBP
000400DA: 8BEC         MOV EBP, ESP
000400DC: E9 5A227C7C  JMP 7C80233B
000400E1: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address   New-Original
7C802336: E9 - 8B 
7C802337: A6 - FF 
7C802338: DD - 55 
7C802339: 83 - 8B 
7C80233A: 83 - EC 
--> JMP DWORD PTR DS:[000400E1]
Disassembly old code:
7C802336: 8BFF         MOV EDI, EDI
7C802338: 55           PUSH EBP
7C802339: 8BEC         MOV EBP, ESP

Disassembly new code:
7C802336: E9 A6DD8383  JMP 000400E1
Disassembly of hooker:
000400E1: 68 25B8E9C4  PUSH C4E9B825
000400E6: E8 D3DE8C7C  CALL 7C90DFBE
000400EB: 58           POP EAX
000400EC: C2 2800      RET 0028
000400EF: C3           RET ; Pop IP
000400F0: 2200         AND AL,BYTE PTR DS:[EAX]
000400F2: 68 25B8E9C4  PUSH C4E9B825
000400F7: E8 C2DE8C7C  CALL 7C90DFBE
000400FC: 58           POP EAX
000400FD: C2 0800      RET 0008
00040100: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff:
Address   New-Original
7C80AE40: E9 - 8B 
7C80AE41: AD - FF 
7C80AE42: 52 - 55 
7C80AE43: 83 - 8B 
7C80AE44: 83 - EC 
--> JMP DWORD PTR DS:[000400F2]
Disassembly old code:
7C80AE40: 8BFF         MOV EDI, EDI
7C80AE42: 55           PUSH EBP
7C80AE43: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80AE40: E9 AD528383  JMP 000400F2
Disassembly of hooker:
000400F2: 68 25B8E9C4  PUSH C4E9B825
000400F7: E8 C2DE8C7C  CALL 7C90DFBE
000400FC: 58           POP EAX
000400FD: C2 0800      RET 0008
00040100: C3           RET ; Pop IP
00040101: 2300         AND EAX,DWORD PTR DS:[EAX]
00040103: 8BFF         MOV EDI, EDI
00040105: 55           PUSH EBP
00040106: 8BEC         MOV EBP, ESP
00040108: E9 38AD7C7C  JMP 7C80AE45
0004010D: 0000         ADD BYTE PTR DS:[EAX],AL
0004010F: 0000         ADD BYTE PTR DS:[EAX],AL
00040111: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetStartupInfoA at 7C801EF2 (0) got patched. Here is the diff:
Address   New-Original
7C801EF2: E9 - 6A 
7C801EF3: 86 - 18 
7C801EF4: E1 - 68 
--> JMP DWORD PTR DS:[0004007D]
Disassembly old code:
7C801EF2: 6A18         PUSH 18

Disassembly new code:
7C801EF2: E9 86E18383  JMP 0004007D
Disassembly of hooker:
0004007D: 68 25B8E9C4  PUSH C4E9B825
00040082: E8 37DF8C7C  CALL 7C90DFBE
00040087: 58           POP EAX
00040088: C2 0400      RET 0004
0004008B: C3           RET ; Pop IP
0004008C: 1E           PUSH DS ; Push DS register to the stack
0004008D: 006A18       ADD BYTE PTR DS:[EDX+18H],CH
00040090: 68 C82F817C  PUSH 7C812FC8
00040095: E9 5F1E7C7C  JMP 7C801EF9
0004009A: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetStartupInfoW at 7C801E54 (0) got patched. Here is the diff:
Address   New-Original
7C801E54: E9 - 8B 
7C801E55: 41 - FF 
7C801E56: E2 - 55 
7C801E57: 83 - 8B 
7C801E58: 83 - EC 
--> JMP DWORD PTR DS:[0004009A]
Disassembly old code:
7C801E54: 8BFF         MOV EDI, EDI
7C801E56: 55           PUSH EBP
7C801E57: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801E54: E9 41E28383  JMP 0004009A
Disassembly of hooker:
0004009A: 68 25B8E9C4  PUSH C4E9B825
0004009F: E8 1ADF8C7C  CALL 7C90DFBE
000400A4: 58           POP EAX
000400A5: C2 0400      RET 0004
000400A8: C3           RET ; Pop IP
000400A9: 1F           POP DS ; Pop top stack to DS
000400AA: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
000400B0: E9 A41D7C7C  JMP 7C801E59
000400B5: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff:
Address   New-Original
7C801D7B: E9 - 8B 
7C801D7C: 9B - FF 
7C801D7D: E2 - 55 
7C801D7E: 83 - 8B 
7C801D7F: 83 - EC 
--> JMP DWORD PTR DS:[0004001B]
Disassembly old code:
7C801D7B: 8BFF         MOV EDI, EDI
7C801D7D: 55           PUSH EBP
7C801D7E: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801D7B: E9 9BE28383  JMP 0004001B
Disassembly of hooker:
0004001B: 68 25B8E9C4  PUSH C4E9B825
00040020: E8 99DF8C7C  CALL 7C90DFBE
00040025: 58           POP EAX
00040026: C2 0400      RET 0004
00040029: C3           RET ; Pop IP
0004002A: 17           POP SS ; Pop top stack to SS
0004002B: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
00040031: E9 BAAE7C7C  JMP 7C80AEF0
00040036: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff:
Address   New-Original
7C801D53: E9 - 8B 
7C801D54: 2B - FF 
7C801D55: F2 - 55 
7C801D56: 83 - 8B 
7C801D57: 83 - EC 
--> JMP DWORD PTR DS:[00040F83]
Disassembly old code:
7C801D53: 8BFF         MOV EDI, EDI
7C801D55: 55           PUSH EBP
7C801D56: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801D53: E9 2BF28383  JMP 00040F83
Disassembly of hooker:
00040F83: 68 25B8E9C4  PUSH C4E9B825
00040F88: E8 31D08C7C  CALL 7C90DFBE
00040F8D: 58           POP EAX
00040F8E: C2 0C00      RET 000C
00040F91: C3           RET ; Pop IP
00040F92: 1900         SBB DWORD PTR DS:[EAX],EAX
00040F94: 68 25B8E9C4  PUSH C4E9B825
00040F99: E8 20D08C7C  CALL 7C90DFBE
00040F9E: 58           POP EAX
00040F9F: C2 0400      RET 0004
00040FA2: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff:
Address   New-Original
7C801AF5: E9 - 6A 
7C801AF6: 62 - 34 
7C801AF7: F4 - 68 
--> JMP DWORD PTR DS:[00040F5C]
Disassembly old code:
7C801AF5: 6A34         PUSH 34

Disassembly new code:
7C801AF5: E9 62F48383  JMP 00040F5C
Disassembly of hooker:
00040F5C: 68 25B8E9C4  PUSH C4E9B825
00040F61: E8 58D08C7C  CALL 7C90DFBE
00040F66: 58           POP EAX
00040F67: C2 0C00      RET 000C
00040F6A: C3           RET ; Pop IP
00040F6B: 1A00         SBB AL,BYTE PTR DS:[EAX]
00040F6D: 6A34         PUSH 34
00040F6F: 68 F8E0807C  PUSH 7C80E0F8
00040F74: E9 830B7C7C  JMP 7C801AFC
00040F79: 8BFF         MOV EDI, EDI
00040F7B: 55           PUSH EBP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff:
Address   New-Original
7C80AEEB: E9 - 8B 
7C80AEEC: A4 - FF 
7C80AEED: 60 - 55 
7C80AEEE: 83 - 8B 
7C80AEEF: 83 - EC 
--> JMP DWORD PTR DS:[00040F94]
Disassembly old code:
7C80AEEB: 8BFF         MOV EDI, EDI
7C80AEED: 55           PUSH EBP
7C80AEEE: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80AEEB: E9 A4608383  JMP 00040F94
Disassembly of hooker:
00040F94: 68 25B8E9C4  PUSH C4E9B825
00040F99: E8 20D08C7C  CALL 7C90DFBE
00040F9E: 58           POP EAX
00040F9F: C2 0400      RET 0004
00040FA2: C3           RET ; Pop IP
00040FA3: 1800         SBB BYTE PTR DS:[EAX],AL
00040FA5: 8BFF         MOV EDI, EDI
00040FA7: 55           PUSH EBP
00040FA8: 8BEC         MOV EBP, ESP
00040FAA: E9 D10D7C7C  JMP 7C801D80
00040FAF: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff:
Address   New-Original
7C801AD4: E9 - 8B 
7C801AD5: 5D - FF 
7C801AD6: E5 - 55 
7C801AD7: 83 - 8B 
7C801AD8: 83 - EC 
--> JMP DWORD PTR DS:[00040036]
Disassembly old code:
7C801AD4: 8BFF         MOV EDI, EDI
7C801AD6: 55           PUSH EBP
7C801AD7: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801AD4: E9 5DE58383  JMP 00040036
Disassembly of hooker:
00040036: 68 25B8E9C4  PUSH C4E9B825
0004003B: E8 7EDF8C7C  CALL 7C90DFBE
00040040: 58           POP EAX
00040041: C2 1000      RET 0010
00040044: C3           RET ; Pop IP
00040045: 1B00         SBB EAX,DWORD PTR DS:[EAX]
00040047: 8BFF         MOV EDI, EDI
00040049: 55           PUSH EBP
0004004A: 8BEC         MOV EBP, ESP
0004004C: E9 151A7C7C  JMP 7C801A66
00040051: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VirtualProtectEx at 7C801A61 (0) got patched. Here is the diff:
Address   New-Original
7C801A61: E9 - 8B 
7C801A62: EB - FF 
7C801A63: E5 - 55 
7C801A64: 83 - 8B 
7C801A65: 83 - EC 
--> JMP DWORD PTR DS:[00040051]
Disassembly old code:
7C801A61: 8BFF         MOV EDI, EDI
7C801A63: 55           PUSH EBP
7C801A64: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801A61: E9 EBE58383  JMP 00040051
Disassembly of hooker:
00040051: 68 25B8E9C4  PUSH C4E9B825
00040056: E8 63DF8C7C  CALL 7C90DFBE
0004005B: 58           POP EAX
0004005C: C2 1400      RET 0014
0004005F: C3           RET ; Pop IP
00040060: 1C00         SBB AL, 00
00040062: 68 25B8E9C4  PUSH C4E9B825
00040067: E8 52DF8C7C  CALL 7C90DFBE
0004006C: 58           POP EAX
0004006D: C2 1000      RET 0010
00040070: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of WinExec at 7C86250D (0) got patched. Here is the diff:
Address   New-Original
7C86250D: E9 - 8B 
7C86250E: A3 - FF 
7C86250F: DB - 55 
7C862510: 7D - 8B 
7C862511: 83 - EC 
--> JMP DWORD PTR DS:[000400B5]
Disassembly old code:
7C86250D: 8BFF         MOV EDI, EDI
7C86250F: 55           PUSH EBP
7C862510: 8BEC         MOV EBP, ESP

Disassembly new code:
7C86250D: E9 A3DB7D83  JMP 000400B5
Disassembly of hooker:
000400B5: 68 25B8E9C4  PUSH C4E9B825
000400BA: E8 FFDE8C7C  CALL 7C90DFBE
000400BF: 58           POP EAX
000400C0: C2 0800      RET 0008
000400C3: C3           RET ; Pop IP
000400C4: 2000         AND BYTE PTR DS:[EAX],AL
000400C6: 68 25B8E9C4  PUSH C4E9B825
000400CB: E8 EEDE8C7C  CALL 7C90DFBE
000400D0: 58           POP EAX
000400D1: C2 2800      RET 0028
000400D4: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ADVAPI32.dll        (77DD0000 - 77E6B000)
  services.exe:CreateProcessAsUserW     --[HOOKED]--  @1000FDB0 by C:\Program Files\CA\PPRT\bin\CACheck.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\CA\PPRT\bin\CACheck.dll:
Base address:   10000000
Size:      00021000
Flags:      800C4004
Load count:   1
Name:      eTrust PestPatrol Realtime Protection
Prod. Version:   1.1.0.24
Company:   CA, Inc.
File Version:   1.1.0.24
Description:   API interceptors
Location:   C:\Program Files\CA\PPRT\bin\CACheck.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  USERENV.dll :CreateProcessAsUserW     --[HOOKED]--  @1000FDB0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
  umpnpmgr.dll:CreateProcessAsUserW     --[HOOKED]--  @1000FDB0 by C:\Program Files\CA\PPRT\bin\CACheck.dll
The code of RegCreateKeyA at 77DFBCF3 (0) got patched. Here is the diff:
Address   New-Original
77DFBCF3: E9 - 8B 
77DFBCF4: 3E - FF 
77DFBCF5: 43 - 55 
77DFBCF6: EA - 8B 
77DFBCF7: 88 - EC 
--> JMP DWORD PTR DS:[00CA0036]
Disassembly old code:
77DFBCF3: 8BFF         MOV EDI, EDI
77DFBCF5: 55           PUSH EBP
77DFBCF6: 8BEC         MOV EBP, ESP

Disassembly new code:
77DFBCF3: E9 3E43EA88  JMP 00CA0036
Disassembly of hooker:
00CA0036: 68 25B8E9C4  PUSH C4E9B825
00CA003B: E8 7EDFC67B  CALL 7C90DFBE
00CA0040: 58           POP EAX
00CA0041: C2 0C00      RET 000C
00CA0044: C3           RET ; Pop IP
00CA0045: 1200         ADC AL,BYTE PTR DS:[EAX]
00CA0047: 68 25B8E9C4  PUSH C4E9B825
00CA004C: E8 6DDFC67B  CALL 7C90DFBE
00CA0051: 58           POP EAX
00CA0052: C2 2400      RET 0024
00CA0055: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyExA at 77DDE9F4 (0) got patched. Here is the diff:
Address   New-Original
77DDE9F4: E9 - 8B 
77DDE9F5: 4E - FF 
77DDE9F6: 16 - 55 
77DDE9F7: EC - 8B 
77DDE9F8: 88 - EC 
--> JMP DWORD PTR DS:[00CA0047]
Disassembly old code:
77DDE9F4: 8BFF         MOV EDI, EDI
77DDE9F6: 55           PUSH EBP
77DDE9F7: 8BEC         MOV EBP, ESP

Disassembly new code:
77DDE9F4: E9 4E16EC88  JMP 00CA0047
Disassembly of hooker:
00CA0047: 68 25B8E9C4  PUSH C4E9B825
00CA004C: E8 6DDFC67B  CALL 7C90DFBE
00CA0051: 58           POP EAX
00CA0052: C2 2400      RET 0024
00CA0055: C3           RET ; Pop IP
00CA0056: 1400         ADC AL, 00
00CA0058: 8BFF         MOV EDI, EDI
00CA005A: 55           PUSH EBP
00CA005B: 8BEC         MOV EBP, ESP
00CA005D: E9 0F771377  JMP 77DD7771
00CA0062: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyExW at 77DD776C (0) got patched. Here is the diff:
Address   New-Original
77DD776C: E9 - 8B 
77DD776D: F1 - FF 
77DD776E: 88 - 55 
77DD776F: EC - 8B 
77DD7770: 88 - EC 
--> JMP DWORD PTR DS:[00CA0062]
Disassembly old code:
77DD776C: 8BFF         MOV EDI, EDI
77DD776E: 55           PUSH EBP
77DD776F: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD776C: E9 F188EC88  JMP 00CA0062
Disassembly of hooker:
00CA0062: 68 25B8E9C4  PUSH C4E9B825
00CA0067: E8 52DFC67B  CALL 7C90DFBE
00CA006C: 58           POP EAX
00CA006D: C2 2400      RET 0024
00CA0070: C3           RET ; Pop IP
00CA0071: 15 00000000  ADC EAX, 00000000
00CA0076: 0000         ADD BYTE PTR DS:[EAX],AL
00CA0078: 0000         ADD BYTE PTR DS:[EAX],AL
00CA007A: 0000         ADD BYTE PTR DS:[EAX],AL
00CA007C: 0000         ADD BYTE PTR DS:[EAX],AL
00CA007E: 0000         ADD BYTE PTR DS:[EAX],AL
00CA0080: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:31:48 PM

Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyA at 77DDEFC8 (0) got patched. Here is the diff:
Address   New-Original
77DDEFC8: E9 - 8B 
77DDEFC9: 18 - FF 
77DDEFCA: 20 - 55 
77DDEFCB: EC - 8B 
77DDEFCC: 88 - EC 
--> JMP DWORD PTR DS:[00CA0FE5]
Disassembly old code:
77DDEFC8: 8BFF         MOV EDI, EDI
77DDEFCA: 55           PUSH EBP
77DDEFCB: 8BEC         MOV EBP, ESP

Disassembly new code:
77DDEFC8: E9 1820EC88  JMP 00CA0FE5
Disassembly of hooker:
00CA0FE5: 68 25B8E9C4  PUSH C4E9B825
00CA0FEA: E8 CFCFC67B  CALL 7C90DFBE
00CA0FEF: 58           POP EAX
00CA0FF0: C2 0C00      RET 000C
00CA0FF3: C3           RET ; Pop IP
00CA0FF4: 0E           PUSH CS ; Push CS register to the stack
00CA0FF5: 0000         ADD BYTE PTR DS:[EAX],AL
00CA0FF7: 0000         ADD BYTE PTR DS:[EAX],AL
00CA0FF9: 0000         ADD BYTE PTR DS:[EAX],AL
00CA0FFB: 0000         ADD BYTE PTR DS:[EAX],AL
00CA0FFD: 0000         ADD BYTE PTR DS:[EAX],AL
00CA0FFF: 0000         ADD BYTE PTR DS:[EAX],AL
00CA1001: 0000         ADD BYTE PTR DS:[EAX],AL
00CA1003: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyExA at 77DD7852 (0) got patched. Here is the diff:
Address   New-Original
77DD7852: E9 - 8B 
77DD7853: C4 - FF 
77DD7854: 87 - 55 
77DD7855: EC - 8B 
77DD7856: 88 - EC 
--> JMP DWORD PTR DS:[00CA001B]
Disassembly old code:
77DD7852: 8BFF         MOV EDI, EDI
77DD7854: 55           PUSH EBP
77DD7855: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD7852: E9 C487EC88  JMP 00CA001B
Disassembly of hooker:
00CA001B: 68 25B8E9C4  PUSH C4E9B825
00CA0020: E8 99DFC67B  CALL 7C90DFBE
00CA0025: 58           POP EAX
00CA0026: C2 1400      RET 0014
00CA0029: C3           RET ; Pop IP
00CA002A: 1000         ADC BYTE PTR DS:[EAX],AL
00CA002C: 8BFF         MOV EDI, EDI
00CA002E: 55           PUSH EBP
00CA002F: 8BEC         MOV EBP, ESP
00CA0031: E9 7E6A1377  JMP 77DD6AB4
00CA0036: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyExW at 77DD6AAF (0) got patched. Here is the diff:
Address   New-Original
77DD6AAF: E9 - 8B 
77DD6AB0: 16 - FF 
77DD6AB1: A5 - 55 
77DD6AB2: EC - 8B 
77DD6AB3: 88 - EC 
--> JMP DWORD PTR DS:[00CA0FCA]
Disassembly old code:
77DD6AAF: 8BFF         MOV EDI, EDI
77DD6AB1: 55           PUSH EBP
77DD6AB2: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD6AAF: E9 16A5EC88  JMP 00CA0FCA
Disassembly of hooker:
00CA0FCA: 68 25B8E9C4  PUSH C4E9B825
00CA0FCF: E8 EACFC67B  CALL 7C90DFBE
00CA0FD4: 58           POP EAX
00CA0FD5: C2 1400      RET 0014
00CA0FD8: C3           RET ; Pop IP
00CA0FD9: 1100         ADC DWORD PTR DS:[EAX],EAX
00CA0FDB: 8BFF         MOV EDI, EDI
00CA0FDD: 55           PUSH EBP
00CA0FDE: 8BEC         MOV EBP, ESP
00CA0FE0: E9 72681377  JMP 77DD7857
00CA0FE5: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyW at 77DD7946 (0) got patched. Here is the diff:
Address   New-Original
77DD7946: E9 - 8B 
77DD7947: B5 - FF 
77DD7948: 86 - 55 
77DD7949: EC - 8B 
77DD794A: 88 - EC 
--> JMP DWORD PTR DS:[00CA0000]
Disassembly old code:
77DD7946: 8BFF         MOV EDI, EDI
77DD7948: 55           PUSH EBP
77DD7949: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD7946: E9 B586EC88  JMP 00CA0000
Disassembly of hooker:
00CA0000: 68 25B8E9C4  PUSH C4E9B825
00CA0005: E8 B4DFC67B  CALL 7C90DFBE
00CA000A: 58           POP EAX
00CA000B: C2 0C00      RET 000C
00CA000E: C3           RET ; Pop IP
00CA000F: 0F008B FF558BEC STR WORD PTR DS:[EBX+EC8B55FF]
00CA0016: E9 30791377  JMP 77DD794B
00CA001B: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
msvcrt.dll          (77C10000 - 77C68000)
The code of _creat at 77C2D40F (0) got patched. Here is the diff:
Address   New-Original
77C2D40F: E9 - 8B 
77C2D410: C3 - FF 
77C2D411: 3B - 55 
77C2D412: 44 - 8B 
77C2D413: 88 - EC 
--> JMP DWORD PTR DS:[00070FD7]
Disassembly old code:
77C2D40F: 8BFF         MOV EDI, EDI
77C2D411: 55           PUSH EBP
77C2D412: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2D40F: E9 C33B4488  JMP 00070FD7
Disassembly of hooker:
00070FD7: 68 25B8E9C4  PUSH C4E9B825
00070FDC: E8 DDCF897C  CALL 7C90DFBE
00070FE1: 58           POP EAX
00070FE2: C2 0000      RET 0000
00070FE5: C3           RET ; Pop IP
00070FE6: 0A00         OR AL,BYTE PTR DS:[EAX]
00070FE8: 6A14         PUSH 14
00070FEA: 68 6025C177  PUSH 77C12560
00070FEF: E9 68F0BB77  JMP 77C3005C
00070FF4: 6A14         PUSH 14
00070FF6: 68 00000000  PUSH 00000000
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _open at 77C2F566 (0) got patched. Here is the diff:
Address   New-Original
77C2F566: E9 - 6A 
77C2F567: 95 - 14 
77C2F568: 0A - 68 
--> JMP DWORD PTR DS:[00070000]
Disassembly old code:
77C2F566: 6A14         PUSH 14

Disassembly new code:
77C2F566: E9 950A4488  JMP 00070000
Disassembly of hooker:
00070000: 68 25B8E9C4  PUSH C4E9B825
00070005: E8 B4DF897C  CALL 7C90DFBE
0007000A: 58           POP EAX
0007000B: C2 0000      RET 0000
0007000E: C3           RET ; Pop IP
0007000F: 0800         OR BYTE PTR DS:[EAX],AL
00070011: 68 25B8E9C4  PUSH C4E9B825
00070016: E8 A3DF897C  CALL 7C90DFBE
0007001B: 58           POP EAX
0007001C: C2 0000      RET 0000
0007001F: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wcreat at 77C2FC9B (0) got patched. Here is the diff:
Address   New-Original
77C2FC9B: E9 - 8B 
77C2FC9C: 82 - FF 
77C2FC9D: 03 - 55 
77C2FC9E: 44 - 8B 
77C2FC9F: 88 - EC 
--> JMP DWORD PTR DS:[00070022]
Disassembly old code:
77C2FC9B: 8BFF         MOV EDI, EDI
77C2FC9D: 55           PUSH EBP
77C2FC9E: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2FC9B: E9 82034488  JMP 00070022
Disassembly of hooker:
00070022: 68 25B8E9C4  PUSH C4E9B825
00070027: E8 92DF897C  CALL 7C90DFBE
0007002C: 58           POP EAX
0007002D: C2 0000      RET 0000
00070030: C3           RET ; Pop IP
00070031: 0B00         OR EAX,DWORD PTR DS:[EAX]
00070033: 8BFF         MOV EDI, EDI
00070035: 55           PUSH EBP
00070036: 8BEC         MOV EBP, ESP
00070038: E9 8F93BB77  JMP 77C293CC
0007003D: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wopen at 77C30055 (0) got patched. Here is the diff:
Address   New-Original
77C30055: E9 - 6A 
77C30056: B7 - 14 
77C30057: FF - 68 
--> JMP DWORD PTR DS:[00070011]
Disassembly old code:
77C30055: 6A14         PUSH 14

Disassembly new code:
77C30055: E9 B7FF4388  JMP 00070011
Disassembly of hooker:
00070011: 68 25B8E9C4  PUSH C4E9B825
00070016: E8 A3DF897C  CALL 7C90DFBE
0007001B: 58           POP EAX
0007001C: C2 0000      RET 0000
0007001F: C3           RET ; Pop IP
00070020: 0900         OR DWORD PTR DS:[EAX],EAX
00070022: 68 25B8E9C4  PUSH C4E9B825
00070027: E8 92DF897C  CALL 7C90DFBE
0007002C: 58           POP EAX
0007002D: C2 0000      RET 0000
00070030: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wsystem at 77C2931E (0) got patched. Here is the diff:
Address   New-Original
77C2931E: E9 - 8B 
77C2931F: 2B - FF 
77C29320: 6D - 55 
77C29321: 44 - 8B 
77C29322: 88 - EC 
--> JMP DWORD PTR DS:[0007004E]
Disassembly old code:
77C2931E: 8BFF         MOV EDI, EDI
77C29320: 55           PUSH EBP
77C29321: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2931E: E9 2B6D4488  JMP 0007004E
Disassembly of hooker:
0007004E: 68 25B8E9C4  PUSH C4E9B825
00070053: E8 66DF897C  CALL 7C90DFBE
00070058: 58           POP EAX
00070059: C2 0000      RET 0000
0007005C: C3           RET ; Pop IP
0007005D: 0D 00000000  OR EAX, 00000000
00070062: 0000         ADD BYTE PTR DS:[EAX],AL
00070064: 0000         ADD BYTE PTR DS:[EAX],AL
00070066: 0000         ADD BYTE PTR DS:[EAX],AL
00070068: 0000         ADD BYTE PTR DS:[EAX],AL
0007006A: 0000         ADD BYTE PTR DS:[EAX],AL
0007006C: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of system at 77C293C7 (0) got patched. Here is the diff:
Address   New-Original
77C293C7: E9 - 8B 
77C293C8: 71 - FF 
77C293C9: 6C - 55 
77C293CA: 44 - 8B 
77C293CB: 88 - EC 
--> JMP DWORD PTR DS:[0007003D]
Disassembly old code:
77C293C7: 8BFF         MOV EDI, EDI
77C293C9: 55           PUSH EBP
77C293CA: 8BEC         MOV EBP, ESP

Disassembly new code:
77C293C7: E9 716C4488  JMP 0007003D
Disassembly of hooker:
0007003D: 68 25B8E9C4  PUSH C4E9B825
00070042: E8 77DF897C  CALL 7C90DFBE
00070047: 58           POP EAX
00070048: C2 0000      RET 0000
0007004B: C3           RET ; Pop IP
0007004C: 0C00         OR AL, 00
0007004E: 68 25B8E9C4  PUSH C4E9B825
00070053: E8 66DF897C  CALL 7C90DFBE
00070058: 58           POP EAX
00070059: C2 0000      RET 0000
0007005C: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NCObjAPI.DLL        (5F770000 - 5F77C000)
MSVCP60.dll         (76080000 - 760E5000)
SCESRV.dll          (7DBD0000 - 7DC21000)
AUTHZ.dll           (776C0000 - 776D2000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
USERENV.dll         (769C0000 - 76A74000)
umpnpmgr.dll        (7DBA0000 - 7DBC1000)
WINSTA.dll          (76360000 - 76370000)
NETAPI32.dll        (5B860000 - 5B8B5000)
ShimEng.dll         (5CB70000 - 5CB96000)
AcAdProc.dll        (47260000 - 4726F000)
IMM32.DLL           (76390000 - 763AD000)
eventlog.dll        (77B70000 - 77B81000)
PSAPI.DLL           (76BF0000 - 76BFB000)
WS2_32.dll          (71AB0000 - 71AC7000)
The code of socket at 71AB4211 (0) got patched. Here is the diff:
Address   New-Original
71AB4211: E9 - 8B 
71AB4212: EA - FF 
71AB4213: BD - 55 
71AB4214: 5A - 8B 
71AB4215: 8E - EC 
--> JMP DWORD PTR DS:[00060000]
Disassembly old code:
71AB4211: 8BFF         MOV EDI, EDI
71AB4213: 55           PUSH EBP
71AB4214: 8BEC         MOV EBP, ESP

Disassembly new code:
71AB4211: E9 EABD5A8E  JMP 00060000
Disassembly of hooker:
00060000: 68 25B8E9C4  PUSH C4E9B825
00060005: E8 B4DF8A7C  CALL 7C90DFBE
0006000A: 58           POP EAX
0006000B: C2 0C00      RET 000C
0006000E: C3           RET ; Pop IP
0006000F: 07           POP ES ; Pop top stack to ES
00060010: 0000         ADD BYTE PTR DS:[EAX],AL
00060012: 0000         ADD BYTE PTR DS:[EAX],AL
00060014: 0000         ADD BYTE PTR DS:[EAX],AL
00060016: 0000         ADD BYTE PTR DS:[EAX],AL
00060018: 0000         ADD BYTE PTR DS:[EAX],AL
0006001A: 0000         ADD BYTE PTR DS:[EAX],AL
0006001C: 0000         ADD BYTE PTR DS:[EAX],AL
0006001E: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
WS2HELP.dll         (71AA0000 - 71AA8000)
wtsapi32.dll        (76F50000 - 76F58000)
Apphelp.dll         (77B40000 - 77B62000)
CACheck.dll         (10000000 - 10021000)
CAHook.dll          (00D10000 - 00D3B000)
CAServer.dll        (00DA0000 - 00DC6000)
MSVCP71.dll         (7C3A0000 - 7C41B000)
MSVCR71.dll         (7C340000 - 7C396000)

PID 1164  - C:\WINDOWS\system32\lsass.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
The code of NtCreateFile at 7C90D0AE (0) got patched. Here is the diff:
Address   New-Original
7C90D0AE: E9 - B8 
7C90D0AF: 3C - 25 
7C90D0B0: 3F - 00 
7C90D0B1: 3E - 00 
7C90D0B2: 84 - 00 
--> JMP DWORD PTR DS:[00CF0FEF]
Disassembly old code:
7C90D0AE: B8 25000000  MOV EAX, 00000025

Disassembly new code:
7C90D0AE: E9 3C3F3E84  JMP 00CF0FEF
Disassembly of hooker:
00CF0FEF: 68 25B8E9C4  PUSH C4E9B825
00CF0FF4: E8 C5CFC17B  CALL 7C90DFBE
00CF0FF9: 58           POP EAX
00CF0FFA: C2 2C00      RET 002C
00CF0FFD: C3           RET ; Pop IP
00CF0FFE: 05 00000000  ADD EAX, 00000000
00CF1003: 0000         ADD BYTE PTR DS:[EAX],AL
00CF1005: 0000         ADD BYTE PTR DS:[EAX],AL
00CF1007: 0000         ADD BYTE PTR DS:[EAX],AL
00CF1009: 0000         ADD BYTE PTR DS:[EAX],AL
00CF100B: 0000         ADD BYTE PTR DS:[EAX],AL
00CF100D: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of NtCreateProcess at 7C90D14E (0) got patched. Here is the diff:
Address   New-Original
7C90D14E: E9 - B8 
7C90D14F: 5C - 2F 
7C90D150: 3E - 00 
7C90D151: 3E - 00 
7C90D152: 84 - 00 
--> JMP DWORD PTR DS:[00CF0FAF]
Disassembly old code:
7C90D14E: B8 2F000000  MOV EAX, 0000002F

Disassembly new code:
7C90D14E: E9 5C3E3E84  JMP 00CF0FAF
Disassembly of hooker:
00CF0FAF: 68 25B8E9C4  PUSH C4E9B825
00CF0FB4: E8 05D0C17B  CALL 7C90DFBE
00CF0FB9: 58           POP EAX
00CF0FBA: C2 2000      RET 0020
00CF0FBD: C3           RET ; Pop IP
00CF0FBE: 07           POP ES ; Pop top stack to ES
00CF0FBF: 00B8 2F000000 ADD BYTE PTR DS:[EAX+0000002F],BH
00CF0FC5: E9 89C1C17B  JMP 7C90D153
00CF0FCA: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of NtProtectVirtualMemory at 7C90D6EE (0) got patched. Here is the diff:
Address   New-Original
7C90D6EE: E9 - B8 
7C90D6EF: D7 - 89 
7C90D6F0: 38 - 00 
7C90D6F1: 3E - 00 
7C90D6F2: 84 - 00 
--> JMP DWORD PTR DS:[00CF0FCA]
Disassembly old code:
7C90D6EE: B8 89000000  MOV EAX, 00000089

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:32:30 PM

Disassembly new code:
7C90D6EE: E9 D7383E84  JMP 00CF0FCA
Disassembly of hooker:
00CF0FCA: 68 25B8E9C4  PUSH C4E9B825
00CF0FCF: E8 EACFC17B  CALL 7C90DFBE
00CF0FD4: 58           POP EAX
00CF0FD5: C2 1400      RET 0014
00CF0FD8: C3           RET ; Pop IP
00CF0FD9: 06           PUSH ES ; Push ES register to the stack
00CF0FDA: 00B8 89000000 ADD BYTE PTR DS:[EAX+00000089],BH
00CF0FE0: E9 0EC7C17B  JMP 7C90D6F3
00CF0FE5: B8 25000000  MOV EAX, 00000025
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwCreateFile at 7C90D0AE (0) got patched. Here is the diff:
Address   New-Original
7C90D0AE: E9 - B8 
7C90D0AF: 3C - 25 
7C90D0B0: 3F - 00 
7C90D0B1: 3E - 00 
7C90D0B2: 84 - 00 
--> JMP DWORD PTR DS:[00CF0FEF]
Disassembly old code:
7C90D0AE: B8 25000000  MOV EAX, 00000025

Disassembly new code:
7C90D0AE: E9 3C3F3E84  JMP 00CF0FEF
Disassembly of hooker:
00CF0FEF: 68 25B8E9C4  PUSH C4E9B825
00CF0FF4: E8 C5CFC17B  CALL 7C90DFBE
00CF0FF9: 58           POP EAX
00CF0FFA: C2 2C00      RET 002C
00CF0FFD: C3           RET ; Pop IP
00CF0FFE: 05 00000000  ADD EAX, 00000000
00CF1003: 0000         ADD BYTE PTR DS:[EAX],AL
00CF1005: 0000         ADD BYTE PTR DS:[EAX],AL
00CF1007: 0000         ADD BYTE PTR DS:[EAX],AL
00CF1009: 0000         ADD BYTE PTR DS:[EAX],AL
00CF100B: 0000         ADD BYTE PTR DS:[EAX],AL
00CF100D: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwCreateProcess at 7C90D14E (0) got patched. Here is the diff:
Address   New-Original
7C90D14E: E9 - B8 
7C90D14F: 5C - 2F 
7C90D150: 3E - 00 
7C90D151: 3E - 00 
7C90D152: 84 - 00 
--> JMP DWORD PTR DS:[00CF0FAF]
Disassembly old code:
7C90D14E: B8 2F000000  MOV EAX, 0000002F

Disassembly new code:
7C90D14E: E9 5C3E3E84  JMP 00CF0FAF
Disassembly of hooker:
00CF0FAF: 68 25B8E9C4  PUSH C4E9B825
00CF0FB4: E8 05D0C17B  CALL 7C90DFBE
00CF0FB9: 58           POP EAX
00CF0FBA: C2 2000      RET 0020
00CF0FBD: C3           RET ; Pop IP
00CF0FBE: 07           POP ES ; Pop top stack to ES
00CF0FBF: 00B8 2F000000 ADD BYTE PTR DS:[EAX+0000002F],BH
00CF0FC5: E9 89C1C17B  JMP 7C90D153
00CF0FCA: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwProtectVirtualMemory at 7C90D6EE (0) got patched. Here is the diff:
Address   New-Original
7C90D6EE: E9 - B8 
7C90D6EF: D7 - 89 
7C90D6F0: 38 - 00 
7C90D6F1: 3E - 00 
7C90D6F2: 84 - 00 
--> JMP DWORD PTR DS:[00CF0FCA]
Disassembly old code:
7C90D6EE: B8 89000000  MOV EAX, 00000089

Disassembly new code:
7C90D6EE: E9 D7383E84  JMP 00CF0FCA
Disassembly of hooker:
00CF0FCA: 68 25B8E9C4  PUSH C4E9B825
00CF0FCF: E8 EACFC17B  CALL 7C90DFBE
00CF0FD4: 58           POP EAX
00CF0FD5: C2 1400      RET 0014
00CF0FD8: C3           RET ; Pop IP
00CF0FD9: 06           PUSH ES ; Push ES register to the stack
00CF0FDA: 00B8 89000000 ADD BYTE PTR DS:[EAX+00000089],BH
00CF0FE0: E9 0EC7C17B  JMP 7C90D6F3
00CF0FE5: B8 25000000  MOV EAX, 00000025
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
kernel32.dll        (7C800000 - 7C8F6000)
The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff:
Address   New-Original
7C801A28: E9 - 8B 
7C801A29: D3 - FF 
7C801A2A: E5 - 55 
7C801A2B: 3D - 8B 
7C801A2C: 84 - EC 
--> JMP DWORD PTR DS:[00BE0000]
Disassembly old code:
7C801A28: 8BFF         MOV EDI, EDI
7C801A2A: 55           PUSH EBP
7C801A2B: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801A28: E9 D3E53D84  JMP 00BE0000
Disassembly of hooker:
00BE0000: 68 25B8E9C4  PUSH C4E9B825
00BE0005: E8 B4DFD27B  CALL 7C90DFBE
00BE000A: 58           POP EAX
00BE000B: C2 1C00      RET 001C
00BE000E: C3           RET ; Pop IP
00BE000F: 0100         ADD DWORD PTR DS:[EAX],EAX
00BE0011: 8BFF         MOV EDI, EDI
00BE0013: 55           PUSH EBP
00BE0014: 8BEC         MOV EBP, ESP
00BE0016: E9 121AC27B  JMP 7C801A2D
00BE001B: 8BFF         MOV EDI, EDI
00BE001D: 55           PUSH EBP
00BE001E: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateFileW at 7C810800 (0) got patched. Here is the diff:
Address   New-Original
7C810800: E9 - 8B 
7C810801: EA - FF 
7C810802: 07 - 55 
7C810803: 3D - 8B 
7C810804: 84 - EC 
--> JMP DWORD PTR DS:[00BE0FEF]
Disassembly old code:
7C810800: 8BFF         MOV EDI, EDI
7C810802: 55           PUSH EBP
7C810803: 8BEC         MOV EBP, ESP

Disassembly new code:
7C810800: E9 EA073D84  JMP 00BE0FEF
Disassembly of hooker:
00BE0FEF: 68 25B8E9C4  PUSH C4E9B825
00BE0FF4: E8 C5CFD27B  CALL 7C90DFBE
00BE0FF9: 58           POP EAX
00BE0FFA: C2 1C00      RET 001C
00BE0FFD: C3           RET ; Pop IP
00BE0FFE: 0200         ADD AL,BYTE PTR DS:[EAX]
00BE1000: 0000         ADD BYTE PTR DS:[EAX],AL
00BE1002: 0000         ADD BYTE PTR DS:[EAX],AL
00BE1004: 0000         ADD BYTE PTR DS:[EAX],AL
00BE1006: 0000         ADD BYTE PTR DS:[EAX],AL
00BE1008: 0000         ADD BYTE PTR DS:[EAX],AL
00BE100A: 0000         ADD BYTE PTR DS:[EAX],AL
00BE100C: 0000         ADD BYTE PTR DS:[EAX],AL
00BE100E: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateNamedPipeA at 7C860CDC (0) got patched. Here is the diff:
Address   New-Original
7C860CDC: E9 - 8B 
7C860CDD: 44 - FF 
7C860CDE: F3 - 55 
7C860CDF: 37 - 8B 
7C860CE0: 84 - EC 
--> JMP DWORD PTR DS:[00BE0025]
Disassembly old code:
7C860CDC: 8BFF         MOV EDI, EDI
7C860CDE: 55           PUSH EBP
7C860CDF: 8BEC         MOV EBP, ESP

Disassembly new code:
7C860CDC: E9 44F33784  JMP 00BE0025
Disassembly of hooker:
00BE0025: 68 25B8E9C4  PUSH C4E9B825
00BE002A: E8 8FDFD27B  CALL 7C90DFBE
00BE002F: 58           POP EAX
00BE0030: C2 2000      RET 0020
00BE0033: C3           RET ; Pop IP
00BE0034: 0300         ADD EAX,DWORD PTR DS:[EAX]
00BE0036: 68 25B8E9C4  PUSH C4E9B825
00BE003B: E8 7EDFD27B  CALL 7C90DFBE
00BE0040: 58           POP EAX
00BE0041: C2 2000      RET 0020
00BE0044: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateNamedPipeW at 7C82F0DD (0) got patched. Here is the diff:
Address   New-Original
7C82F0DD: E9 - 8B 
7C82F0DE: 54 - FF 
7C82F0DF: 0F - 55 
7C82F0E0: 3B - 8B 
7C82F0E1: 84 - EC 
--> JMP DWORD PTR DS:[00BE0036]
Disassembly old code:
7C82F0DD: 8BFF         MOV EDI, EDI
7C82F0DF: 55           PUSH EBP
7C82F0E0: 8BEC         MOV EBP, ESP

Disassembly new code:
7C82F0DD: E9 540F3B84  JMP 00BE0036
Disassembly of hooker:
00BE0036: 68 25B8E9C4  PUSH C4E9B825
00BE003B: E8 7EDFD27B  CALL 7C90DFBE
00BE0040: 58           POP EAX
00BE0041: C2 2000      RET 0020
00BE0044: C3           RET ; Pop IP
00BE0045: 0400         ADD AL, 00
00BE0047: 8BFF         MOV EDI, EDI
00BE0049: 55           PUSH EBP
00BE004A: 8BEC         MOV EBP, ESP
00BE004C: E9 91F0C47B  JMP 7C82F0E2
00BE0051: 8BFF         MOV EDI, EDI
00BE0053: 55           PUSH EBP
00BE0054: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreatePipe at 7C81D83F (0) got patched. Here is the diff:
Address   New-Original
7C81D83F: E9 - 8B 
7C81D840: 1B - FF 
7C81D841: 37 - 55 
7C81D842: 3C - 8B 
7C81D843: 84 - EC 
--> JMP DWORD PTR DS:[00BE0F5F]
Disassembly old code:
7C81D83F: 8BFF         MOV EDI, EDI
7C81D841: 55           PUSH EBP
7C81D842: 8BEC         MOV EBP, ESP

Disassembly new code:
7C81D83F: E9 1B373C84  JMP 00BE0F5F
Disassembly of hooker:
00BE0F5F: 68 25B8E9C4  PUSH C4E9B825
00BE0F64: E8 55D0D27B  CALL 7C90DFBE
00BE0F69: 58           POP EAX
00BE0F6A: C2 1000      RET 0010
00BE0F6D: C3           RET ; Pop IP
00BE0F6E: 1D 006825B8  SBB EAX, B8256800
00BE0F73: E9 C4E844D0  JMP D102F83C
00BE0F78: D27B58       SAR BYTE PTR DS:[EBX+58H],CL
00BE0F7B: C2 1400      RET 0014
00BE0F7E: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address   New-Original
7C80236B: E9 - 8B 
7C80236C: B9 - FF 
7C80236D: EB - 55 
7C80236E: 3D - 8B 
7C80236F: 84 - EC 
--> JMP DWORD PTR DS:[00BE0F29]
Disassembly old code:
7C80236B: 8BFF         MOV EDI, EDI
7C80236D: 55           PUSH EBP
7C80236E: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80236B: E9 B9EB3D84  JMP 00BE0F29
Disassembly of hooker:
00BE0F29: 68 25B8E9C4  PUSH C4E9B825
00BE0F2E: E8 8BD0D27B  CALL 7C90DFBE
00BE0F33: 58           POP EAX
00BE0F34: C2 2800      RET 0028
00BE0F37: C3           RET ; Pop IP
00BE0F38: 2100         AND DWORD PTR DS:[EAX],EAX
00BE0F3A: 68 25B8E9C4  PUSH C4E9B825
00BE0F3F: E8 7AD0D27B  CALL 7C90DFBE
00BE0F44: 58           POP EAX
00BE0F45: C2 0400      RET 0004
00BE0F48: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address   New-Original
7C802336: E9 - 8B 
7C802337: 7D - FF 
7C802338: DD - 55 
7C802339: 3D - 8B 
7C80233A: 84 - EC 
--> JMP DWORD PTR DS:[00BE00B8]
Disassembly old code:
7C802336: 8BFF         MOV EDI, EDI
7C802338: 55           PUSH EBP
7C802339: 8BEC         MOV EBP, ESP

Disassembly new code:
7C802336: E9 7DDD3D84  JMP 00BE00B8
Disassembly of hooker:
00BE00B8: 68 25B8E9C4  PUSH C4E9B825
00BE00BD: E8 FCDED27B  CALL 7C90DFBE
00BE00C2: 58           POP EAX
00BE00C3: C2 2800      RET 0028
00BE00C6: C3           RET ; Pop IP
00BE00C7: 2200         AND AL,BYTE PTR DS:[EAX]
00BE00C9: 0000         ADD BYTE PTR DS:[EAX],AL
00BE00CB: 0000         ADD BYTE PTR DS:[EAX],AL
00BE00CD: 0000         ADD BYTE PTR DS:[EAX],AL
00BE00CF: 0000         ADD BYTE PTR DS:[EAX],AL
00BE00D1: 0000         ADD BYTE PTR DS:[EAX],AL
00BE00D3: 0000         ADD BYTE PTR DS:[EAX],AL
00BE00D5: 0000         ADD BYTE PTR DS:[EAX],AL
00BE00D7: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff:
Address   New-Original
7C80AE40: E9 - 8B 
7C80AE41: BF - FF 
7C80AE42: 60 - 55 
7C80AE43: 3D - 8B 
7C80AE44: 84 - EC 
--> JMP DWORD PTR DS:[00BE0F04]
Disassembly old code:
7C80AE40: 8BFF         MOV EDI, EDI
7C80AE42: 55           PUSH EBP
7C80AE43: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80AE40: E9 BF603D84  JMP 00BE0F04
Disassembly of hooker:
00BE0F04: 68 25B8E9C4  PUSH C4E9B825
00BE0F09: E8 B0D0D27B  CALL 7C90DFBE
00BE0F0E: 58           POP EAX
00BE0F0F: C2 0800      RET 0008
00BE0F12: C3           RET ; Pop IP
00BE0F13: 2300         AND EAX,DWORD PTR DS:[EAX]
00BE0F15: 8BFF         MOV EDI, EDI
00BE0F17: 55           PUSH EBP
00BE0F18: 8BEC         MOV EBP, ESP
00BE0F1A: E9 1C14C27B  JMP 7C80233B
00BE0F1F: 8BFF         MOV EDI, EDI
00BE0F21: 55           PUSH EBP
00BE0F22: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetStartupInfoA at 7C801EF2 (0) got patched. Here is the diff:
Address   New-Original
7C801EF2: E9 - 6A 
7C801EF3: 95 - 18 
7C801EF4: E1 - 68 
--> JMP DWORD PTR DS:[00BE008C]
Disassembly old code:
7C801EF2: 6A18         PUSH 18

Disassembly new code:
7C801EF2: E9 95E13D84  JMP 00BE008C
Disassembly of hooker:
00BE008C: 68 25B8E9C4  PUSH C4E9B825
00BE0091: E8 28DFD27B  CALL 7C90DFBE
00BE0096: 58           POP EAX
00BE0097: C2 0400      RET 0004
00BE009A: C3           RET ; Pop IP
00BE009B: 1E           PUSH DS ; Push DS register to the stack
00BE009C: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
00BE00A2: E9 6B24C87B  JMP 7C862512
00BE00A7: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetStartupInfoW at 7C801E54 (0) got patched. Here is the diff:
Address   New-Original
7C801E54: E9 - 8B 
7C801E55: E1 - FF 
7C801E56: F0 - 55 
7C801E57: 3D - 8B 
7C801E58: 84 - EC 
--> JMP DWORD PTR DS:[00BE0F3A]
Disassembly old code:
7C801E54: 8BFF         MOV EDI, EDI
7C801E56: 55           PUSH EBP
7C801E57: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801E54: E9 E1F03D84  JMP 00BE0F3A
Disassembly of hooker:
00BE0F3A: 68 25B8E9C4  PUSH C4E9B825
00BE0F3F: E8 7AD0D27B  CALL 7C90DFBE
00BE0F44: 58           POP EAX
00BE0F45: C2 0400      RET 0004
00BE0F48: C3           RET ; Pop IP
00BE0F49: 1F           POP DS ; Pop top stack to DS
00BE0F4A: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
00BE0F50: E9 040FC27B  JMP 7C801E59
00BE0F55: 8BFF         MOV EDI, EDI
00BE0F57: 55           PUSH EBP
00BE0F58: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff:
Address   New-Original
7C801D7B: E9 - 8B 
7C801D7C: DB - FF 
7C801D7D: E2 - 55 
7C801D7E: 3D - 8B 
7C801D7F: 84 - EC 
--> JMP DWORD PTR DS:[00BE005B]
Disassembly old code:
7C801D7B: 8BFF         MOV EDI, EDI
7C801D7D: 55           PUSH EBP
7C801D7E: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801D7B: E9 DBE23D84  JMP 00BE005B
Disassembly of hooker:
00BE005B: 68 25B8E9C4  PUSH C4E9B825
00BE0060: E8 59DFD27B  CALL 7C90DFBE
00BE0065: 58           POP EAX
00BE0066: C2 0400      RET 0004
00BE0069: C3           RET ; Pop IP
00BE006A: 17           POP SS ; Pop top stack to SS
00BE006B: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
00BE0071: E9 7AAEC27B  JMP 7C80AEF0
00BE0076: 8BFF         MOV EDI, EDI
00BE0078: 55           PUSH EBP
00BE0079: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:33:12 PM

The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff:
Address   New-Original
7C801D53: E9 - 8B 
7C801D54: 61 - FF 
7C801D55: F2 - 55 
7C801D56: 3D - 8B 
7C801D57: 84 - EC 
--> JMP DWORD PTR DS:[00BE0FB9]
Disassembly old code:
7C801D53: 8BFF         MOV EDI, EDI
7C801D55: 55           PUSH EBP
7C801D56: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801D53: E9 61F23D84  JMP 00BE0FB9
Disassembly of hooker:
00BE0FB9: 68 25B8E9C4  PUSH C4E9B825
00BE0FBE: E8 FBCFD27B  CALL 7C90DFBE
00BE0FC3: 58           POP EAX
00BE0FC4: C2 0C00      RET 000C
00BE0FC7: C3           RET ; Pop IP
00BE0FC8: 1900         SBB DWORD PTR DS:[EAX],EAX
00BE0FCA: 8BFF         MOV EDI, EDI
00BE0FCC: 55           PUSH EBP
00BE0FCD: 8BEC         MOV EBP, ESP
00BE0FCF: E9 840DC27B  JMP 7C801D58
00BE0FD4: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff:
Address   New-Original
7C801AF5: E9 - 6A 
7C801AF6: AE - 34 
7C801AF7: F4 - 68 
--> JMP DWORD PTR DS:[00BE0FA8]
Disassembly old code:
7C801AF5: 6A34         PUSH 34

Disassembly new code:
7C801AF5: E9 AEF43D84  JMP 00BE0FA8
Disassembly of hooker:
00BE0FA8: 68 25B8E9C4  PUSH C4E9B825
00BE0FAD: E8 0CD0D27B  CALL 7C90DFBE
00BE0FB2: 58           POP EAX
00BE0FB3: C2 0C00      RET 000C
00BE0FB6: C3           RET ; Pop IP
00BE0FB7: 1A00         SBB AL,BYTE PTR DS:[EAX]
00BE0FB9: 68 25B8E9C4  PUSH C4E9B825
00BE0FBE: E8 FBCFD27B  CALL 7C90DFBE
00BE0FC3: 58           POP EAX
00BE0FC4: C2 0C00      RET 000C
00BE0FC7: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff:
Address   New-Original
7C80AEEB: E9 - 8B 
7C80AEEC: E4 - FF 
7C80AEED: 60 - 55 
7C80AEEE: 3D - 8B 
7C80AEEF: 84 - EC 
--> JMP DWORD PTR DS:[00BE0FD4]
Disassembly old code:
7C80AEEB: 8BFF         MOV EDI, EDI
7C80AEED: 55           PUSH EBP
7C80AEEE: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80AEEB: E9 E4603D84  JMP 00BE0FD4
Disassembly of hooker:
00BE0FD4: 68 25B8E9C4  PUSH C4E9B825
00BE0FD9: E8 E0CFD27B  CALL 7C90DFBE
00BE0FDE: 58           POP EAX
00BE0FDF: C2 0400      RET 0004
00BE0FE2: C3           RET ; Pop IP
00BE0FE3: 1800         SBB BYTE PTR DS:[EAX],AL
00BE0FE5: 8BFF         MOV EDI, EDI
00BE0FE7: 55           PUSH EBP
00BE0FE8: 8BEC         MOV EBP, ESP
00BE0FEA: E9 16F8C27B  JMP 7C810805
00BE0FEF: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff:
Address   New-Original
7C801AD4: E9 - 8B 
7C801AD5: B2 - FF 
7C801AD6: F4 - 55 
7C801AD7: 3D - 8B 
7C801AD8: 84 - EC 
--> JMP DWORD PTR DS:[00BE0F8B]
Disassembly old code:
7C801AD4: 8BFF         MOV EDI, EDI
7C801AD6: 55           PUSH EBP
7C801AD7: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801AD4: E9 B2F43D84  JMP 00BE0F8B
Disassembly of hooker:
00BE0F8B: 68 25B8E9C4  PUSH C4E9B825
00BE0F90: E8 29D0D27B  CALL 7C90DFBE
00BE0F95: 58           POP EAX
00BE0F96: C2 1000      RET 0010
00BE0F99: C3           RET ; Pop IP
00BE0F9A: 1B00         SBB EAX,DWORD PTR DS:[EAX]
00BE0F9C: 6A34         PUSH 34
00BE0F9E: 68 F8E0807C  PUSH 7C80E0F8
00BE0FA3: E9 540BC27B  JMP 7C801AFC
00BE0FA8: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VirtualProtectEx at 7C801A61 (0) got patched. Here is the diff:
Address   New-Original
7C801A61: E9 - 8B 
7C801A62: 0A - FF 
7C801A63: F5 - 55 
7C801A64: 3D - 8B 
7C801A65: 84 - EC 
--> JMP DWORD PTR DS:[00BE0F70]
Disassembly old code:
7C801A61: 8BFF         MOV EDI, EDI
7C801A63: 55           PUSH EBP
7C801A64: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801A61: E9 0AF53D84  JMP 00BE0F70
Disassembly of hooker:
00BE0F70: 68 25B8E9C4  PUSH C4E9B825
00BE0F75: E8 44D0D27B  CALL 7C90DFBE
00BE0F7A: 58           POP EAX
00BE0F7B: C2 1400      RET 0014
00BE0F7E: C3           RET ; Pop IP
00BE0F7F: 1C00         SBB AL, 00
00BE0F81: 8BFF         MOV EDI, EDI
00BE0F83: 55           PUSH EBP
00BE0F84: 8BEC         MOV EBP, ESP
00BE0F86: E9 4E0BC27B  JMP 7C801AD9
00BE0F8B: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of WinExec at 7C86250D (0) got patched. Here is the diff:
Address   New-Original
7C86250D: E9 - 8B 
7C86250E: 95 - FF 
7C86250F: DB - 55 
7C862510: 37 - 8B 
7C862511: 84 - EC 
--> JMP DWORD PTR DS:[00BE00A7]
Disassembly old code:
7C86250D: 8BFF         MOV EDI, EDI
7C86250F: 55           PUSH EBP
7C862510: 8BEC         MOV EBP, ESP

Disassembly new code:
7C86250D: E9 95DB3784  JMP 00BE00A7
Disassembly of hooker:
00BE00A7: 68 25B8E9C4  PUSH C4E9B825
00BE00AC: E8 0DDFD27B  CALL 7C90DFBE
00BE00B1: 58           POP EAX
00BE00B2: C2 0800      RET 0008
00BE00B5: C3           RET ; Pop IP
00BE00B6: 2000         AND BYTE PTR DS:[EAX],AL
00BE00B8: 68 25B8E9C4  PUSH C4E9B825
00BE00BD: E8 FCDED27B  CALL 7C90DFBE
00BE00C2: 58           POP EAX
00BE00C3: C2 2800      RET 0028
00BE00C6: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ADVAPI32.dll        (77DD0000 - 77E6B000)
The code of RegCreateKeyA at 77DFBCF3 (0) got patched. Here is the diff:
Address   New-Original
77DFBCF3: E9 - 8B 
77DFBCF4: AD - FF 
77DFBCF5: 52 - 55 
77DFBCF6: F2 - 8B 
77DFBCF7: 88 - EC 
--> JMP DWORD PTR DS:[00D20FA5]
Disassembly old code:
77DFBCF3: 8BFF         MOV EDI, EDI
77DFBCF5: 55           PUSH EBP
77DFBCF6: 8BEC         MOV EBP, ESP

Disassembly new code:
77DFBCF3: E9 AD52F288  JMP 00D20FA5
Disassembly of hooker:
00D20FA5: 68 25B8E9C4  PUSH C4E9B825
00D20FAA: E8 0FD0BE7B  CALL 7C90DFBE
00D20FAF: 58           POP EAX
00D20FB0: C2 0C00      RET 000C
00D20FB3: C3           RET ; Pop IP
00D20FB4: 1300         ADC EAX,DWORD PTR DS:[EAX]
00D20FB6: 8BFF         MOV EDI, EDI
00D20FB8: 55           PUSH EBP
00D20FB9: 8BEC         MOV EBP, ESP
00D20FBB: E9 F45A0B77  JMP 77DD6AB4
00D20FC0: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyExA at 77DDE9F4 (0) got patched. Here is the diff:
Address   New-Original
77DDE9F4: E9 - 8B 
77DDE9F5: 3D - FF 
77DDE9F6: 16 - 55 
77DDE9F7: F4 - 8B 
77DDE9F8: 88 - EC 
--> JMP DWORD PTR DS:[00D20036]
Disassembly old code:
77DDE9F4: 8BFF         MOV EDI, EDI
77DDE9F6: 55           PUSH EBP
77DDE9F7: 8BEC         MOV EBP, ESP

Disassembly new code:
77DDE9F4: E9 3D16F488  JMP 00D20036
Disassembly of hooker:
00D20036: 68 25B8E9C4  PUSH C4E9B825
00D2003B: E8 7EDFBE7B  CALL 7C90DFBE
00D20040: 58           POP EAX
00D20041: C2 2400      RET 0024
00D20044: C3           RET ; Pop IP
00D20045: 15 008BFF55  ADC EAX, 55FF8B00
00D2004A: 8BEC         MOV EBP, ESP
00D2004C: E9 A8E90B77  JMP 77DDE9F9
00D20051: 8BFF         MOV EDI, EDI
00D20053: 55           PUSH EBP
00D20054: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyExW at 77DD776C (0) got patched. Here is the diff:
Address   New-Original
77DD776C: E9 - 8B 
77DD776D: 12 - FF 
77DD776E: 98 - 55 
77DD776F: F4 - 8B 
77DD7770: 88 - EC 
--> JMP DWORD PTR DS:[00D20F83]
Disassembly old code:
77DD776C: 8BFF         MOV EDI, EDI
77DD776E: 55           PUSH EBP
77DD776F: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD776C: E9 1298F488  JMP 00D20F83
Disassembly of hooker:
00D20F83: 68 25B8E9C4  PUSH C4E9B825
00D20F88: E8 31D0BE7B  CALL 7C90DFBE
00D20F8D: 58           POP EAX
00D20F8E: C2 2400      RET 0024
00D20F91: C3           RET ; Pop IP
00D20F92: 16           PUSH SS ; Push SS register to the stack
00D20F93: 006825       ADD BYTE PTR DS:[EAX+25H],CH
00D20F96: B8 E9C4E820  MOV EAX, 20E8C4E9
00D20F9B: D0BE 7B58C20C SAR BYTE PTR DS:[ESI+0CC2587B],1
00D20FA1: 00C3         ADD BL, AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyW at 77DFBA55 (0) got patched. Here is the diff:
Address   New-Original
77DFBA55: E9 - 8B 
77DFBA56: 3A - FF 
77DFBA58: F2 - 8B 
77DFBA59: 88 - EC 
--> JMP DWORD PTR DS:[00D20F94]
Disassembly old code:
77DFBA55: 8BFF         MOV EDI, EDI
77DFBA57: 55           PUSH EBP
77DFBA58: 8BEC         MOV EBP, ESP

Disassembly new code:
77DFBA55: E9 3A55F288  JMP 00D20F94
Disassembly of hooker:
00D20F94: 68 25B8E9C4  PUSH C4E9B825
00D20F99: E8 20D0BE7B  CALL 7C90DFBE
00D20F9E: 58           POP EAX
00D20F9F: C2 0C00      RET 000C
00D20FA2: C3           RET ; Pop IP
00D20FA3: 1400         ADC AL, 00
00D20FA5: 68 25B8E9C4  PUSH C4E9B825
00D20FAA: E8 0FD0BE7B  CALL 7C90DFBE
00D20FAF: 58           POP EAX
00D20FB0: C2 0C00      RET 000C
00D20FB3: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:33:58 PM

The code of RegOpenKeyA at 77DDEFC8 (0) got patched. Here is the diff:
Address   New-Original
77DDEFC8: E9 - 8B 
77DDEFC9: 33 - FF 
77DDEFCA: 10 - 55 
77DDEFCB: F4 - 8B 
77DDEFCC: 88 - EC 
--> JMP DWORD PTR DS:[00D20000]
Disassembly old code:
77DDEFC8: 8BFF         MOV EDI, EDI
77DDEFCA: 55           PUSH EBP
77DDEFCB: 8BEC         MOV EBP, ESP

Disassembly new code:
77DDEFC8: E9 3310F488  JMP 00D20000
Disassembly of hooker:
00D20000: 68 25B8E9C4  PUSH C4E9B825
00D20005: E8 B4DFBE7B  CALL 7C90DFBE
00D2000A: 58           POP EAX
00D2000B: C2 0C00      RET 000C
00D2000E: C3           RET ; Pop IP
00D2000F: 0F006825     VERW WORD PTR DS:[EAX+25]
00D20013: B8 E9C4E8A3  MOV EAX, A3E8C4E9
00D20018: DFBE 7B58C20C FISTP QWORD PTR DS:[ESI+0CC2587B]
00D2001E: 00C3         ADD BL, AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyExA at 77DD7852 (0) got patched. Here is the diff:
Address   New-Original
77DD7852: E9 - 8B 
77DD7853: 7A - FF 
77DD7854: 97 - 55 
77DD7855: F4 - 8B 
77DD7856: 88 - EC 
--> JMP DWORD PTR DS:[00D20FD1]
Disassembly old code:
77DD7852: 8BFF         MOV EDI, EDI
77DD7854: 55           PUSH EBP
77DD7855: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD7852: E9 7A97F488  JMP 00D20FD1
Disassembly of hooker:
00D20FD1: 68 25B8E9C4  PUSH C4E9B825
00D20FD6: E8 E3CFBE7B  CALL 7C90DFBE
00D20FDB: 58           POP EAX
00D20FDC: C2 1400      RET 0014
00D20FDF: C3           RET ; Pop IP
00D20FE0: 1100         ADC DWORD PTR DS:[EAX],EAX
00D20FE2: 8BFF         MOV EDI, EDI
00D20FE4: 55           PUSH EBP
00D20FE5: 8BEC         MOV EBP, ESP
00D20FE7: E9 6B680B77  JMP 77DD7857
00D20FEC: 8BFF         MOV EDI, EDI
00D20FEE: 55           PUSH EBP
00D20FEF: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyExW at 77DD6AAF (0) got patched. Here is the diff:
Address   New-Original
77DD6AAF: E9 - 8B 
77DD6AB0: 0C - FF 
77DD6AB1: A5 - 55 
77DD6AB2: F4 - 8B 
77DD6AB3: 88 - EC 
--> JMP DWORD PTR DS:[00D20FC0]
Disassembly old code:
77DD6AAF: 8BFF         MOV EDI, EDI
77DD6AB1: 55           PUSH EBP
77DD6AB2: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD6AAF: E9 0CA5F488  JMP 00D20FC0
Disassembly of hooker:
00D20FC0: 68 25B8E9C4  PUSH C4E9B825
00D20FC5: E8 F4CFBE7B  CALL 7C90DFBE
00D20FCA: 58           POP EAX
00D20FCB: C2 1400      RET 0014
00D20FCE: C3           RET ; Pop IP
00D20FCF: 1200         ADC AL,BYTE PTR DS:[EAX]
00D20FD1: 68 25B8E9C4  PUSH C4E9B825
00D20FD6: E8 E3CFBE7B  CALL 7C90DFBE
00D20FDB: 58           POP EAX
00D20FDC: C2 1400      RET 0014
00D20FDF: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyW at 77DD7946 (0) got patched. Here is the diff:
Address   New-Original
77DD7946: E9 - 8B 
77DD7947: C6 - FF 
77DD7948: 86 - 55 
77DD7949: F4 - 8B 
77DD794A: 88 - EC 
--> JMP DWORD PTR DS:[00D20011]
Disassembly old code:
77DD7946: 8BFF         MOV EDI, EDI
77DD7948: 55           PUSH EBP
77DD7949: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD7946: E9 C686F488  JMP 00D20011
Disassembly of hooker:
00D20011: 68 25B8E9C4  PUSH C4E9B825
00D20016: E8 A3DFBE7B  CALL 7C90DFBE
00D2001B: 58           POP EAX
00D2001C: C2 0C00      RET 000C
00D2001F: C3           RET ; Pop IP
00D20020: 1000         ADC BYTE PTR DS:[EAX],AL
00D20022: 8BFF         MOV EDI, EDI
00D20024: 55           PUSH EBP
00D20025: 8BEC         MOV EBP, ESP
00D20027: E9 CCBC0D77  JMP 77DFBCF8
00D2002C: 8BFF         MOV EDI, EDI
00D2002E: 55           PUSH EBP
00D2002F: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
LSASRV.dll          (75730000 - 757E5000)
MPR.dll             (71B20000 - 71B32000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
MSASN1.dll          (77B20000 - 77B32000)
msvcrt.dll          (77C10000 - 77C68000)
The code of _creat at 77C2D40F (0) got patched. Here is the diff:
Address   New-Original
77C2D40F: E9 - 8B 
77C2D410: 13 - FF 
77C2D411: 2C - 55 
77C2D412: 0E - 8B 
77C2D413: 89 - EC 
--> JMP DWORD PTR DS:[00D10027]
Disassembly old code:
77C2D40F: 8BFF         MOV EDI, EDI
77C2D411: 55           PUSH EBP
77C2D412: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2D40F: E9 132C0E89  JMP 00D10027
Disassembly of hooker:
00D10027: 68 25B8E9C4  PUSH C4E9B825
00D1002C: E8 8DDFBF7B  CALL 7C90DFBE
00D10031: 58           POP EAX
00D10032: C2 0000      RET 0000
00D10035: C3           RET ; Pop IP
00D10036: 0B00         OR EAX,DWORD PTR DS:[EAX]
00D10038: 68 25B8E9C4  PUSH C4E9B825
00D1003D: E8 7CDFBF7B  CALL 7C90DFBE
00D10042: 58           POP EAX
00D10043: C2 0000      RET 0000
00D10046: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _open at 77C2F566 (0) got patched. Here is the diff:
Address   New-Original
77C2F566: E9 - 6A 
77C2F567: A1 - 14 
77C2F568: 0A - 68 
--> JMP DWORD PTR DS:[00D1000C]
Disassembly old code:
77C2F566: 6A14         PUSH 14

Disassembly new code:
77C2F566: E9 A10A0E89  JMP 00D1000C
Disassembly of hooker:
00D1000C: 68 25B8E9C4  PUSH C4E9B825
00D10011: E8 A8DFBF7B  CALL 7C90DFBE
00D10016: 58           POP EAX
00D10017: C2 0000      RET 0000
00D1001A: C3           RET ; Pop IP
00D1001B: 0900         OR DWORD PTR DS:[EAX],EAX
00D1001D: 8BFF         MOV EDI, EDI
00D1001F: 55           PUSH EBP
00D10020: 8BEC         MOV EBP, ESP
00D10022: E9 EDD3F176  JMP 77C2D414
00D10027: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wcreat at 77C2FC9B (0) got patched. Here is the diff:
Address   New-Original
77C2FC9B: E9 - 8B 
77C2FC9C: 32 - FF 
77C2FC9D: 13 - 55 
77C2FC9E: 0E - 8B 
77C2FC9F: 89 - EC 
--> JMP DWORD PTR DS:[00D10FD2]
Disassembly old code:
77C2FC9B: 8BFF         MOV EDI, EDI
77C2FC9D: 55           PUSH EBP
77C2FC9E: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2FC9B: E9 32130E89  JMP 00D10FD2
Disassembly of hooker:
00D10FD2: 68 25B8E9C4  PUSH C4E9B825
00D10FD7: E8 E2CFBF7B  CALL 7C90DFBE
00D10FDC: 58           POP EAX
00D10FDD: C2 0000      RET 0000
00D10FE0: C3           RET ; Pop IP
00D10FE1: 0C00         OR AL, 00
00D10FE3: 68 25B8E9C4  PUSH C4E9B825
00D10FE8: E8 D1CFBF7B  CALL 7C90DFBE
00D10FED: 58           POP EAX
00D10FEE: C2 0000      RET 0000
00D10FF1: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wopen at 77C30055 (0) got patched. Here is the diff:
Address   New-Original
77C30055: E9 - 6A 
77C30056: 89 - 14 
77C30057: 0F - 68 
--> JMP DWORD PTR DS:[00D10FE3]
Disassembly old code:
77C30055: 6A14         PUSH 14

Disassembly new code:
77C30055: E9 890F0E89  JMP 00D10FE3
Disassembly of hooker:
00D10FE3: 68 25B8E9C4  PUSH C4E9B825
00D10FE8: E8 D1CFBF7B  CALL 7C90DFBE
00D10FED: 58           POP EAX
00D10FEE: C2 0000      RET 0000
00D10FF1: C3           RET ; Pop IP
00D10FF2: 0A00         OR AL,BYTE PTR DS:[EAX]
00D10FF4: 0000         ADD BYTE PTR DS:[EAX],AL
00D10FF6: 0000         ADD BYTE PTR DS:[EAX],AL
00D10FF8: 0000         ADD BYTE PTR DS:[EAX],AL
00D10FFA: 0000         ADD BYTE PTR DS:[EAX],AL
00D10FFC: 0000         ADD BYTE PTR DS:[EAX],AL
00D10FFE: 0000         ADD BYTE PTR DS:[EAX],AL
00D11000: 0000         ADD BYTE PTR DS:[EAX],AL
00D11002: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wsystem at 77C2931E (0) got patched. Here is the diff:
Address   New-Original
77C2931E: E9 - 8B 
77C2931F: 30 - FF 
77C29320: 6D - 55 
77C29321: 0E - 8B 
77C29322: 89 - EC 
--> JMP DWORD PTR DS:[00D10053]
Disassembly old code:
77C2931E: 8BFF         MOV EDI, EDI
77C29320: 55           PUSH EBP
77C29321: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2931E: E9 306D0E89  JMP 00D10053
Disassembly of hooker:
00D10053: 68 25B8E9C4  PUSH C4E9B825
00D10058: E8 61DFBF7B  CALL 7C90DFBE
00D1005D: 58           POP EAX
00D1005E: C2 0000      RET 0000
00D10061: C3           RET ; Pop IP
00D10062: 0E           PUSH CS ; Push CS register to the stack
00D10063: 0000         ADD BYTE PTR DS:[EAX],AL
00D10065: 0000         ADD BYTE PTR DS:[EAX],AL
00D10067: 0000         ADD BYTE PTR DS:[EAX],AL
00D10069: 0000         ADD BYTE PTR DS:[EAX],AL
00D1006B: 0000         ADD BYTE PTR DS:[EAX],AL
00D1006D: 0000         ADD BYTE PTR DS:[EAX],AL
00D1006F: 0000         ADD BYTE PTR DS:[EAX],AL
00D10071: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of system at 77C293C7 (0) got patched. Here is the diff:
Address   New-Original
77C293C7: E9 - 8B 
77C293C8: 6C - FF 
77C293C9: 6C - 55 
77C293CA: 0E - 8B 
77C293CB: 89 - EC 
--> JMP DWORD PTR DS:[00D10038]
Disassembly old code:
77C293C7: 8BFF         MOV EDI, EDI
77C293C9: 55           PUSH EBP
77C293CA: 8BEC         MOV EBP, ESP

Disassembly new code:
77C293C7: E9 6C6C0E89  JMP 00D10038
Disassembly of hooker:
00D10038: 68 25B8E9C4  PUSH C4E9B825
00D1003D: E8 7CDFBF7B  CALL 7C90DFBE
00D10042: 58           POP EAX
00D10043: C2 0000      RET 0000
00D10046: C3           RET ; Pop IP
00D10047: 0D 008BFF55  OR EAX, 55FF8B00
00D1004C: 8BEC         MOV EBP, ESP
00D1004E: E9 7993F176  JMP 77C293CC
00D10053: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NETAPI32.dll        (5B860000 - 5B8B5000)
NTDSAPI.dll         (767A0000 - 767B3000)
DNSAPI.dll          (76F20000 - 76F47000)
WS2_32.dll          (71AB0000 - 71AC7000)
The code of socket at 71AB4211 (0) got patched. Here is the diff:
Address   New-Original
71AB4211: E9 - 8B 
71AB4212: EA - FF 
71AB4213: BD - 55 
71AB4214: 24 - 8B 
71AB4215: 8F - EC 
--> JMP DWORD PTR DS:[00D00000]
Disassembly old code:
71AB4211: 8BFF         MOV EDI, EDI
71AB4213: 55           PUSH EBP
71AB4214: 8BEC         MOV EBP, ESP

Disassembly new code:
71AB4211: E9 EABD248F  JMP 00D00000
Disassembly of hooker:
00D00000: 68 25B8E9C4  PUSH C4E9B825
00D00005: E8 B4DFC07B  CALL 7C90DFBE
00D0000A: 58           POP EAX
00D0000B: C2 0C00      RET 000C
00D0000E: C3           RET ; Pop IP
00D0000F: 0800         OR BYTE PTR DS:[EAX],AL
00D00011: 8BFF         MOV EDI, EDI
00D00013: 55           PUSH EBP
00D00014: 8BEC         MOV EBP, ESP
00D00016: E9 FB41DB70  JMP 71AB4216
00D0001B: 0000         ADD BYTE PTR DS:[EAX],AL
00D0001D: 0000         ADD BYTE PTR DS:[EAX],AL
00D0001F: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
WS2HELP.dll         (71AA0000 - 71AA8000)
WLDAP32.dll         (76F60000 - 76F8C000)
SAMLIB.dll          (71BF0000 - 71C03000)
SAMSRV.dll          (74440000 - 744AA000)
cryptdll.dll        (76790000 - 7679C000)
ShimEng.dll         (5CB70000 - 5CB96000)
AcGenral.DLL        (6F880000 - 6FA4A000)
WINMM.dll           (76B40000 - 76B6D000)
ole32.dll           (774E0000 - 7761D000)
OLEAUT32.dll        (77120000 - 771AB000)
MSACM32.dll         (77BE0000 - 77BF5000)
VERSION.dll         (77C00000 - 77C08000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
USERENV.dll         (769C0000 - 76A74000)
UxTheme.dll         (5AD70000 - 5ADA8000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
msprivs.dll         (4D200000 - 4D20E000)
kerberos.dll        (71CF0000 - 71D3C000)
msv1_0.dll          (77C70000 - 77C95000)
iphlpapi.dll        (76D60000 - 76D79000)
netlogon.dll        (744B0000 - 74515000)
w32time.dll         (767C0000 - 767EC000)
MSVCP60.dll         (76080000 - 760E5000)
schannel.dll        (767F0000 - 76818000)
CRYPT32.dll         (77A80000 - 77B15000)
wdigest.dll         (7DFC0000 - 7DFD1000)
rsaenh.dll          (68000000 - 68036000)
scecli.dll          (74410000 - 7443F000)
SETUPAPI.dll        (77920000 - 77A13000)

PID 1560  - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
  WINMM.dll   :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll:
Base address:   6BFA0000
Size:      0001E000
Flags:      80084004
Load count:   1
Name:      AOL Diagnostics
Prod. Version:   3.3.15.2
Company:   AOL LLC
File Version:   3.3.15.2
Description:   AOL Diagnostics
Location:   C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  WINMM.dll   :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll:
Base address:   6BFA0000
Size:      0001E000
Flags:      80084004
Load count:   1
Name:      AOL Diagnostics
Prod. Version:   3.3.15.2
Company:   AOL LLC
File Version:   3.3.15.2
Description:   AOL Diagnostics
Location:   C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  WINMM.dll   :LoadLibraryExW           --[HOOKED]--  @6BFA9DE1 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll:
Base address:   6BFA0000
Size:      0001E000
Flags:      80084004
Load count:   1
Name:      AOL Diagnostics
Prod. Version:   3.3.15.2
Company:   AOL LLC
File Version:   3.3.15.2
Description:   AOL Diagnostics
Location:   C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  WINMM.dll   :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:34:49 PM

Information about C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll:
Base address:   6BFA0000
Size:      0001E000
Flags:      80084004
Load count:   1
Name:      AOL Diagnostics
Prod. Version:   3.3.15.2
Company:   AOL LLC
File Version:   3.3.15.2
Description:   AOL Diagnostics
Location:   C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  ADVAPI32.dll:LoadLibraryExW           --[HOOKED]--  @6BFA9DE1 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  ADVAPI32.dll:SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  ADVAPI32.dll:LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  ADVAPI32.dll:LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  RPCRT4.dll  :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  RPCRT4.dll  :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  RPCRT4.dll  :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  Secur32.dll :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  Secur32.dll :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  Secur32.dll :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  GDI32.dll   :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  GDI32.dll   :LoadLibraryExW           --[HOOKED]--  @6BFA9DE1 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  GDI32.dll   :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  GDI32.dll   :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  USER32.dll  :LoadLibraryExW           --[HOOKED]--  @6BFA9DE1 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  USER32.dll  :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  USER32.dll  :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  USER32.dll  :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  TAPI32.dll  :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  TAPI32.dll  :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  msvcrt.dll  :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  msvcrt.dll  :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  rtutils.dll :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  rtutils.dll :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  rtutils.dll :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHLWAPI.dll :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHLWAPI.dll :LoadLibraryExA           --[HOOKED]--  @6BFA9D54 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHLWAPI.dll :LoadLibraryExW           --[HOOKED]--  @6BFA9DE1 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHLWAPI.dll :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHLWAPI.dll :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  WS2_32.dll  :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  WS2_32.dll  :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  WS2HELP.dll :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  WS2HELP.dll :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SETUPAPI.dll:LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SETUPAPI.dll:SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SETUPAPI.dll:LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  VERSION.dll :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  VERSION.dll :LoadLibraryExW           --[HOOKED]--  @6BFA9DE1 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  VERSION.dll :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHELL32.dll :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHELL32.dll :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHELL32.dll :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHELL32.dll :LoadLibraryExW           --[HOOKED]--  @6BFA9DE1 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  SHELL32.dll :LoadLibraryExA           --[HOOKED]--  @6BFA9D54 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  ole32.dll   :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  ole32.dll   :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  ole32.dll   :LoadLibraryExW           --[HOOKED]--  @6BFA9DE1 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  ole32.dll   :LoadLibraryExA           --[HOOKED]--  @6BFA9D54 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  ole32.dll   :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  OLEAUT32.dll:LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  OLEAUT32.dll:LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  OLEAUT32.dll:SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  IMM32.DLL   :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  IMM32.DLL   :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  comctl32.dll:SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  comctl32.dll:LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  comctl32.dll:LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  comctl32.dll:LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  comctl32.dll:LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  comctl32.dll:SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  msctfime.ime:SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  msctfime.ime:LoadLibraryExA           --[HOOKED]--  @6BFA9D54 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  msctfime.ime:LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  msctfime.ime:LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  psapi.dll   :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  psapi.dll   :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  wtsapi32.dll:SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  wtsapi32.dll:LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  WINSTA.dll  :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  NETAPI32.dll:LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  NETAPI32.dll:SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  NETAPI32.dll:LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  userenv.dll :LoadLibraryW             --[HOOKED]--  @6BFA9CCD by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  userenv.dll :LoadLibraryExA           --[HOOKED]--  @6BFA9D54 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  userenv.dll :LoadLibraryA             --[HOOKED]--  @6BFA9C46 by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
  userenv.dll :SetUnhandledExceptionFilter--[HOOKED]--  @6BFA9E6E by C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
AOLacsd.dll         (10000000 - 10142000)
WINMM.dll           (76B40000 - 76B6D000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
TAPI32.dll          (76EB0000 - 76EDF000)
msvcrt.dll          (77C10000 - 77C68000)
rtutils.dll         (76E80000 - 76E8E000)
SHLWAPI.dll         (77F60000 - 77FD6000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
SETUPAPI.dll        (77920000 - 77A13000)
VERSION.dll         (77C00000 - 77C08000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
ole32.dll           (774E0000 - 7761D000)
OLEAUT32.dll        (77120000 - 771AB000)
xpat.dll            (00350000 - 0036E000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
msctfime.ime        (755C0000 - 755EE000)
psapi.dll           (76BF0000 - 76BFB000)
wtsapi32.dll        (76F50000 - 76F58000)
WINSTA.dll          (76360000 - 76370000)
NETAPI32.dll        (5B860000 - 5B8B5000)
userenv.dll         (769C0000 - 76A74000)
ACSMDiag.dll        (00BE0000 - 00BF9000)
tbdiag.dll          (6BFA0000 - 6BFBE000)
AcsCmn.dll          (00E20000 - 00E5F000)

PID 1572  - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
WSOCK32.dll         (71AD0000 - 71AD9000)
WS2_32.dll          (71AB0000 - 71AC7000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
msvcrt.dll          (77C10000 - 77C68000)
WS2HELP.dll         (71AA0000 - 71AA8000)
SETUPAPI.dll        (77920000 - 77A13000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
WTSAPI32.dll        (76F50000 - 76F58000)
WINSTA.dll          (76360000 - 76370000)
NETAPI32.dll        (5B860000 - 5B8B5000)
USERENV.dll         (769C0000 - 76A74000)
IMM32.DLL           (76390000 - 763AD000)
NTMARTA.DLL         (77690000 - 776B1000)
ole32.dll           (774E0000 - 7761D000)
SAMLIB.dll          (71BF0000 - 71C03000)
WLDAP32.dll         (76F60000 - 76F8C000)
mswsock.dll         (71A50000 - 71A8F000)
hnetcfg.dll         (662B0000 - 66308000)
wshtcpip.dll        (71A90000 - 71A98000)
WINTRUST.dll        (76C30000 - 76C5E000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
msv1_0.dll          (77C70000 - 77C95000)
cryptdll.dll        (76790000 - 7679C000)
iphlpapi.dll        (76D60000 - 76D79000)
rsaenh.dll          (68000000 - 68036000)

PID 1592  - C:\Program Files\Bonjour\mDNSResponder.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
WS2_32.dll          (71AB0000 - 71AC7000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
msvcrt.dll          (77C10000 - 77C68000)
WS2HELP.dll         (71AA0000 - 71AA8000)
IPHLPAPI.DLL        (76D60000 - 76D79000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
NETAPI32.dll        (5B860000 - 5B8B5000)
POWRPROF.dll        (74AD0000 - 74AD8000)
ole32.dll           (774E0000 - 7761D000)
OLEAUT32.dll        (77120000 - 771AB000)
IMM32.DLL           (76390000 - 763AD000)
rsaenh.dll          (68000000 - 68036000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
mswsock.dll         (71A50000 - 71A8F000)
hnetcfg.dll         (662B0000 - 66308000)
wshtcpip.dll        (71A90000 - 71A98000)
MPRAPI.dll          (76D40000 - 76D58000)
ACTIVEDS.dll        (77CC0000 - 77CF2000)
adsldpc.dll         (76E10000 - 76E35000)
WLDAP32.dll         (76F60000 - 76F8C000)
ATL.DLL             (76B20000 - 76B31000)
rtutils.dll         (76E80000 - 76E8E000)
SAMLIB.dll          (71BF0000 - 71C03000)
SETUPAPI.dll        (77920000 - 77A13000)

PID 1632  - C:\WINDOWS\system32\CTsvcCDA.EXE
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
IMM32.DLL           (76390000 - 763AD000)

PID 1672  - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
mscoree.dll         (79000000 - 79046000)
Cannot read memory @00005DC0: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @00005DC0
Cannot read memory @00002E90: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @00002E90
Cannot read memory @0000B8C0: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @0000B8C0
Cannot read memory @00011E10: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @00011E10
Disassembly of hooker:
0003A580: 0000         ADD BYTE PTR DS:[EAX],AL
0003A582: 0000         ADD BYTE PTR DS:[EAX],AL
0003A584: 0000         ADD BYTE PTR DS:[EAX],AL
0003A586: 0000         ADD BYTE PTR DS:[EAX],AL
0003A588: 0000         ADD BYTE PTR DS:[EAX],AL
0003A58A: 0000         ADD BYTE PTR DS:[EAX],AL
0003A58C: 0000         ADD BYTE PTR DS:[EAX],AL
0003A58E: 0000         ADD BYTE PTR DS:[EAX],AL
0003A590: 0000         ADD BYTE PTR DS:[EAX],AL
0003A592: 0000         ADD BYTE PTR DS:[EAX],AL
0003A594: 0000         ADD BYTE PTR DS:[EAX],AL
0003A596: 0000         ADD BYTE PTR DS:[EAX],AL
0003A598: 0000         ADD BYTE PTR DS:[EAX],AL
0003A59A: 0000         ADD BYTE PTR DS:[EAX],AL
0003A59C: 0000         ADD BYTE PTR DS:[EAX],AL
0003A59E: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @0003A580
Cannot read memory @00004850: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @00004850
Cannot read memory @00009B90: 8000000D
  Intuit.Spc.Fo_CorDllMain              --[HOOKED]--  @00009B90
Disassembly of hooker:
0006EA10: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA12: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA14: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA16: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA18: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA1A: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA1C: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA1E: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA20: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA22: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA24: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA26: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA28: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA2A: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA2C: 0000         ADD BYTE PTR DS:[EAX],AL
0006EA2E: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Fo_CorDllMain              --[HOOKED]--  @0006EA10
Cannot read memory @0000E210: 8000000D
  Intuit.Spc.Fo_CorDllMain              --[HOOKED]--  @0000E210
Disassembly of hooker:
00010C40: 0000         ADD BYTE PTR DS:[EAX],AL
00010C42: 0000         ADD BYTE PTR DS:[EAX],AL
00010C44: 0000         ADD BYTE PTR DS:[EAX],AL
00010C46: 0000         ADD BYTE PTR DS:[EAX],AL
00010C48: 0000         ADD BYTE PTR DS:[EAX],AL
00010C4A: 0000         ADD BYTE PTR DS:[EAX],AL
00010C4C: 0000         ADD BYTE PTR DS:[EAX],AL
00010C4E: 0000         ADD BYTE PTR DS:[EAX],AL
00010C50: 0000         ADD BYTE PTR DS:[EAX],AL
00010C52: 0000         ADD BYTE PTR DS:[EAX],AL
00010C54: 0000         ADD BYTE PTR DS:[EAX],AL
00010C56: 0000         ADD BYTE PTR DS:[EAX],AL
00010C58: 0000         ADD BYTE PTR DS:[EAX],AL
00010C5A: 0000         ADD BYTE PTR DS:[EAX],AL
00010C5C: 0000         ADD BYTE PTR DS:[EAX],AL
00010C5E: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Fo_CorDllMain              --[HOOKED]--  @00010C40
Disassembly of hooker:
002AC1E0: 0000         ADD BYTE PTR DS:[EAX],AL
002AC1E2: 004013       ADD BYTE PTR DS:[EAX+13H],AL
002AC1E5: 0000         ADD BYTE PTR DS:[EAX],AL
002AC1E7: 0000         ADD BYTE PTR DS:[EAX],AL
002AC1E9: 00D4         ADD AH, DL
002AC1EB: C54900       LDS ECX,FWORD PTR DS:[ECX+00H]
002AC1EE: 7400         JZ 002AC1F0
002AC1F0: 61           POPAD
002AC1F1: 006C0069     ADD BYTE PTR DS:[EAX+EAX+69H],CH
002AC1F5: 006100       ADD BYTE PTR DS:[ECX+00H],AH
002AC1F8: 6E           OUTSB ; DX, Byte ptr ES:[edi]
002AC1F9: 0000         ADD BYTE PTR DS:[EAX],AL
002AC1FB: 004900       ADD BYTE PTR DS:[ECX+00H],CL
002AC1FE: 54           PUSH ESP
002AC1FF: 004100       ADD BYTE PTR DS:[ECX+00H],AL
  System.dll  :_CorDllMain              --[HOOKED]--  @002AC1E0
Disassembly of hooker:
0005C1D0: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1D2: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1D4: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1D6: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1D8: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1DA: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1DC: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1DE: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1E0: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1E2: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1E4: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1E6: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1E8: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1EA: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1EC: 0000         ADD BYTE PTR DS:[EAX],AL
0005C1EE: 0000         ADD BYTE PTR DS:[EAX],AL
  System.Config_CorDllMain              --[HOOKED]--  @0005C1D0
Disassembly of hooker:
001D65C0: 0000         ADD BYTE PTR DS:[EAX],AL
001D65C2: 0000         ADD BYTE PTR DS:[EAX],AL
001D65C4: 0000         ADD BYTE PTR DS:[EAX],AL
001D65C6: 0000         ADD BYTE PTR DS:[EAX],AL
001D65C8: 0000         ADD BYTE PTR DS:[EAX],AL
001D65CA: 0000         ADD BYTE PTR DS:[EAX],AL
001D65CC: 0000         ADD BYTE PTR DS:[EAX],AL
001D65CE: 0000         ADD BYTE PTR DS:[EAX],AL
001D65D0: 0000         ADD BYTE PTR DS:[EAX],AL
001D65D2: 0000         ADD BYTE PTR DS:[EAX],AL
001D65D4: 0000         ADD BYTE PTR DS:[EAX],AL
001D65D6: 0000         ADD BYTE PTR DS:[EAX],AL
001D65D8: 0000         ADD BYTE PTR DS:[EAX],AL
001D65DA: 0000         ADD BYTE PTR DS:[EAX],AL
001D65DC: 0000         ADD BYTE PTR DS:[EAX],AL
001D65DE: 0000         ADD BYTE PTR DS:[EAX],AL
  System.Xml.dl_CorDllMain              --[HOOKED]--  @001D65C0
Disassembly of hooker:
000623B0: 0000         ADD BYTE PTR DS:[EAX],AL
000623B2: 0000         ADD BYTE PTR DS:[EAX],AL
000623B4: 0000         ADD BYTE PTR DS:[EAX],AL
000623B6: 0000         ADD BYTE PTR DS:[EAX],AL
000623B8: 0000         ADD BYTE PTR DS:[EAX],AL
000623BA: 0000         ADD BYTE PTR DS:[EAX],AL
000623BC: 0000         ADD BYTE PTR DS:[EAX],AL
000623BE: 0000         ADD BYTE PTR DS:[EAX],AL
000623C0: 0000         ADD BYTE PTR DS:[EAX],AL
000623C2: 0000         ADD BYTE PTR DS:[EAX],AL
000623C4: 0000         ADD BYTE PTR DS:[EAX],AL
000623C6: 0000         ADD BYTE PTR DS:[EAX],AL
000623C8: 0000         ADD BYTE PTR DS:[EAX],AL
000623CA: 0000         ADD BYTE PTR DS:[EAX],AL
000623CC: 0000         ADD BYTE PTR DS:[EAX],AL
000623CE: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @000623B0
Cannot read memory @0001D6C0: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @0001D6C0
Cannot read memory @0001FFC0: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @0001FFC0
Disassembly of hooker:
00071340: 0000         ADD BYTE PTR DS:[EAX],AL
00071342: 0000         ADD BYTE PTR DS:[EAX],AL
00071344: 0000         ADD BYTE PTR DS:[EAX],AL
00071346: 0000         ADD BYTE PTR DS:[EAX],AL
00071348: 0000         ADD BYTE PTR DS:[EAX],AL
0007134A: 0000         ADD BYTE PTR DS:[EAX],AL
0007134C: 0000         ADD BYTE PTR DS:[EAX],AL
0007134E: 0000         ADD BYTE PTR DS:[EAX],AL
00071350: 0000         ADD BYTE PTR DS:[EAX],AL
00071352: 0000         ADD BYTE PTR DS:[EAX],AL
00071354: 0000         ADD BYTE PTR DS:[EAX],AL
00071356: 0000         ADD BYTE PTR DS:[EAX],AL
00071358: 0000         ADD BYTE PTR DS:[EAX],AL
0007135A: 0000         ADD BYTE PTR DS:[EAX],AL
0007135C: 0000         ADD BYTE PTR DS:[EAX],AL
0007135E: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Ma_CorDllMain              --[HOOKED]--  @00071340
Disassembly of hooker:
0003B650: 0000         ADD BYTE PTR DS:[EAX],AL
0003B652: 0000         ADD BYTE PTR DS:[EAX],AL
0003B654: 0000         ADD BYTE PTR DS:[EAX],AL
0003B656: 0000         ADD BYTE PTR DS:[EAX],AL
0003B658: 0000         ADD BYTE PTR DS:[EAX],AL
0003B65A: 0000         ADD BYTE PTR DS:[EAX],AL
0003B65C: 0000         ADD BYTE PTR DS:[EAX],AL
0003B65E: 0000         ADD BYTE PTR DS:[EAX],AL
0003B660: 0000         ADD BYTE PTR DS:[EAX],AL
0003B662: 0000         ADD BYTE PTR DS:[EAX],AL
0003B664: 0000         ADD BYTE PTR DS:[EAX],AL
0003B666: 0000         ADD BYTE PTR DS:[EAX],AL
0003B668: 0000         ADD BYTE PTR DS:[EAX],AL
0003B66A: 0000         ADD BYTE PTR DS:[EAX],AL
0003B66C: 0000         ADD BYTE PTR DS:[EAX],AL
0003B66E: 0000         ADD BYTE PTR DS:[EAX],AL
  System.Enterp_CorDllMain              --[HOOKED]--  @0003B650
Disassembly of hooker:
000477E0: 0000         ADD BYTE PTR DS:[EAX],AL
000477E2: 0000         ADD BYTE PTR DS:[EAX],AL
000477E4: 0000         ADD BYTE PTR DS:[EAX],AL
000477E6: 0000         ADD BYTE PTR DS:[EAX],AL
000477E8: 0000         ADD BYTE PTR DS:[EAX],AL
000477EA: 0000         ADD BYTE PTR DS:[EAX],AL
000477EC: 0000         ADD BYTE PTR DS:[EAX],AL
000477EE: 0000         ADD BYTE PTR DS:[EAX],AL
000477F0: 0000         ADD BYTE PTR DS:[EAX],AL
000477F2: 0000         ADD BYTE PTR DS:[EAX],AL
000477F4: 0000         ADD BYTE PTR DS:[EAX],AL
000477F6: 0000         ADD BYTE PTR DS:[EAX],AL
000477F8: 0000         ADD BYTE PTR DS:[EAX],AL
000477FA: 0000         ADD BYTE PTR DS:[EAX],AL
000477FC: 0000         ADD BYTE PTR DS:[EAX],AL
000477FE: 0000         ADD BYTE PTR DS:[EAX],AL
  System.Runtim_CorDllMain              --[HOOKED]--  @000477E0
Cannot read memory @0047C030: 8000000D
  System.Window_CorDllMain              --[HOOKED]--  @0047C030
Disassembly of hooker:
00088BD0: 0000         ADD BYTE PTR DS:[EAX],AL
00088BD2: 0000         ADD BYTE PTR DS:[EAX],AL
00088BD4: 0000         ADD BYTE PTR DS:[EAX],AL
00088BD6: 0000         ADD BYTE PTR DS:[EAX],AL
00088BD8: 0000         ADD BYTE PTR DS:[EAX],AL
00088BDA: 0000         ADD BYTE PTR DS:[EAX],AL
00088BDC: 0000         ADD BYTE PTR DS:[EAX],AL
00088BDE: 0000         ADD BYTE PTR DS:[EAX],AL
00088BE0: 0000         ADD BYTE PTR DS:[EAX],AL
00088BE2: 0000         ADD BYTE PTR DS:[EAX],AL
00088BE4: 0000         ADD BYTE PTR DS:[EAX],AL
00088BE6: 0000         ADD BYTE PTR DS:[EAX],AL
00088BE8: 0000         ADD BYTE PTR DS:[EAX],AL
00088BEA: 0000         ADD BYTE PTR DS:[EAX],AL
00088BEC: 0000         ADD BYTE PTR DS:[EAX],AL
00088BEE: 0000         ADD BYTE PTR DS:[EAX],AL
  System.Drawin_CorDllMain              --[HOOKED]--  @00088BD0

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:35:29 PM

Disassembly of hooker:
001039F8: 0000         ADD BYTE PTR DS:[EAX],AL
001039FA: 0000         ADD BYTE PTR DS:[EAX],AL
001039FC: 0000         ADD BYTE PTR DS:[EAX],AL
001039FE: 0000         ADD BYTE PTR DS:[EAX],AL
00103A00: 0000         ADD BYTE PTR DS:[EAX],AL
00103A02: 0000         ADD BYTE PTR DS:[EAX],AL
00103A04: 0000         ADD BYTE PTR DS:[EAX],AL
00103A06: 0000         ADD BYTE PTR DS:[EAX],AL
00103A08: 0000         ADD BYTE PTR DS:[EAX],AL
00103A0A: 0000         ADD BYTE PTR DS:[EAX],AL
00103A0C: 0000         ADD BYTE PTR DS:[EAX],AL
00103A0E: 0000         ADD BYTE PTR DS:[EAX],AL
00103A10: 0000         ADD BYTE PTR DS:[EAX],AL
00103A12: 0000         ADD BYTE PTR DS:[EAX],AL
00103A14: 0000         ADD BYTE PTR DS:[EAX],AL
00103A16: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Ma_CorDllMain              --[HOOKED]--  @001039F8
Cannot read memory @0001AA40: 8000000D
  System.Servic_CorDllMain              --[HOOKED]--  @0001AA40
Cannot read memory @0000B710: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @0000B710
Cannot read memory @00011400: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @00011400
Disassembly of hooker:
00042050: 0000         ADD BYTE PTR DS:[EAX],AL
00042052: 0000         ADD BYTE PTR DS:[EAX],AL
00042054: 0000         ADD BYTE PTR DS:[EAX],AL
00042056: 0000         ADD BYTE PTR DS:[EAX],AL
00042058: 0000         ADD BYTE PTR DS:[EAX],AL
0004205A: 0000         ADD BYTE PTR DS:[EAX],AL
0004205C: 0000         ADD BYTE PTR DS:[EAX],AL
0004205E: 0000         ADD BYTE PTR DS:[EAX],AL
00042060: 0000         ADD BYTE PTR DS:[EAX],AL
00042062: 0000         ADD BYTE PTR DS:[EAX],AL
00042064: 0000         ADD BYTE PTR DS:[EAX],AL
00042066: 0000         ADD BYTE PTR DS:[EAX],AL
00042068: 0000         ADD BYTE PTR DS:[EAX],AL
0004206A: 0000         ADD BYTE PTR DS:[EAX],AL
0004206C: 0000         ADD BYTE PTR DS:[EAX],AL
0004206E: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @00042050
Cannot read memory @00004840: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @00004840
Disassembly of hooker:
00040A90: 0000         ADD BYTE PTR DS:[EAX],AL
00040A92: 0000         ADD BYTE PTR DS:[EAX],AL
00040A94: 0000         ADD BYTE PTR DS:[EAX],AL
00040A96: 0000         ADD BYTE PTR DS:[EAX],AL
00040A98: 0000         ADD BYTE PTR DS:[EAX],AL
00040A9A: 0000         ADD BYTE PTR DS:[EAX],AL
00040A9C: 0000         ADD BYTE PTR DS:[EAX],AL
00040A9E: 0000         ADD BYTE PTR DS:[EAX],AL
00040AA0: 0000         ADD BYTE PTR DS:[EAX],AL
00040AA2: 0000         ADD BYTE PTR DS:[EAX],AL
00040AA4: 0000         ADD BYTE PTR DS:[EAX],AL
00040AA6: 0000         ADD BYTE PTR DS:[EAX],AL
00040AA8: 0000         ADD BYTE PTR DS:[EAX],AL
00040AAA: 0000         ADD BYTE PTR DS:[EAX],AL
00040AAC: 0000         ADD BYTE PTR DS:[EAX],AL
00040AAE: 0000         ADD BYTE PTR DS:[EAX],AL
  log4net.dll :_CorDllMain              --[HOOKED]--  @00040A90
Disassembly of hooker:
00066650: 0000         ADD BYTE PTR DS:[EAX],AL
00066652: 0000         ADD BYTE PTR DS:[EAX],AL
00066654: 0000         ADD BYTE PTR DS:[EAX],AL
00066656: 0000         ADD BYTE PTR DS:[EAX],AL
00066658: 0000         ADD BYTE PTR DS:[EAX],AL
0006665A: 0000         ADD BYTE PTR DS:[EAX],AL
0006665C: 0000         ADD BYTE PTR DS:[EAX],AL
0006665E: 0000         ADD BYTE PTR DS:[EAX],AL
00066660: 0000         ADD BYTE PTR DS:[EAX],AL
00066662: 0000         ADD BYTE PTR DS:[EAX],AL
00066664: 0000         ADD BYTE PTR DS:[EAX],AL
00066666: 0000         ADD BYTE PTR DS:[EAX],AL
00066668: 0000         ADD BYTE PTR DS:[EAX],AL
0006666A: 0000         ADD BYTE PTR DS:[EAX],AL
0006666C: 0000         ADD BYTE PTR DS:[EAX],AL
0006666E: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @00066650
Cannot read memory @0001D3F0: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @0001D3F0
Cannot read memory @0001DB80: 8000000D
  Intuit.Spc.Es_CorDllMain              --[HOOKED]--  @0001DB80
Disassembly of hooker:
00071950: 0000         ADD BYTE PTR DS:[EAX],AL
00071952: 0000         ADD BYTE PTR DS:[EAX],AL
00071954: 0000         ADD BYTE PTR DS:[EAX],AL
00071956: 0000         ADD BYTE PTR DS:[EAX],AL
00071958: 0000         ADD BYTE PTR DS:[EAX],AL
0007195A: 0000         ADD BYTE PTR DS:[EAX],AL
0007195C: 0000         ADD BYTE PTR DS:[EAX],AL
0007195E: 0000         ADD BYTE PTR DS:[EAX],AL
00071960: 0000         ADD BYTE PTR DS:[EAX],AL
00071962: 0000         ADD BYTE PTR DS:[EAX],AL
00071964: 0000         ADD BYTE PTR DS:[EAX],AL
00071966: 0000         ADD BYTE PTR DS:[EAX],AL
00071968: 0000         ADD BYTE PTR DS:[EAX],AL
0007196A: 0000         ADD BYTE PTR DS:[EAX],AL
0007196C: 0000         ADD BYTE PTR DS:[EAX],AL
0007196E: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Ma_CorDllMain              --[HOOKED]--  @00071950
Disassembly of hooker:
00063D24: 0000         ADD BYTE PTR DS:[EAX],AL
00063D26: 0000         ADD BYTE PTR DS:[EAX],AL
00063D28: 0000         ADD BYTE PTR DS:[EAX],AL
00063D2A: 0000         ADD BYTE PTR DS:[EAX],AL
00063D2C: 0000         ADD BYTE PTR DS:[EAX],AL
00063D2E: 0000         ADD BYTE PTR DS:[EAX],AL
00063D30: 0000         ADD BYTE PTR DS:[EAX],AL
00063D32: 0000         ADD BYTE PTR DS:[EAX],AL
00063D34: 0000         ADD BYTE PTR DS:[EAX],AL
00063D36: 0000         ADD BYTE PTR DS:[EAX],AL
00063D38: 0000         ADD BYTE PTR DS:[EAX],AL
00063D3A: 0000         ADD BYTE PTR DS:[EAX],AL
00063D3C: 0000         ADD BYTE PTR DS:[EAX],AL
00063D3E: 0000         ADD BYTE PTR DS:[EAX],AL
00063D40: 0000         ADD BYTE PTR DS:[EAX],AL
00063D42: 0000         ADD BYTE PTR DS:[EAX],AL
  Intuit.Spc.Ma_CorDllMain              --[HOOKED]--  @00063D24
KERNEL32.dll        (7C800000 - 7C8F6000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
SHLWAPI.dll         (77F60000 - 77FD6000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
msvcrt.dll          (77C10000 - 77C68000)
IMM32.DLL           (76390000 - 763AD000)
mscorwks.dll        (79E70000 - 7A400000)
MSVCR80.dll         (78130000 - 781CB000)
shell32.dll         (7C9C0000 - 7D1D7000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
mscorlib.ni.dll     (790C0000 - 79BB7000)
ole32.dll           (774E0000 - 7761D000)
rsaenh.dll          (68000000 - 68036000)
mscorjit.dll        (79060000 - 790BB000)
System.ni.dll       (7A440000 - 7ABC5000)
System.ServiceProcess.ni.dll(67A20000 - 67A57000)
Intuit.Spc.Esd.WinClient.Application.Up dateService.dll(00A10000 - 00A1A000)
Intuit.Spc.Esd.WinClient.Application.Up dateService.PluginContract.dll(00C30000 - 00C38000)
shfolder.dll        (76780000 - 76789000)
version.dll         (77C00000 - 77C08000)
Intuit.Spc.Esd.WinClient.Application.Up dateServicePlugin.dll(00E10000 - 00E20000)
Intuit.Spc.Esd.Client.Common.dll(00E20000 - 00E36000)
Intuit.Spc.Esd.Core.dll(00E60000 - 00EA0000)
Intuit.Spc.Esd.WinClient.Ipc.Remoting.U pdateServiceWorker.dll(00EE0000 - 00EEA000)
Intuit.Spc.Foundations.Primary.Logging. dll(11000000 - 1100E000)
Intuit.Spc.Foundations.Portability.dll(00F30000 - 00FA4000)
Intuit.Spc.Foundations.Primary.Exceptio nHandling.dll(00FC0000 - 00FD4000)
Intuit.Spc.Foundations.Primary.Config.d ll(031A0000 - 031B6000)
System.dll          (03800000 - 03B04000)
System.Configuration.dll(64890000 - 648FC000)
System.Xml.dll      (637A0000 - 63998000)
diasymreader.dll    (5E3A0000 - 5E42D000)
Intuit.Spc.Esd.WinClient.Api.Net.dll(03BA0000 - 03C08000)
Intuit.Spc.Esd.Client.DataAccess.dll(03EF0000 - 03F12000)
Intuit.Spc.Esd.Client.BusinessLogic.dll(03F20000 - 03F44000)
System.Data.SQLite.dll(10000000 - 100BF000)
System.Data.dll     (64E70000 - 65144000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
System.Transactions.dll(67AA0000 - 67AE3000)
Intuit.Spc.Map.Reporter.dll(04430000 - 044A6000)
System.EnterpriseServices.dll(673F0000 - 67432000)
System.EnterpriseServices.Wrapper.dll(04710000 - 04730000)
OLEAUT32.dll        (77120000 - 771AB000)
mswsock.dll         (71A50000 - 71A8F000)
hnetcfg.dll         (662B0000 - 66308000)
wshtcpip.dll        (71A90000 - 71A98000)
System.Runtime.Remoting.dll(67770000 - 677BC000)
System.Windows.Forms.dll(7AFD0000 - 7B49E000)
System.Drawing.dll  (7ADE0000 - 7AE7C000)
Intuit.Spc.Map.WindowsFirewallUtilities .dll(05260000 - 05368000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
System.ServiceProcess.dll(050D0000 - 050F0000)
Intuit.Spc.Esd.WinClient.Application.Up dateServicePlugin.dll(05390000 - 053A0000)
Intuit.Spc.Esd.Client.Common.dll(053A0000 - 053B6000)
Intuit.Spc.Esd.Core.dll(053E0000 - 05428000)
Intuit.Spc.Esd.WinClient.Ipc.Remoting.U pdateServiceWorker.dll(05430000 - 0543A000)
log4net.dll         (054D0000 - 05516000)
Intuit.Spc.Esd.WinClient.Api.Net.dll(05740000 - 057AC000)
Intuit.Spc.Esd.Client.DataAccess.dll(05820000 - 05842000)
Intuit.Spc.Esd.Client.BusinessLogic.dll(05880000 - 058A2000)
System.Data.SQLite.dll(05AB0000 - 05B86000)
Intuit.Spc.Map.Reporter.dll(05930000 - 059A6000)
Intuit.Spc.Map.WindowsFirewallUtilities .dll(05EE0000 - 05F48000)
msi.dll             (7D1E0000 - 7D49C000)

PID 1852  - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
RPCRT4.dll          (77E70000 - 77F02000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
Secur32.dll         (77FE0000 - 77FF1000)
CAServer.dll        (10000000 - 10026000)
MSVCP71.dll         (7C3A0000 - 7C41B000)
MSVCR71.dll         (7C340000 - 7C396000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ole32.dll           (774E0000 - 7761D000)
msvcrt.dll          (77C10000 - 77C68000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
OLEAUT32.dll        (77120000 - 771AB000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)

PID 1864  - C:\Program Files\Java\jre6\bin\jqs.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
WS2_32.dll          (71AB0000 - 71AC7000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
msvcrt.dll          (77C10000 - 77C68000)
WS2HELP.dll         (71AA0000 - 71AA8000)
ole32.dll           (774E0000 - 7761D000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
MSVCR71.dll         (7C340000 - 7C396000)
IMM32.DLL           (76390000 - 763AD000)
psapi.dll           (76BF0000 - 76BFB000)
pdh.dll             (74000000 - 74056000)
comdlg32.dll        (763B0000 - 763F9000)
COMCTL32.dll        (5D090000 - 5D12A000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
ODBC32.dll          (74320000 - 7435D000)
odbcbcp.dll         (711A0000 - 711A6000)
VERSION.dll         (77C00000 - 77C08000)
OLEAUT32.dll        (77120000 - 771AB000)
comctl32.dll        (773D0000 - 774D3000)
odbcint.dll         (007F0000 - 00807000)
mswsock.dll         (71A50000 - 71A8F000)
hnetcfg.dll         (662B0000 - 66308000)
wshtcpip.dll        (71A90000 - 71A98000)
perfos.dll          (5E760000 - 5E76A000)
perfdisk.dll        (5E790000 - 5E799000)

PID 1892  - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
  CRYPT32.dll :LoadLibraryA             --[HOOKED]--  @00407740 by C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe:
Base address:   00400000
Size:      00026000
Flags:      00005000
Load count:   65535
Name:      SYSCORE
Prod. Version:   (null)
Company:   McAfee, Inc.
File Version:   SYSCORE.14.2.0.866.x86
Description:   McAfee Process Validation Service
Location:   C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
PSAPI.DLL           (76BF0000 - 76BFB000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
  CRYPT32.dll :RegQueryValueExW         --[HOOKED]--  @004076E0 by C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe:
Base address:   00400000
Size:      00026000
Flags:      00005000
Load count:   65535
Name:      SYSCORE
Prod. Version:   (null)
Company:   McAfee, Inc.
File Version:   SYSCORE.14.2.0.866.x86
Description:   McAfee Process Validation Service
Location:   C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
sfc.dll             (76BB0000 - 76BB5000)
sfc_os.dll          (76C60000 - 76C8A000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
WINTRUST.dll        (76C30000 - 76C5E000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
msvcrt.dll          (77C10000 - 77C68000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
ole32.dll           (774E0000 - 7761D000)
IMM32.DLL           (76390000 - 763AD000)
rsaenh.dll          (68000000 - 68036000)
xpsp2res.dll        (00E20000 - 010E5000)
userenv.dll         (769C0000 - 76A74000)
VERSION.dll         (77C00000 - 77C08000)
netapi32.dll        (5B860000 - 5B8B5000)

PID 1916  - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
The code of NtCreateFile at 7C90D0AE (0) got patched. Here is the diff:
Address   New-Original
7C90D0AE: E9 - B8 
7C90D0AF: 4D - 25 
7C90D0B0: 2F - 00 
7C90D0B1: B5 - 00 
7C90D0B2: 94 - 00 
--> JMP DWORD PTR DS:[11460000]
Disassembly old code:
7C90D0AE: B8 25000000  MOV EAX, 00000025

Disassembly new code:
7C90D0AE: E9 4D2FB594  JMP 11460000
Disassembly of hooker:
11460000: 68 25B8E9C4  PUSH C4E9B825
11460005: E8 B4DF4A6B  CALL 7C90DFBE
1146000A: 58           POP EAX
1146000B: C2 2C00      RET 002C
1146000E: C3           RET ; Pop IP
1146000F: 1800         SBB BYTE PTR DS:[EAX],AL
11460011: B8 89000000  MOV EAX, 00000089
11460016: E9 D8D64A6B  JMP 7C90D6F3
1146001B: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of NtCreateProcess at 7C90D14E (0) got patched. Here is the diff:
Address   New-Original
7C90D14E: E9 - B8 
7C90D14F: C8 - 2F 
7C90D150: 2E - 00 
7C90D151: B5 - 00 
7C90D152: 94 - 00 
--> JMP DWORD PTR DS:[1146001B]
Disassembly old code:
7C90D14E: B8 2F000000  MOV EAX, 0000002F

Disassembly new code:
7C90D14E: E9 C82EB594  JMP 1146001B
Disassembly of hooker:
1146001B: 68 25B8E9C4  PUSH C4E9B825
11460020: E8 99DF4A6B  CALL 7C90DFBE
11460025: 58           POP EAX
11460026: C2 2000      RET 0020
11460029: C3           RET ; Pop IP
1146002A: 1A00         SBB AL,BYTE PTR DS:[EAX]
1146002C: B8 2F000000  MOV EAX, 0000002F
11460031: E9 1DD14A6B  JMP 7C90D153
11460036: 0000         ADD BYTE PTR DS:[EAX],AL
11460038: 0000         ADD BYTE PTR DS:[EAX],AL
1146003A: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of NtProtectVirtualMemory at 7C90D6EE (0) got patched. Here is the diff:
Address   New-Original
7C90D6EE: E9 - B8 
7C90D6EF: F2 - 89 
7C90D6F0: 38 - 00 
7C90D6F1: B5 - 00 
7C90D6F2: 94 - 00 
--> JMP DWORD PTR DS:[11460FE5]
Disassembly old code:
7C90D6EE: B8 89000000  MOV EAX, 00000089

Disassembly new code:
7C90D6EE: E9 F238B594  JMP 11460FE5
Disassembly of hooker:
11460FE5: 68 25B8E9C4  PUSH C4E9B825
11460FEA: E8 CFCF4A6B  CALL 7C90DFBE
11460FEF: 58           POP EAX
11460FF0: C2 1400      RET 0014
11460FF3: C3           RET ; Pop IP
11460FF4: 1900         SBB DWORD PTR DS:[EAX],EAX
11460FF6: 0000         ADD BYTE PTR DS:[EAX],AL
11460FF8: 0000         ADD BYTE PTR DS:[EAX],AL
11460FFA: 0000         ADD BYTE PTR DS:[EAX],AL
11460FFC: 0000         ADD BYTE PTR DS:[EAX],AL
11460FFE: 0000         ADD BYTE PTR DS:[EAX],AL
11461000: 0000         ADD BYTE PTR DS:[EAX],AL
11461002: 0000         ADD BYTE PTR DS:[EAX],AL
11461004: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwCreateFile at 7C90D0AE (0) got patched. Here is the diff:
Address   New-Original
7C90D0AE: E9 - B8 
7C90D0AF: 4D - 25 
7C90D0B0: 2F - 00 
7C90D0B1: B5 - 00 
7C90D0B2: 94 - 00 
--> JMP DWORD PTR DS:[11460000]
Disassembly old code:
7C90D0AE: B8 25000000  MOV EAX, 00000025

Disassembly new code:
7C90D0AE: E9 4D2FB594  JMP 11460000
Disassembly of hooker:
11460000: 68 25B8E9C4  PUSH C4E9B825
11460005: E8 B4DF4A6B  CALL 7C90DFBE
1146000A: 58           POP EAX
1146000B: C2 2C00      RET 002C
1146000E: C3           RET ; Pop IP
1146000F: 1800         SBB BYTE PTR DS:[EAX],AL
11460011: B8 89000000  MOV EAX, 00000089
11460016: E9 D8D64A6B  JMP 7C90D6F3
1146001B: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwCreateProcess at 7C90D14E (0) got patched. Here is the diff:
Address   New-Original
7C90D14E: E9 - B8 
7C90D14F: C8 - 2F 
7C90D150: 2E - 00 
7C90D151: B5 - 00 
7C90D152: 94 - 00 
--> JMP DWORD PTR DS:[1146001B]
Disassembly old code:
7C90D14E: B8 2F000000  MOV EAX, 0000002F

Disassembly new code:
7C90D14E: E9 C82EB594  JMP 1146001B
Disassembly of hooker:
1146001B: 68 25B8E9C4  PUSH C4E9B825
11460020: E8 99DF4A6B  CALL 7C90DFBE
11460025: 58           POP EAX
11460026: C2 2000      RET 0020
11460029: C3           RET ; Pop IP
1146002A: 1A00         SBB AL,BYTE PTR DS:[EAX]
1146002C: B8 2F000000  MOV EAX, 0000002F
11460031: E9 1DD14A6B  JMP 7C90D153
11460036: 0000         ADD BYTE PTR DS:[EAX],AL
11460038: 0000         ADD BYTE PTR DS:[EAX],AL
1146003A: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:36:09 PM

The code of ZwProtectVirtualMemory at 7C90D6EE (0) got patched. Here is the diff:
Address   New-Original
7C90D6EE: E9 - B8 
7C90D6EF: F2 - 89 
7C90D6F0: 38 - 00 
7C90D6F1: B5 - 00 
7C90D6F2: 94 - 00 
--> JMP DWORD PTR DS:[11460FE5]
Disassembly old code:
7C90D6EE: B8 89000000  MOV EAX, 00000089

Disassembly new code:
7C90D6EE: E9 F238B594  JMP 11460FE5
Disassembly of hooker:
11460FE5: 68 25B8E9C4  PUSH C4E9B825
11460FEA: E8 CFCF4A6B  CALL 7C90DFBE
11460FEF: 58           POP EAX
11460FF0: C2 1400      RET 0014
11460FF3: C3           RET ; Pop IP
11460FF4: 1900         SBB DWORD PTR DS:[EAX],EAX
11460FF6: 0000         ADD BYTE PTR DS:[EAX],AL
11460FF8: 0000         ADD BYTE PTR DS:[EAX],AL
11460FFA: 0000         ADD BYTE PTR DS:[EAX],AL
11460FFC: 0000         ADD BYTE PTR DS:[EAX],AL
11460FFE: 0000         ADD BYTE PTR DS:[EAX],AL
11461000: 0000         ADD BYTE PTR DS:[EAX],AL
11461002: 0000         ADD BYTE PTR DS:[EAX],AL
11461004: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
kernel32.dll        (7C800000 - 7C8F6000)
The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff:
Address   New-Original
7C801A28: E9 - 8B 
7C801A29: B8 - FF 
7C801A2A: F5 - 55 
7C801A2B: 5B - 8B 
7C801A2C: 84 - EC 
--> JMP DWORD PTR DS:[00DC0FE5]
Disassembly old code:
7C801A28: 8BFF         MOV EDI, EDI
7C801A2A: 55           PUSH EBP
7C801A2B: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801A28: E9 B8F55B84  JMP 00DC0FE5
Disassembly of hooker:
00DC0FE5: 68 25B8E9C4  PUSH C4E9B825
00DC0FEA: E8 CFCFB47B  CALL 7C90DFBE
00DC0FEF: 58           POP EAX
00DC0FF0: C2 1C00      RET 001C
00DC0FF3: C3           RET ; Pop IP
00DC0FF4: 07           POP ES ; Pop top stack to ES
00DC0FF5: 0000         ADD BYTE PTR DS:[EAX],AL
00DC0FF7: 0000         ADD BYTE PTR DS:[EAX],AL
00DC0FF9: 0000         ADD BYTE PTR DS:[EAX],AL
00DC0FFB: 0000         ADD BYTE PTR DS:[EAX],AL
00DC0FFD: 0000         ADD BYTE PTR DS:[EAX],AL
00DC0FFF: 0000         ADD BYTE PTR DS:[EAX],AL
00DC1001: 0000         ADD BYTE PTR DS:[EAX],AL
00DC1003: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateFileW at 7C810800 (0) got patched. Here is the diff:
Address   New-Original
7C810800: E9 - 8B 
7C810801: CF - FF 
7C810802: 07 - 55 
7C810803: 5B - 8B 
7C810804: 84 - EC 
--> JMP DWORD PTR DS:[00DC0FD4]
Disassembly old code:
7C810800: 8BFF         MOV EDI, EDI
7C810802: 55           PUSH EBP
7C810803: 8BEC         MOV EBP, ESP

Disassembly new code:
7C810800: E9 CF075B84  JMP 00DC0FD4
Disassembly of hooker:
00DC0FD4: 68 25B8E9C4  PUSH C4E9B825
00DC0FD9: E8 E0CFB47B  CALL 7C90DFBE
00DC0FDE: 58           POP EAX
00DC0FDF: C2 1C00      RET 001C
00DC0FE2: C3           RET ; Pop IP
00DC0FE3: 0800         OR BYTE PTR DS:[EAX],AL
00DC0FE5: 68 25B8E9C4  PUSH C4E9B825
00DC0FEA: E8 CFCFB47B  CALL 7C90DFBE
00DC0FEF: 58           POP EAX
00DC0FF0: C2 1C00      RET 001C
00DC0FF3: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateNamedPipeA at 7C860CDC (0) got patched. Here is the diff:
Address   New-Original
7C860CDC: E9 - 8B 
7C860CDD: E2 - FF 
7C860CDE: 02 - 55 
7C860CDF: 56 - 8B 
7C860CE0: 84 - EC 
--> JMP DWORD PTR DS:[00DC0FC3]
Disassembly old code:
7C860CDC: 8BFF         MOV EDI, EDI
7C860CDE: 55           PUSH EBP
7C860CDF: 8BEC         MOV EBP, ESP

Disassembly new code:
7C860CDC: E9 E2025684  JMP 00DC0FC3
Disassembly of hooker:
00DC0FC3: 68 25B8E9C4  PUSH C4E9B825
00DC0FC8: E8 F1CFB47B  CALL 7C90DFBE
00DC0FCD: 58           POP EAX
00DC0FCE: C2 2000      RET 0020
00DC0FD1: C3           RET ; Pop IP
00DC0FD2: 0900         OR DWORD PTR DS:[EAX],EAX
00DC0FD4: 68 25B8E9C4  PUSH C4E9B825
00DC0FD9: E8 E0CFB47B  CALL 7C90DFBE
00DC0FDE: 58           POP EAX
00DC0FDF: C2 1C00      RET 001C
00DC0FE2: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateNamedPipeW at 7C82F0DD (0) got patched. Here is the diff:
Address   New-Original
7C82F0DD: E9 - 8B 
7C82F0DE: C6 - FF 
7C82F0DF: 1E - 55 
7C82F0E0: 59 - 8B 
7C82F0E1: 84 - EC 
--> JMP DWORD PTR DS:[00DC0FA8]
Disassembly old code:
7C82F0DD: 8BFF         MOV EDI, EDI
7C82F0DF: 55           PUSH EBP
7C82F0E0: 8BEC         MOV EBP, ESP

Disassembly new code:
7C82F0DD: E9 C61E5984  JMP 00DC0FA8
Disassembly of hooker:
00DC0FA8: 68 25B8E9C4  PUSH C4E9B825
00DC0FAD: E8 0CD0B47B  CALL 7C90DFBE
00DC0FB2: 58           POP EAX
00DC0FB3: C2 2000      RET 0020
00DC0FB6: C3           RET ; Pop IP
00DC0FB7: 0A00         OR AL,BYTE PTR DS:[EAX]
00DC0FB9: 8BFF         MOV EDI, EDI
00DC0FBB: 55           PUSH EBP
00DC0FBC: 8BEC         MOV EBP, ESP
00DC0FBE: E9 1EFDA97B  JMP 7C860CE1
00DC0FC3: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreatePipe at 7C81D83F (0) got patched. Here is the diff:
Address   New-Original
7C81D83F: E9 - 8B 
7C81D840: F1 - FF 
7C81D841: 36 - 55 
7C81D842: 5A - 8B 
7C81D843: 84 - EC 
--> JMP DWORD PTR DS:[00DC0F35]
Disassembly old code:
7C81D83F: 8BFF         MOV EDI, EDI
7C81D841: 55           PUSH EBP
7C81D842: 8BEC         MOV EBP, ESP

Disassembly new code:
7C81D83F: E9 F1365A84  JMP 00DC0F35
Disassembly of hooker:
00DC0F35: 68 25B8E9C4  PUSH C4E9B825
00DC0F3A: E8 7FD0B47B  CALL 7C90DFBE
00DC0F3F: 58           POP EAX
00DC0F40: C2 1000      RET 0010
00DC0F43: C3           RET ; Pop IP
00DC0F44: 1100         ADC DWORD PTR DS:[EAX],EAX
00DC0F46: 68 25B8E9C4  PUSH C4E9B825
00DC0F4B: E8 6ED0B47B  CALL 7C90DFBE
00DC0F50: 58           POP EAX
00DC0F51: C2 1400      RET 0014
00DC0F54: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address   New-Original
7C80236B: E9 - 8B 
7C80236C: 99 - FF 
7C80236D: EB - 55 
7C80236E: 5B - 8B 
7C80236F: 84 - EC 
--> JMP DWORD PTR DS:[00DC0F09]
Disassembly old code:
7C80236B: 8BFF         MOV EDI, EDI
7C80236D: 55           PUSH EBP
7C80236E: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80236B: E9 99EB5B84  JMP 00DC0F09
Disassembly of hooker:
00DC0F09: 68 25B8E9C4  PUSH C4E9B825
00DC0F0E: E8 ABD0B47B  CALL 7C90DFBE
00DC0F13: 58           POP EAX
00DC0F14: C2 2800      RET 0028
00DC0F17: C3           RET ; Pop IP
00DC0F18: 15 008BFF55  ADC EAX, 55FF8B00
00DC0F1D: 8BEC         MOV EBP, ESP
00DC0F1F: E9 EE15AA7B  JMP 7C862512
00DC0F24: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address   New-Original
7C802336: E9 - 8B 
7C802337: B3 - FF 
7C802338: EB - 55 
7C802339: 5B - 8B 
7C80233A: 84 - EC 
--> JMP DWORD PTR DS:[00DC0EEE]
Disassembly old code:
7C802336: 8BFF         MOV EDI, EDI
7C802338: 55           PUSH EBP
7C802339: 8BEC         MOV EBP, ESP

Disassembly new code:
7C802336: E9 B3EB5B84  JMP 00DC0EEE
Disassembly of hooker:
00DC0EEE: 68 25B8E9C4  PUSH C4E9B825
00DC0EF3: E8 C6D0B47B  CALL 7C90DFBE
00DC0EF8: 58           POP EAX
00DC0EF9: C2 2800      RET 0028
00DC0EFC: C3           RET ; Pop IP
00DC0EFD: 16           PUSH SS ; Push SS register to the stack
00DC0EFE: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
00DC0F04: E9 3214A47B  JMP 7C80233B
00DC0F09: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff:
Address   New-Original
7C80AE40: E9 - 8B 
7C80AE41: 98 - FF 
7C80AE42: 60 - 55 
7C80AE43: 5B - 8B 
7C80AE44: 84 - EC 
--> JMP DWORD PTR DS:[00DC0EDD]
Disassembly old code:
7C80AE40: 8BFF         MOV EDI, EDI
7C80AE42: 55           PUSH EBP
7C80AE43: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80AE40: E9 98605B84  JMP 00DC0EDD
Disassembly of hooker:
00DC0EDD: 68 25B8E9C4  PUSH C4E9B825
00DC0EE2: E8 D7D0B47B  CALL 7C90DFBE
00DC0EE7: 58           POP EAX
00DC0EE8: C2 0800      RET 0008
00DC0EEB: C3           RET ; Pop IP
00DC0EEC: 17           POP SS ; Pop top stack to SS
00DC0EED: 006825       ADD BYTE PTR DS:[EAX+25H],CH
00DC0EF0: B8 E9C4E8C6  MOV EAX, C6E8C4E9
00DC0EF5: D0 B47B 58C22800 SAL BYTE PTR DS:[EDI*2+EBX+0028C258H],1
00DC0EFC: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetStartupInfoA at 7C801EF2 (0) got patched. Here is the diff:
Address   New-Original
7C801EF2: E9 - 6A 
7C801EF3: 75 - 18 
7C801EF4: E1 - 68 
--> JMP DWORD PTR DS:[00DC006C]
Disassembly old code:
7C801EF2: 6A18         PUSH 18

Disassembly new code:
7C801EF2: E9 75E15B84  JMP 00DC006C
Disassembly of hooker:
00DC006C: 68 25B8E9C4  PUSH C4E9B825
00DC0071: E8 48DFB47B  CALL 7C90DFBE
00DC0076: 58           POP EAX
00DC0077: C2 0400      RET 0004
00DC007A: C3           RET ; Pop IP
00DC007B: 1200         ADC AL,BYTE PTR DS:[EAX]
00DC007D: 68 25B8E9C4  PUSH C4E9B825
00DC0082: E8 37DFB47B  CALL 7C90DFBE
00DC0087: 58           POP EAX
00DC0088: C2 0400      RET 0004
00DC008B: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetStartupInfoW at 7C801E54 (0) got patched. Here is the diff:
Address   New-Original
7C801E54: E9 - 8B 
7C801E55: 24 - FF 
7C801E56: E2 - 55 
7C801E57: 5B - 8B 
7C801E58: 84 - EC 
--> JMP DWORD PTR DS:[00DC007D]
Disassembly old code:
7C801E54: 8BFF         MOV EDI, EDI
7C801E56: 55           PUSH EBP
7C801E57: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801E54: E9 24E25B84  JMP 00DC007D
Disassembly of hooker:
00DC007D: 68 25B8E9C4  PUSH C4E9B825
00DC0082: E8 37DFB47B  CALL 7C90DFBE
00DC0087: 58           POP EAX
00DC0088: C2 0400      RET 0004
00DC008B: C3           RET ; Pop IP
00DC008C: 1300         ADC EAX,DWORD PTR DS:[EAX]
00DC008E: 8BFF         MOV EDI, EDI
00DC0090: 55           PUSH EBP
00DC0091: 8BEC         MOV EBP, ESP
00DC0093: E9 C11DA47B  JMP 7C801E59
00DC0098: 8BFF         MOV EDI, EDI
00DC009A: 55           PUSH EBP
00DC009B: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff:
Address   New-Original
7C801D7B: E9 - 8B 
7C801D7C: 17 - FF 
7C801D7D: F2 - 55 
7C801D7E: 5B - 8B 
7C801D7F: 84 - EC 
--> JMP DWORD PTR DS:[00DC0F97]
Disassembly old code:
7C801D7B: 8BFF         MOV EDI, EDI
7C801D7D: 55           PUSH EBP
7C801D7E: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801D7B: E9 17F25B84  JMP 00DC0F97
Disassembly of hooker:
00DC0F97: 68 25B8E9C4  PUSH C4E9B825
00DC0F9C: E8 1DD0B47B  CALL 7C90DFBE
00DC0FA1: 58           POP EAX
00DC0FA2: C2 0400      RET 0004
00DC0FA5: C3           RET ; Pop IP
00DC0FA6: 0B00         OR EAX,DWORD PTR DS:[EAX]
00DC0FA8: 68 25B8E9C4  PUSH C4E9B825
00DC0FAD: E8 0CD0B47B  CALL 7C90DFBE
00DC0FB2: 58           POP EAX
00DC0FB3: C2 2000      RET 0020
00DC0FB6: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff:
Address   New-Original
7C801D53: E9 - 8B 
7C801D54: C6 - FF 
7C801D55: E2 - 55 
7C801D56: 5B - 8B 
7C801D57: 84 - EC 
--> JMP DWORD PTR DS:[00DC001E]
Disassembly old code:
7C801D53: 8BFF         MOV EDI, EDI
7C801D55: 55           PUSH EBP
7C801D56: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801D53: E9 C6E25B84  JMP 00DC001E
Disassembly of hooker:
00DC001E: 68 25B8E9C4  PUSH C4E9B825
00DC0023: E8 96DFB47B  CALL 7C90DFBE
00DC0028: 58           POP EAX
00DC0029: C2 0C00      RET 000C
00DC002C: C3           RET ; Pop IP
00DC002D: 0D 006825B8  OR EAX, B8256800
00DC0032: E9 C4E885DF  JMP E061E8FB
00DC0037: B47B         MOV AH, 7B
00DC0039: 58           POP EAX
00DC003A: C2 0C00      RET 000C
00DC003D: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff:
Address   New-Original
7C801AF5: E9 - 6A 
7C801AF6: 35 - 34 
7C801AF7: E5 - 68 
--> JMP DWORD PTR DS:[00DC002F]
Disassembly old code:
7C801AF5: 6A34         PUSH 34

Disassembly new code:
7C801AF5: E9 35E55B84  JMP 00DC002F
Disassembly of hooker:
00DC002F: 68 25B8E9C4  PUSH C4E9B825
00DC0034: E8 85DFB47B  CALL 7C90DFBE
00DC0039: 58           POP EAX
00DC003A: C2 0C00      RET 000C
00DC003D: C3           RET ; Pop IP
00DC003E: 0E           PUSH CS ; Push CS register to the stack
00DC003F: 006A34       ADD BYTE PTR DS:[EDX+34H],CH
00DC0042: 68 F8E0807C  PUSH 7C80E0F8
00DC0047: E9 B01AA47B  JMP 7C801AFC
00DC004C: 8BFF         MOV EDI, EDI
00DC004E: 55           PUSH EBP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff:
Address   New-Original
7C80AEEB: E9 - 8B 
7C80AEEC: 96 - FF 
7C80AEED: 60 - 55 
7C80AEEE: 5B - 8B 
7C80AEEF: 84 - EC 
--> JMP DWORD PTR DS:[00DC0F86]
Disassembly old code:
7C80AEEB: 8BFF         MOV EDI, EDI
7C80AEED: 55           PUSH EBP
7C80AEEE: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80AEEB: E9 96605B84  JMP 00DC0F86
Disassembly of hooker:
00DC0F86: 68 25B8E9C4  PUSH C4E9B825
00DC0F8B: E8 2ED0B47B  CALL 7C90DFBE
00DC0F90: 58           POP EAX
00DC0F91: C2 0400      RET 0004
00DC0F94: C3           RET ; Pop IP
00DC0F95: 0C00         OR AL, 00
00DC0F97: 68 25B8E9C4  PUSH C4E9B825
00DC0F9C: E8 1DD0B47B  CALL 7C90DFBE
00DC0FA1: 58           POP EAX
00DC0FA2: C2 0400      RET 0004
00DC0FA5: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff:
Address   New-Original
7C801AD4: E9 - 8B 
7C801AD5: 88 - FF 
7C801AD6: F4 - 55 
7C801AD7: 5B - 8B 
7C801AD8: 84 - EC 
--> JMP DWORD PTR DS:[00DC0F61]
Disassembly old code:
7C801AD4: 8BFF         MOV EDI, EDI
7C801AD6: 55           PUSH EBP
7C801AD7: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801AD4: E9 88F45B84  JMP 00DC0F61
Disassembly of hooker:
00DC0F61: 68 25B8E9C4  PUSH C4E9B825
00DC0F66: E8 53D0B47B  CALL 7C90DFBE
00DC0F6B: 58           POP EAX
00DC0F6C: C2 1000      RET 0010
00DC0F6F: C3           RET ; Pop IP
00DC0F70: 0F008B FF558BEC STR WORD PTR DS:[EBX+EC8B55FF]
00DC0F77: E9 DC0DA47B  JMP 7C801D58
00DC0F7C: 8BFF         MOV EDI, EDI
00DC0F7E: 55           PUSH EBP
00DC0F7F: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VirtualProtectEx at 7C801A61 (0) got patched. Here is the diff:
Address   New-Original
7C801A61: E9 - 8B 
7C801A62: E0 - FF 
7C801A63: F4 - 55 
7C801A64: 5B - 8B 
7C801A65: 84 - EC 
--> JMP DWORD PTR DS:[00DC0F46]
Disassembly old code:
7C801A61: 8BFF         MOV EDI, EDI
7C801A63: 55           PUSH EBP
7C801A64: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801A61: E9 E0F45B84  JMP 00DC0F46
Disassembly of hooker:
00DC0F46: 68 25B8E9C4  PUSH C4E9B825
00DC0F4B: E8 6ED0B47B  CALL 7C90DFBE
00DC0F50: 58           POP EAX
00DC0F51: C2 1400      RET 0014
00DC0F54: C3           RET ; Pop IP
00DC0F55: 1000         ADC BYTE PTR DS:[EAX],AL
00DC0F57: 8BFF         MOV EDI, EDI
00DC0F59: 55           PUSH EBP
00DC0F5A: 8BEC         MOV EBP, ESP
00DC0F5C: E9 050BA47B  JMP 7C801A66
00DC0F61: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:36:51 PM

Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of WinExec at 7C86250D (0) got patched. Here is the diff:
Address   New-Original
7C86250D: E9 - 8B 
7C86250E: 12 - FF 
7C86250F: EA - 55 
7C862510: 55 - 8B 
7C862511: 84 - EC 
--> JMP DWORD PTR DS:[00DC0F24]
Disassembly old code:
7C86250D: 8BFF         MOV EDI, EDI
7C86250F: 55           PUSH EBP
7C862510: 8BEC         MOV EBP, ESP

Disassembly new code:
7C86250D: E9 12EA5584  JMP 00DC0F24
Disassembly of hooker:
00DC0F24: 68 25B8E9C4  PUSH C4E9B825
00DC0F29: E8 90D0B47B  CALL 7C90DFBE
00DC0F2E: 58           POP EAX
00DC0F2F: C2 0800      RET 0008
00DC0F32: C3           RET ; Pop IP
00DC0F33: 1400         ADC AL, 00
00DC0F35: 68 25B8E9C4  PUSH C4E9B825
00DC0F3A: E8 7FD0B47B  CALL 7C90DFBE
00DC0F3F: 58           POP EAX
00DC0F40: C2 1000      RET 0010
00DC0F43: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ADVAPI32.DLL        (77DD0000 - 77E6B000)
The code of RegCreateKeyA at 77DFBCF3 (0) got patched. Here is the diff:
Address   New-Original
77DFBCF3: E9 - 8B 
77DFBCF4: AD - FF 
77DFBCF5: 52 - 55 
77DFBCF6: FB - 8B 
77DFBCF7: 88 - EC 
--> JMP DWORD PTR DS:[00DB0FA5]
Disassembly old code:
77DFBCF3: 8BFF         MOV EDI, EDI
77DFBCF5: 55           PUSH EBP
77DFBCF6: 8BEC         MOV EBP, ESP

Disassembly new code:
77DFBCF3: E9 AD52FB88  JMP 00DB0FA5
Disassembly of hooker:
00DB0FA5: 68 25B8E9C4  PUSH C4E9B825
00DB0FAA: E8 0FD0B57B  CALL 7C90DFBE
00DB0FAF: 58           POP EAX
00DB0FB0: C2 0C00      RET 000C
00DB0FB3: C3           RET ; Pop IP
00DB0FB4: 05 008BFF55  ADD EAX, 55FF8B00
00DB0FB9: 8BEC         MOV EBP, ESP
00DB0FBB: E9 38AD0477  JMP 77DFBCF8
00DB0FC0: 8BFF         MOV EDI, EDI
00DB0FC2: 55           PUSH EBP
00DB0FC3: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyExA at 77DDE9F4 (0) got patched. Here is the diff:
Address   New-Original
77DDE9F4: E9 - 8B 
77DDE9F5: 87 - FF 
77DDE9F6: 25 - 55 
77DDE9F7: FD - 8B 
77DDE9F8: 88 - EC 
--> JMP DWORD PTR DS:[00DB0F80]
Disassembly old code:
77DDE9F4: 8BFF         MOV EDI, EDI
77DDE9F6: 55           PUSH EBP
77DDE9F7: 8BEC         MOV EBP, ESP

Disassembly new code:
77DDE9F4: E9 8725FD88  JMP 00DB0F80
Disassembly of hooker:
00DB0F80: 68 25B8E9C4  PUSH C4E9B825
00DB0F85: E8 34D0B57B  CALL 7C90DFBE
00DB0F8A: 58           POP EAX
00DB0F8B: C2 2400      RET 0024
00DB0F8E: C3           RET ; Pop IP
00DB0F8F: 2200         AND AL,BYTE PTR DS:[EAX]
00DB0F91: 8BFF         MOV EDI, EDI
00DB0F93: 55           PUSH EBP
00DB0F94: 8BEC         MOV EBP, ESP
00DB0F96: E9 5EDA0277  JMP 77DDE9F9
00DB0F9B: 8BFF         MOV EDI, EDI
00DB0F9D: 55           PUSH EBP
00DB0F9E: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyExW at 77DD776C (0) got patched. Here is the diff:
Address   New-Original
77DD776C: E9 - 8B 
77DD776D: F4 - FF 
77DD776E: 97 - 55 
77DD776F: FD - 8B 
77DD7770: 88 - EC 
--> JMP DWORD PTR DS:[00DB0F65]
Disassembly old code:
77DD776C: 8BFF         MOV EDI, EDI
77DD776E: 55           PUSH EBP
77DD776F: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD776C: E9 F497FD88  JMP 00DB0F65
Disassembly of hooker:
00DB0F65: 68 25B8E9C4  PUSH C4E9B825
00DB0F6A: E8 4FD0B57B  CALL 7C90DFBE
00DB0F6F: 58           POP EAX
00DB0F70: C2 2400      RET 0024
00DB0F73: C3           RET ; Pop IP
00DB0F74: 2300         AND EAX,DWORD PTR DS:[EAX]
00DB0F76: 8BFF         MOV EDI, EDI
00DB0F78: 55           PUSH EBP
00DB0F79: 8BEC         MOV EBP, ESP
00DB0F7B: E9 F1670277  JMP 77DD7771
00DB0F80: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyW at 77DFBA55 (0) got patched. Here is the diff:
Address   New-Original
77DFBA55: E9 - 8B 
77DFBA56: D2 - FF 
77DFBA57: 45 - 55 
77DFBA58: FB - 8B 
77DFBA59: 88 - EC 
--> JMP DWORD PTR DS:[00DB002C]
Disassembly old code:
77DFBA55: 8BFF         MOV EDI, EDI
77DFBA57: 55           PUSH EBP
77DFBA58: 8BEC         MOV EBP, ESP

Disassembly new code:
77DFBA55: E9 D245FB88  JMP 00DB002C
Disassembly of hooker:
00DB002C: 68 25B8E9C4  PUSH C4E9B825
00DB0031: E8 88DFB57B  CALL 7C90DFBE
00DB0036: 58           POP EAX
00DB0037: C2 0C00      RET 000C
00DB003A: C3           RET ; Pop IP
00DB003B: 06           PUSH ES ; Push ES register to the stack
00DB003C: 0000         ADD BYTE PTR DS:[EAX],AL
00DB003E: 0000         ADD BYTE PTR DS:[EAX],AL
00DB0040: 0000         ADD BYTE PTR DS:[EAX],AL
00DB0042: 0000         ADD BYTE PTR DS:[EAX],AL
00DB0044: 0000         ADD BYTE PTR DS:[EAX],AL
00DB0046: 0000         ADD BYTE PTR DS:[EAX],AL
00DB0048: 0000         ADD BYTE PTR DS:[EAX],AL
00DB004A: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyA at 77DDEFC8 (0) got patched. Here is the diff:
Address   New-Original
77DDEFC8: E9 - 8B 
77DDEFC9: 22 - FF 
77DDEFCA: 20 - 55 
77DDEFCB: FD - 8B 
77DDEFCC: 88 - EC 
--> JMP DWORD PTR DS:[00DB0FEF]
Disassembly old code:
77DDEFC8: 8BFF         MOV EDI, EDI
77DDEFCA: 55           PUSH EBP
77DDEFCB: 8BEC         MOV EBP, ESP

Disassembly new code:
77DDEFC8: E9 2220FD88  JMP 00DB0FEF
Disassembly of hooker:
00DB0FEF: 68 25B8E9C4  PUSH C4E9B825
00DB0FF4: E8 C5CFB57B  CALL 7C90DFBE
00DB0FF9: 58           POP EAX
00DB0FFA: C2 0C00      RET 000C
00DB0FFD: C3           RET ; Pop IP
00DB0FFE: 0100         ADD DWORD PTR DS:[EAX],EAX
00DB1000: 0000         ADD BYTE PTR DS:[EAX],AL
00DB1002: 0000         ADD BYTE PTR DS:[EAX],AL
00DB1004: 0000         ADD BYTE PTR DS:[EAX],AL
00DB1006: 0000         ADD BYTE PTR DS:[EAX],AL
00DB1008: 0000         ADD BYTE PTR DS:[EAX],AL
00DB100A: 0000         ADD BYTE PTR DS:[EAX],AL
00DB100C: 0000         ADD BYTE PTR DS:[EAX],AL
00DB100E: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyExA at 77DD7852 (0) got patched. Here is the diff:
Address   New-Original
77DD7852: E9 - 8B 
77DD7853: B3 - FF 
77DD7854: 87 - 55 
77DD7855: FD - 8B 
77DD7856: 88 - EC 
--> JMP DWORD PTR DS:[00DB000A]
Disassembly old code:
77DD7852: 8BFF         MOV EDI, EDI
77DD7854: 55           PUSH EBP
77DD7855: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD7852: E9 B387FD88  JMP 00DB000A
Disassembly of hooker:
00DB000A: 68 25B8E9C4  PUSH C4E9B825
00DB000F: E8 AADFB57B  CALL 7C90DFBE
00DB0014: 58           POP EAX
00DB0015: C2 1400      RET 0014
00DB0018: C3           RET ; Pop IP
00DB0019: 0300         ADD EAX,DWORD PTR DS:[EAX]
00DB001B: 68 25B8E9C4  PUSH C4E9B825
00DB0020: E8 99DFB57B  CALL 7C90DFBE
00DB0025: 58           POP EAX
00DB0026: C2 1400      RET 0014
00DB0029: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyExW at 77DD6AAF (0) got patched. Here is the diff:
Address   New-Original
77DD6AAF: E9 - 8B 
77DD6AB0: 67 - FF 
77DD6AB1: 95 - 55 
77DD6AB2: FD - 8B 
77DD6AB3: 88 - EC 
--> JMP DWORD PTR DS:[00DB001B]
Disassembly old code:
77DD6AAF: 8BFF         MOV EDI, EDI
77DD6AB1: 55           PUSH EBP
77DD6AB2: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD6AAF: E9 6795FD88  JMP 00DB001B
Disassembly of hooker:
00DB001B: 68 25B8E9C4  PUSH C4E9B825
00DB0020: E8 99DFB57B  CALL 7C90DFBE
00DB0025: 58           POP EAX
00DB0026: C2 1400      RET 0014
00DB0029: C3           RET ; Pop IP
00DB002A: 0400         ADD AL, 00
00DB002C: 68 25B8E9C4  PUSH C4E9B825
00DB0031: E8 88DFB57B  CALL 7C90DFBE
00DB0036: 58           POP EAX
00DB0037: C2 0C00      RET 000C
00DB003A: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyW at 77DD7946 (0) got patched. Here is the diff:
Address   New-Original
77DD7946: E9 - 8B 
77DD7947: 89 - FF 
77DD7948: 96 - 55 
77DD7949: FD - 8B 
77DD794A: 88 - EC 
--> JMP DWORD PTR DS:[00DB0FD4]
Disassembly old code:
77DD7946: 8BFF         MOV EDI, EDI
77DD7948: 55           PUSH EBP
77DD7949: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD7946: E9 8996FD88  JMP 00DB0FD4
Disassembly of hooker:
00DB0FD4: 68 25B8E9C4  PUSH C4E9B825
00DB0FD9: E8 E0CFB57B  CALL 7C90DFBE
00DB0FDE: 58           POP EAX
00DB0FDF: C2 0C00      RET 000C
00DB0FE2: C3           RET ; Pop IP
00DB0FE3: 0200         ADD AL,BYTE PTR DS:[EAX]
00DB0FE5: 8BFF         MOV EDI, EDI
00DB0FE7: 55           PUSH EBP
00DB0FE8: 8BEC         MOV EBP, ESP
00DB0FEA: E9 5C690277  JMP 77DD794B
00DB0FEF: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
USER32.DLL          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
OPENDS60.DLL        (41060000 - 41066000)
MSVCRT.DLL          (77C10000 - 77C68000)
The code of _creat at 77C2D40F (0) got patched. Here is the diff:
Address   New-Original
77C2D40F: E9 - 8B 
77C2D410: 04 - FF 
77C2D411: 2C - 55 
77C2D412: B4 - 8B 
77C2D413: 99 - EC 
--> JMP DWORD PTR DS:[11770018]
Disassembly old code:
77C2D40F: 8BFF         MOV EDI, EDI
77C2D411: 55           PUSH EBP
77C2D412: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2D40F: E9 042CB499  JMP 11770018
Disassembly of hooker:
11770018: 68 25B8E9C4  PUSH C4E9B825
1177001D: E8 9CDF196B  CALL 7C90DFBE
11770022: 58           POP EAX
11770023: C2 0000      RET 0000
11770026: C3           RET ; Pop IP
11770027: 1E           PUSH DS ; Push DS register to the stack
11770028: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
1177002E: E9 E1D34B66  JMP 77C2D414
11770033: 8BFF         MOV EDI, EDI
11770035: 55           PUSH EBP
11770036: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _open at 77C2F566 (0) got patched. Here is the diff:
Address   New-Original
77C2F566: E9 - 6A 
77C2F567: 84 - 14 
77C2F568: 1A - 68 
--> JMP DWORD PTR DS:[11770FEF]
Disassembly old code:
77C2F566: 6A14         PUSH 14

Disassembly new code:
77C2F566: E9 841AB499  JMP 11770FEF
Disassembly of hooker:
11770FEF: 68 25B8E9C4  PUSH C4E9B825
11770FF4: E8 C5CF196B  CALL 7C90DFBE
11770FF9: 58           POP EAX
11770FFA: C2 0000      RET 0000
11770FFD: C3           RET ; Pop IP
11770FFE: 1C00         SBB AL, 00
11771000: 0000         ADD BYTE PTR DS:[EAX],AL
11771002: 0000         ADD BYTE PTR DS:[EAX],AL
11771004: 0000         ADD BYTE PTR DS:[EAX],AL
11771006: 0000         ADD BYTE PTR DS:[EAX],AL
11771008: 0000         ADD BYTE PTR DS:[EAX],AL
1177100A: 0000         ADD BYTE PTR DS:[EAX],AL
1177100C: 0000         ADD BYTE PTR DS:[EAX],AL
1177100E: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wcreat at 77C2FC9B (0) got patched. Here is the diff:
Address   New-Original
77C2FC9B: E9 - 8B 
77C2FC9C: 23 - FF 
77C2FC9D: 13 - 55 
77C2FC9E: B4 - 8B 
77C2FC9F: 99 - EC 
--> JMP DWORD PTR DS:[11770FC3]
Disassembly old code:
77C2FC9B: 8BFF         MOV EDI, EDI
77C2FC9D: 55           PUSH EBP
77C2FC9E: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2FC9B: E9 2313B499  JMP 11770FC3
Disassembly of hooker:
11770FC3: 68 25B8E9C4  PUSH C4E9B825
11770FC8: E8 F1CF196B  CALL 7C90DFBE
11770FCD: 58           POP EAX
11770FCE: C2 0000      RET 0000
11770FD1: C3           RET ; Pop IP
11770FD2: 1F           POP DS ; Pop top stack to DS
11770FD3: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
11770FD9: E9 C2EC4B66  JMP 77C2FCA0
11770FDE: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wopen at 77C30055 (0) got patched. Here is the diff:
Address   New-Original
77C30055: E9 - 6A 
77C30056: 84 - 14 
77C30057: 0F - 68 
--> JMP DWORD PTR DS:[11770FDE]
Disassembly old code:
77C30055: 6A14         PUSH 14

Disassembly new code:
77C30055: E9 840FB499  JMP 11770FDE
Disassembly of hooker:
11770FDE: 68 25B8E9C4  PUSH C4E9B825
11770FE3: E8 D6CF196B  CALL 7C90DFBE
11770FE8: 58           POP EAX
11770FE9: C2 0000      RET 0000
11770FEC: C3           RET ; Pop IP
11770FED: 1D 006825B8  SBB EAX, B8256800
11770FF2: E9 C4E8C5CF  JMP E13CF8BB
11770FF7: 196B58       SBB DWORD PTR DS:[EBX+58H],EBP
11770FFA: C2 0000      RET 0000
11770FFD: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wsystem at 77C2931E (0) got patched. Here is the diff:
Address   New-Original
77C2931E: E9 - 8B 
77C2931F: 8F - FF 
77C29320: 7C - 55 
77C29321: B4 - 8B 
77C29322: 99 - EC 
--> JMP DWORD PTR DS:[11770FB2]
Disassembly old code:
77C2931E: 8BFF         MOV EDI, EDI
77C29320: 55           PUSH EBP
77C29321: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2931E: E9 8F7CB499  JMP 11770FB2
Disassembly of hooker:
11770FB2: 68 25B8E9C4  PUSH C4E9B825
11770FB7: E8 02D0196B  CALL 7C90DFBE
11770FBC: 58           POP EAX
11770FBD: C2 0000      RET 0000
11770FC0: C3           RET ; Pop IP
11770FC1: 2100         AND DWORD PTR DS:[EAX],EAX
11770FC3: 68 25B8E9C4  PUSH C4E9B825
11770FC8: E8 F1CF196B  CALL 7C90DFBE
11770FCD: 58           POP EAX
11770FCE: C2 0000      RET 0000
11770FD1: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of system at 77C293C7 (0) got patched. Here is the diff:
Address   New-Original
77C293C7: E9 - 8B 
77C293C8: 71 - FF 
77C293C9: 6C - 55 
77C293CA: B4 - 8B 
77C293CB: 99 - EC 
--> JMP DWORD PTR DS:[1177003D]
Disassembly old code:
77C293C7: 8BFF         MOV EDI, EDI
77C293C9: 55           PUSH EBP
77C293CA: 8BEC         MOV EBP, ESP

Disassembly new code:
77C293C7: E9 716CB499  JMP 1177003D
Disassembly of hooker:
1177003D: 68 25B8E9C4  PUSH C4E9B825
11770042: E8 77DF196B  CALL 7C90DFBE
11770047: 58           POP EAX
11770048: C2 0000      RET 0000
1177004B: C3           RET ; Pop IP
1177004C: 2000         AND BYTE PTR DS:[EAX],AL
1177004E: 0000         ADD BYTE PTR DS:[EAX],AL
11770050: 0000         ADD BYTE PTR DS:[EAX],AL
11770052: 0000         ADD BYTE PTR DS:[EAX],AL
11770054: 0000         ADD BYTE PTR DS:[EAX],AL
11770056: 0000         ADD BYTE PTR DS:[EAX],AL
11770058: 0000         ADD BYTE PTR DS:[EAX],AL
1177005A: 0000         ADD BYTE PTR DS:[EAX],AL
1177005C: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
UMS.DLL             (41070000 - 4107C000)
SQLSORT.DLL         (42AE0000 - 42B70000)
MSVCIRT.DLL         (002B0000 - 002C1000)
IMM32.DLL           (76390000 - 763AD000)
sqlevn70.RLL        (10000000 - 10007000)
NETAPI32.DLL        (10950000 - 109A5000)
SSNETLIB.dll        (00CD0000 - 00CE5000)
WSOCK32.dll         (00CF0000 - 00CF9000)
WS2_32.dll          (00D00000 - 00D17000)
The code of socket at 00D04211 (0) got patched. Here is the diff:
Address   New-Original
00D04211: E9 - 8B 
00D04212: EA - FF 
00D04213: BD - 55 
00D04214: A5 - 8B 
00D04215: 10 - EC 
--> JMP DWORD PTR DS:[11760000]
Disassembly old code:
00D04211: 8BFF         MOV EDI, EDI
00D04213: 55           PUSH EBP
00D04214: 8BEC         MOV EBP, ESP

Disassembly new code:
00D04211: E9 EABDA510  JMP 11760000
Disassembly of hooker:
11760000: 68 25B8E9C4  PUSH C4E9B825
11760005: E8 B4DF1A6B  CALL 7C90DFBE
1176000A: 58           POP EAX
1176000B: C2 0C00      RET 000C
1176000E: C3           RET ; Pop IP
1176000F: 1B00         SBB EAX,DWORD PTR DS:[EAX]
11760011: 8BFF         MOV EDI, EDI
11760013: 55           PUSH EBP
11760014: 8BEC         MOV EBP, ESP
11760016: E9 FB415AEF  JMP 00D04216
1176001B: 0000         ADD BYTE PTR DS:[EAX],AL
1176001D: 0000         ADD BYTE PTR DS:[EAX],AL
1176001F: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:37:32 PM

Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
WS2HELP.dll         (00D20000 - 00D28000)
security.dll        (113A0000 - 113A4000)
VERSION.dll         (11470000 - 11478000)
SSmsLPCn.dll        (113B0000 - 113B8000)
ntdsapi.dll         (11440000 - 11453000)
DNSAPI.dll          (11480000 - 114A7000)
WLDAP32.dll         (114B0000 - 114DC000)

PID 1956  - C:\WINDOWS\system32\nvsvc32.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
USERENV.dll         (769C0000 - 76A74000)
msvcrt.dll          (77C10000 - 77C68000)
POWRPROF.dll        (74AD0000 - 74AD8000)
IMM32.DLL           (76390000 - 763AD000)
wtsapi32.dll        (76F50000 - 76F58000)
WINSTA.dll          (76360000 - 76370000)
NETAPI32.dll        (5B860000 - 5B8B5000)
SHLWAPI.dll         (77F60000 - 77FD6000)
COMCTL32.dll        (5D090000 - 5D12A000)
comctl32.dll        (773D0000 - 774D3000)
msctfime.ime        (755C0000 - 755EE000)
ole32.dll           (774E0000 - 7761D000)
WINTRUST.dll        (76C30000 - 76C5E000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
msv1_0.dll          (77C70000 - 77C95000)
cryptdll.dll        (76790000 - 7679C000)
iphlpapi.dll        (76D60000 - 76D79000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
VERSION.dll         (77C00000 - 77C08000)
Apphelp.dll         (77B40000 - 77B62000)

PID 1968  - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
msvcrt.dll          (77C10000 - 77C68000)
SHLWAPI.dll         (77F60000 - 77FD6000)
VERSION.dll         (77C00000 - 77C08000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
msctfime.ime        (755C0000 - 755EE000)
ole32.dll           (774E0000 - 7761D000)
sprtsched.dll       (62D20000 - 62DFD000)
sprtfod.dll         (627C0000 - 62823000)
WSOCK32.dll         (71AD0000 - 71AD9000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
LIBEAY32.dll        (61F30000 - 62038000)
NETAPI32.dll        (5B860000 - 5B8B5000)
WININET.DLL         (3D930000 - 3DA01000)
Normaliz.dll        (00B60000 - 00B69000)
iertutil.dll        (3DFD0000 - 3E015000)
URLMON.DLL          (78130000 - 78258000)
OLEAUT32.dll        (77120000 - 771AB000)
sprtsync.dll        (65700000 - 657DF000)
WINSPOOL.DRV        (73000000 - 73026000)
sprtupdate.dll      (62E00000 - 62E55000)
msi.dll             (7D1E0000 - 7D49C000)
mswsock.dll         (71A50000 - 71A8F000)
DNSAPI.dll          (76F20000 - 76F47000)
iphlpapi.dll        (76D60000 - 76D79000)
winrnr.dll          (76FB0000 - 76FB8000)
WLDAP32.dll         (76F60000 - 76F8C000)
mdnsNSP.dll         (64000000 - 64025000)
rasadhlp.dll        (76FC0000 - 76FC6000)
NTMARTA.DLL         (77690000 - 776B1000)
SAMLIB.dll          (71BF0000 - 71C03000)
RASAPI32.dll        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
TAPI32.dll          (76EB0000 - 76EDF000)
rtutils.dll         (76E80000 - 76E8E000)
WINMM.dll           (76B40000 - 76B6D000)
USERENV.dll         (769C0000 - 76A74000)

PID 2004  - C:\WINDOWS\wanmpsvc.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
msvcrt.dll          (77C10000 - 77C68000)
SHLWAPI.dll         (77F60000 - 77FD6000)
iphlpapi.dll        (76D60000 - 76D79000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
RASAPI32.dll        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
NETAPI32.dll        (5B860000 - 5B8B5000)
TAPI32.dll          (76EB0000 - 76EDF000)
rtutils.dll         (76E80000 - 76E8E000)
WINMM.dll           (76B40000 - 76B6D000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)

PID 116   - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
LZ32.dll            (73DC0000 - 73DC3000)
RPCRT4.dll          (77E70000 - 77F02000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
Secur32.dll         (77FE0000 - 77FF1000)
LockDown.dll        (140E0000 - 140E9000)
msvcrt.dll          (77C10000 - 77C68000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
mytilus3.dll        (14180000 - 14199000)
mytilus3_worker.dll (14710000 - 14766000)
SHFOLDER.dll        (76780000 - 76789000)
DNSAPI.dll          (76F20000 - 76F47000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
WININET.dll         (3D930000 - 3DA01000)
SHLWAPI.dll         (77F60000 - 77FD6000)
Normaliz.dll        (00340000 - 00349000)
iertutil.dll        (3DFD0000 - 3E015000)
ole32.dll           (774E0000 - 7761D000)
OLEAUT32.dll        (77120000 - 771AB000)
mytilus3_server.dll (14810000 - 1482C000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
mcshield.dll        (14100000 - 1415C000)
FTL.Dll             (14080000 - 1408E000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
comctl32.dll        (5D090000 - 5D12A000)
psapi.dll           (76BF0000 - 76BFB000)
WTSAPI32.Dll        (76F50000 - 76F58000)
WINSTA.dll          (76360000 - 76370000)
NETAPI32.dll        (5B860000 - 5B8B5000)
mfeavfa.dll         (6EFF0000 - 6F001000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
mfehida.dll         (66240000 - 66255000)
mfevtpa.dll         (6DA50000 - 6DA73000)
sfc.dll             (76BB0000 - 76BB5000)
sfc_os.dll          (76C60000 - 76C8A000)
WINTRUST.dll        (76C30000 - 76C5E000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
mcscan32.dll        (12000000 - 1231C000)
mfeapfa.dll         (65490000 - 6549E000)
rsaenh.dll          (68000000 - 68036000)
xpsp2res.dll        (0F350000 - 0F615000)
userenv.dll         (769C0000 - 76A74000)
VERSION.dll         (77C00000 - 77C08000)
mfebopa.dll         (603D0000 - 603DF000)
RASAPI32.dll        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
TAPI32.dll          (76EB0000 - 76EDF000)
rtutils.dll         (76E80000 - 76E8E000)
WINMM.dll           (76B40000 - 76B6D000)
iphlpapi.dll        (76D60000 - 76D79000)

PID 280   - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
RPCRT4.dll          (77E70000 - 77F02000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
Secur32.dll         (77FE0000 - 77FF1000)
msvcrt.dll          (77C10000 - 77C68000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
IMM32.DLL           (76390000 - 763AD000)
mfehida.dll         (66240000 - 66255000)
dnsapi.dll          (76F20000 - 76F47000)
IPHLPAPI.DLL        (76D60000 - 76D79000)
netman.dll          (77D00000 - 77D33000)
MPRAPI.dll          (76D40000 - 76D58000)
ACTIVEDS.dll        (77CC0000 - 77CF2000)
adsldpc.dll         (76E10000 - 76E35000)
NETAPI32.dll        (5B860000 - 5B8B5000)
WLDAP32.dll         (76F60000 - 76F8C000)
ATL.DLL             (76B20000 - 76B31000)
ole32.dll           (774E0000 - 7761D000)
OLEAUT32.dll        (77120000 - 771AB000)
rtutils.dll         (76E80000 - 76E8E000)
SAMLIB.dll          (71BF0000 - 71C03000)
SETUPAPI.dll        (77920000 - 77A13000)
netshell.dll        (76400000 - 765A5000)
credui.dll          (76C00000 - 76C2E000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
dot3api.dll         (478C0000 - 478CA000)
dot3dlg.dll         (736D0000 - 736D6000)
OneX.DLL            (5DCA0000 - 5DCC8000)
WTSAPI32.dll        (76F50000 - 76F58000)
WINSTA.dll          (76360000 - 76370000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
eappcfg.dll         (745B0000 - 745D2000)
MSVCP60.dll         (76080000 - 760E5000)
eappprxy.dll        (5DCD0000 - 5DCDE000)
RASAPI32.dll        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
TAPI32.dll          (76EB0000 - 76EDF000)
WINMM.dll           (76B40000 - 76B6D000)
WININET.dll         (3D930000 - 3DA01000)
Normaliz.dll        (00970000 - 00979000)
iertutil.dll        (3DFD0000 - 3E015000)
WZCSAPI.DLL         (73030000 - 73040000)
WZCSvc.DLL          (7DB10000 - 7DB9C000)
WMI.dll             (76D30000 - 76D34000)
DHCPCSVC.DLL        (7D4B0000 - 7D4D2000)
EapolQec.dll        (72810000 - 7281B000)
QUtil.dll           (726C0000 - 726D6000)
ESENT.dll           (606B0000 - 607BD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
mswsock.dll         (71A50000 - 71A8F000)
hnetcfg.dll         (662B0000 - 66308000)
wshtcpip.dll        (71A90000 - 71A98000)

PID 344   - C:\WINDOWS\Explorer.EXE
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
The code of NtCreateFile at 7C90D0AE (0) got patched. Here is the diff:
Address   New-Original
7C90D0AE: E9 - B8 
7C90D0AF: 4D - 25 
7C90D0B0: 2F - 00 
7C90D0B1: 78 - 00 
7C90D0B2: 83 - 00 
--> JMP DWORD PTR DS:[00090000]
Disassembly old code:
7C90D0AE: B8 25000000  MOV EAX, 00000025

Disassembly new code:
7C90D0AE: E9 4D2F7883  JMP 00090000
Disassembly of hooker:
00090000: 68 25B8E9C4  PUSH C4E9B825
00090005: E8 B4DF877C  CALL 7C90DFBE
0009000A: 58           POP EAX
0009000B: C2 2C00      RET 002C
0009000E: C3           RET ; Pop IP
0009000F: 0100         ADD DWORD PTR DS:[EAX],EAX
00090011: 0000         ADD BYTE PTR DS:[EAX],AL
00090013: 0000         ADD BYTE PTR DS:[EAX],AL
00090015: 0000         ADD BYTE PTR DS:[EAX],AL
00090017: 0000         ADD BYTE PTR DS:[EAX],AL
00090019: 0000         ADD BYTE PTR DS:[EAX],AL
0009001B: 0000         ADD BYTE PTR DS:[EAX],AL
0009001D: 0000         ADD BYTE PTR DS:[EAX],AL
0009001F: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of NtCreateProcess at 7C90D14E (0) got patched. Here is the diff:
Address   New-Original
7C90D14E: E9 - B8 
7C90D14F: 6D - 2F 
7C90D150: 3E - 00 
7C90D151: 78 - 00 
7C90D152: 83 - 00 
--> JMP DWORD PTR DS:[00090FC0]
Disassembly old code:
7C90D14E: B8 2F000000  MOV EAX, 0000002F

Disassembly new code:
7C90D14E: E9 6D3E7883  JMP 00090FC0
Disassembly of hooker:
00090FC0: 68 25B8E9C4  PUSH C4E9B825
00090FC5: E8 F4CF877C  CALL 7C90DFBE
00090FCA: 58           POP EAX
00090FCB: C2 2000      RET 0020
00090FCE: C3           RET ; Pop IP
00090FCF: 0300         ADD EAX,DWORD PTR DS:[EAX]
00090FD1: B8 2F000000  MOV EAX, 0000002F
00090FD6: E9 78C1877C  JMP 7C90D153
00090FDB: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of NtProtectVirtualMemory at 7C90D6EE (0) got patched. Here is the diff:
Address   New-Original
7C90D6EE: E9 - B8 
7C90D6EF: E8 - 89 
7C90D6F0: 38 - 00 
7C90D6F1: 78 - 00 
7C90D6F2: 83 - 00 
--> JMP DWORD PTR DS:[00090FDB]
Disassembly old code:
7C90D6EE: B8 89000000  MOV EAX, 00000089

Disassembly new code:
7C90D6EE: E9 E8387883  JMP 00090FDB
Disassembly of hooker:
00090FDB: 68 25B8E9C4  PUSH C4E9B825
00090FE0: E8 D9CF877C  CALL 7C90DFBE
00090FE5: 58           POP EAX
00090FE6: C2 1400      RET 0014
00090FE9: C3           RET ; Pop IP
00090FEA: 0200         ADD AL,BYTE PTR DS:[EAX]
00090FEC: B8 89000000  MOV EAX, 00000089
00090FF1: E9 FDC6877C  JMP 7C90D6F3
00090FF6: B8 25000000  MOV EAX, 00000025
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwCreateFile at 7C90D0AE (0) got patched. Here is the diff:
Address   New-Original
7C90D0AE: E9 - B8 
7C90D0AF: 4D - 25 
7C90D0B0: 2F - 00 
7C90D0B1: 78 - 00 
7C90D0B2: 83 - 00 
--> JMP DWORD PTR DS:[00090000]
Disassembly old code:
7C90D0AE: B8 25000000  MOV EAX, 00000025

Disassembly new code:
7C90D0AE: E9 4D2F7883  JMP 00090000
Disassembly of hooker:
00090000: 68 25B8E9C4  PUSH C4E9B825
00090005: E8 B4DF877C  CALL 7C90DFBE
0009000A: 58           POP EAX
0009000B: C2 2C00      RET 002C
0009000E: C3           RET ; Pop IP
0009000F: 0100         ADD DWORD PTR DS:[EAX],EAX
00090011: 0000         ADD BYTE PTR DS:[EAX],AL
00090013: 0000         ADD BYTE PTR DS:[EAX],AL
00090015: 0000         ADD BYTE PTR DS:[EAX],AL
00090017: 0000         ADD BYTE PTR DS:[EAX],AL
00090019: 0000         ADD BYTE PTR DS:[EAX],AL
0009001B: 0000         ADD BYTE PTR DS:[EAX],AL
0009001D: 0000         ADD BYTE PTR DS:[EAX],AL
0009001F: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwCreateProcess at 7C90D14E (0) got patched. Here is the diff:
Address   New-Original
7C90D14E: E9 - B8 
7C90D14F: 6D - 2F 
7C90D150: 3E - 00 
7C90D151: 78 - 00 
7C90D152: 83 - 00 
--> JMP DWORD PTR DS:[00090FC0]
Disassembly old code:
7C90D14E: B8 2F000000  MOV EAX, 0000002F

Disassembly new code:
7C90D14E: E9 6D3E7883  JMP 00090FC0
Disassembly of hooker:
00090FC0: 68 25B8E9C4  PUSH C4E9B825
00090FC5: E8 F4CF877C  CALL 7C90DFBE
00090FCA: 58           POP EAX
00090FCB: C2 2000      RET 0020
00090FCE: C3           RET ; Pop IP
00090FCF: 0300         ADD EAX,DWORD PTR DS:[EAX]
00090FD1: B8 2F000000  MOV EAX, 0000002F
00090FD6: E9 78C1877C  JMP 7C90D153
00090FDB: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of ZwProtectVirtualMemory at 7C90D6EE (0) got patched. Here is the diff:
Address   New-Original
7C90D6EE: E9 - B8 
7C90D6EF: E8 - 89 
7C90D6F0: 38 - 00 
7C90D6F1: 78 - 00 
7C90D6F2: 83 - 00 
--> JMP DWORD PTR DS:[00090FDB]
Disassembly old code:
7C90D6EE: B8 89000000  MOV EAX, 00000089

Disassembly new code:
7C90D6EE: E9 E8387883  JMP 00090FDB
Disassembly of hooker:
00090FDB: 68 25B8E9C4  PUSH C4E9B825
00090FE0: E8 D9CF877C  CALL 7C90DFBE
00090FE5: 58           POP EAX
00090FE6: C2 1400      RET 0014
00090FE9: C3           RET ; Pop IP
00090FEA: 0200         ADD AL,BYTE PTR DS:[EAX]
00090FEC: B8 89000000  MOV EAX, 00000089
00090FF1: E9 FDC6877C  JMP 7C90D6F3
00090FF6: B8 25000000  MOV EAX, 00000025
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
kernel32.dll        (7C800000 - 7C8F6000)
  Explorer.EXE:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ShimEng.dll:
Base address:   5CB70000
Size:      00026000
Flags:      8000400C
Load count:   1
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5512
Company:   Microsoft Corporation
File Version:   5.1.2600.5512 (xpsp.080413-2105)
Description:   Shim Engine DLL
Location:   C:\WINDOWS\system32\ShimEng.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  ADVAPI32.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ShimEng.dll:
Base address:   5CB70000
Size:      00026000
Flags:      8000400C
Load count:   1
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5512
Company:   Microsoft Corporation
File Version:   5.1.2600.5512 (xpsp.080413-2105)
Description:   Shim Engine DLL
Location:   C:\WINDOWS\system32\ShimEng.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  RPCRT4.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  Secur32.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  BROWSEUI.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  GDI32.dll   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  USER32.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  msvcrt.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  ole32.dll   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  SHLWAPI.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  OLEAUT32.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  SHDOCVW.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  CRYPT32.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  MSASN1.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  CRYPTUI.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  NETAPI32.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  VERSION.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WININET.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  iertutil.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WINTRUST.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  IMAGEHLP.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WLDAP32.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  SHELL32.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  UxTheme.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WINMM.dll   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  MSACM32.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  USERENV.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  IMM32.DLL   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  comctl32.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  comctl32.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  msctfime.ime:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  appHelp.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  CLBCATQ.DLL :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  AcSignIcon.dlGetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WINSPOOL.DRV:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  OLEACC.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  cscui.dll   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  CSCDLL.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  themeui.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  msutb.dll   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  MSCTF.dll   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  AcSignCore16.GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WS2_32.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WS2HELP.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  LINKINFO.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  ntshrui.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  ATL.DLL     :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  SETUPAPI.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  ieframe.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  PSAPI.DLL   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  webcheck.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  MSVCR80.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  NETSHELL.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  credui.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WTSAPI32.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  eappcfg.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  iphlpapi.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  msi.dll     :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  stobject.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  BatMeter.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WPDShServiceOGetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  WINHTTP.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  rsaenh.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  urlmon.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  mydocs.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  PortableDevicGetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  PortableDevicGetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  MLANG.dll   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  fxsst.dll   :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  FXSAPI.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  NTMARTA.DLL :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  MPR.dll     :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  AdobeDriveCS4GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  ntlanman.dll:GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  NETUI0.dll  :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
  davclnt.dll :GetProcAddress           --[HOOKED]--  @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
The code of CreateFileA at 7C801A28 (0) got patched. Here is the diff:
Address   New-Original
7C801A28: E9 - 8B 
7C801A29: D3 - FF 
7C801A2A: E5 - 55 
7C801A2B: 9A - 8B 
7C801A2C: 83 - EC 
--> JMP DWORD PTR DS:[001B0000]
Disassembly old code:
7C801A28: 8BFF         MOV EDI, EDI
7C801A2A: 55           PUSH EBP
7C801A2B: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801A28: E9 D3E59A83  JMP 001B0000
Disassembly of hooker:
001B0000: 68 25B8E9C4  PUSH C4E9B825
001B0005: E8 B4DF757C  CALL 7C90DFBE
001B000A: 58           POP EAX
001B000B: C2 1C00      RET 001C
001B000E: C3           RET ; Pop IP
001B000F: 0400         ADD AL, 00
001B0011: 68 25B8E9C4  PUSH C4E9B825
001B0016: E8 A3DF757C  CALL 7C90DFBE
001B001B: 58           POP EAX
001B001C: C2 1C00      RET 001C
001B001F: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:38:09 PM

Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateFileW at 7C810800 (0) got patched. Here is the diff:
Address   New-Original
7C810800: E9 - 8B 
7C810801: 0C - FF 
7C810802: F8 - 55 
7C810803: 99 - 8B 
7C810804: 83 - EC 
--> JMP DWORD PTR DS:[001B0011]
Disassembly old code:
7C810800: 8BFF         MOV EDI, EDI
7C810802: 55           PUSH EBP
7C810803: 8BEC         MOV EBP, ESP

Disassembly new code:
7C810800: E9 0CF89983  JMP 001B0011
Disassembly of hooker:
001B0011: 68 25B8E9C4  PUSH C4E9B825
001B0016: E8 A3DF757C  CALL 7C90DFBE
001B001B: 58           POP EAX
001B001C: C2 1C00      RET 001C
001B001F: C3           RET ; Pop IP
001B0020: 05 008BFF55  ADD EAX, 55FF8B00
001B0025: 8BEC         MOV EBP, ESP
001B0027: E9 D907667C  JMP 7C810805
001B002C: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateNamedPipeA at 7C860CDC (0) got patched. Here is the diff:
Address   New-Original
7C860CDC: E9 - 8B 
7C860CDD: 4B - FF 
7C860CDE: F3 - 55 
7C860CDF: 94 - 8B 
7C860CE0: 83 - EC 
--> JMP DWORD PTR DS:[001B002C]
Disassembly old code:
7C860CDC: 8BFF         MOV EDI, EDI
7C860CDE: 55           PUSH EBP
7C860CDF: 8BEC         MOV EBP, ESP

Disassembly new code:
7C860CDC: E9 4BF39483  JMP 001B002C
Disassembly of hooker:
001B002C: 68 25B8E9C4  PUSH C4E9B825
001B0031: E8 88DF757C  CALL 7C90DFBE
001B0036: 58           POP EAX
001B0037: C2 2000      RET 0020
001B003A: C3           RET ; Pop IP
001B003B: 06           PUSH ES ; Push ES register to the stack
001B003C: 006825       ADD BYTE PTR DS:[EAX+25H],CH
001B003F: B8 E9C4E877  MOV EAX, 77E8C4E9
001B0044: DF757C       FBSTP TBYTE PTR SS:[EBP+7CH]
001B0047: 58           POP EAX
001B0048: C2 2000      RET 0020
001B004B: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateNamedPipeW at 7C82F0DD (0) got patched. Here is the diff:
Address   New-Original
7C82F0DD: E9 - 8B 
7C82F0DE: 5B - FF 
7C82F0DF: 0F - 55 
7C82F0E0: 98 - 8B 
7C82F0E1: 83 - EC 
--> JMP DWORD PTR DS:[001B003D]
Disassembly old code:
7C82F0DD: 8BFF         MOV EDI, EDI
7C82F0DF: 55           PUSH EBP
7C82F0E0: 8BEC         MOV EBP, ESP

Disassembly new code:
7C82F0DD: E9 5B0F9883  JMP 001B003D
Disassembly of hooker:
001B003D: 68 25B8E9C4  PUSH C4E9B825
001B0042: E8 77DF757C  CALL 7C90DFBE
001B0047: 58           POP EAX
001B0048: C2 2000      RET 0020
001B004B: C3           RET ; Pop IP
001B004C: 07           POP ES ; Pop top stack to ES
001B004D: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
001B0053: E9 281D657C  JMP 7C801D80
001B0058: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreatePipe at 7C81D83F (0) got patched. Here is the diff:
Address   New-Original
7C81D83F: E9 - 8B 
7C81D840: 41 - FF 
7C81D841: 37 - 55 
7C81D842: 99 - 8B 
7C81D843: 83 - EC 
--> JMP DWORD PTR DS:[001B0F85]
Disassembly old code:
7C81D83F: 8BFF         MOV EDI, EDI
7C81D841: 55           PUSH EBP
7C81D842: 8BEC         MOV EBP, ESP

Disassembly new code:
7C81D83F: E9 41379983  JMP 001B0F85
Disassembly of hooker:
001B0F85: 68 25B8E9C4  PUSH C4E9B825
001B0F8A: E8 2FD0757C  CALL 7C90DFBE
001B0F8F: 58           POP EAX
001B0F90: C2 1000      RET 0010
001B0F93: C3           RET ; Pop IP
001B0F94: 0E           PUSH CS ; Push CS register to the stack
001B0F95: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
001B0F9B: E9 C60A657C  JMP 7C801A66
001B0FA0: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address   New-Original
7C80236B: E9 - 8B 
7C80236C: FA - FF 
7C80236D: EB - 55 
7C80236E: 9A - 8B 
7C80236F: 83 - EC 
--> JMP DWORD PTR DS:[001B0F6A]
Disassembly old code:
7C80236B: 8BFF         MOV EDI, EDI
7C80236D: 55           PUSH EBP
7C80236E: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80236B: E9 FAEB9A83  JMP 001B0F6A
Disassembly of hooker:
001B0F6A: 68 25B8E9C4  PUSH C4E9B825
001B0F6F: E8 4AD0757C  CALL 7C90DFBE
001B0F74: 58           POP EAX
001B0F75: C2 2800      RET 0028
001B0F78: C3           RET ; Pop IP
001B0F79: 1200         ADC AL,BYTE PTR DS:[EAX]
001B0F7B: 8BFF         MOV EDI, EDI
001B0F7D: 55           PUSH EBP
001B0F7E: 8BEC         MOV EBP, ESP
001B0F80: E9 8D156B7C  JMP 7C862512
001B0F85: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address   New-Original
7C802336: E9 - 8B 
7C802337: C8 - FF 
7C802338: DD - 55 
7C802339: 9A - 8B 
7C80233A: 83 - EC 
--> JMP DWORD PTR DS:[001B0103]
Disassembly old code:
7C802336: 8BFF         MOV EDI, EDI
7C802338: 55           PUSH EBP
7C802339: 8BEC         MOV EBP, ESP

Disassembly new code:
7C802336: E9 C8DD9A83  JMP 001B0103
Disassembly of hooker:
001B0103: 68 25B8E9C4  PUSH C4E9B825
001B0108: E8 B1DE757C  CALL 7C90DFBE
001B010D: 58           POP EAX
001B010E: C2 2800      RET 0028
001B0111: C3           RET ; Pop IP
001B0112: 1300         ADC EAX,DWORD PTR DS:[EAX]
001B0114: 8BFF         MOV EDI, EDI
001B0116: 55           PUSH EBP
001B0117: 8BEC         MOV EBP, ESP
001B0119: E9 1D22657C  JMP 7C80233B
001B011E: 0000         ADD BYTE PTR DS:[EAX],AL
001B0120: 0000         ADD BYTE PTR DS:[EAX],AL
001B0122: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetProcAddress at 7C80AE40 (0) got patched. Here is the diff:
Address   New-Original
7C80AE40: E9 - 8B 
7C80AE41: 0A - FF 
7C80AE42: 61 - 55 
7C80AE43: 9A - 8B 
7C80AE44: 83 - EC 
--> JMP DWORD PTR DS:[001B0F4F]
Disassembly old code:
7C80AE40: 8BFF         MOV EDI, EDI
7C80AE42: 55           PUSH EBP
7C80AE43: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80AE40: E9 0A619A83  JMP 001B0F4F
Disassembly of hooker:
001B0F4F: 68 25B8E9C4  PUSH C4E9B825
001B0F54: E8 65D0757C  CALL 7C90DFBE
001B0F59: 58           POP EAX
001B0F5A: C2 0800      RET 0008
001B0F5D: C3           RET ; Pop IP
001B0F5E: 1400         ADC AL, 00
001B0F60: 8BFF         MOV EDI, EDI
001B0F62: 55           PUSH EBP
001B0F63: 8BEC         MOV EBP, ESP
001B0F65: E9 DB9E657C  JMP 7C80AE45
001B0F6A: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetStartupInfoA at 7C801EF2 (0) got patched. Here is the diff:
Address   New-Original
7C801EF2: E9 - 6A 
7C801EF3: B9 - 18 
7C801EF4: E1 - 68 
--> JMP DWORD PTR DS:[001B00B0]
Disassembly old code:
7C801EF2: 6A18         PUSH 18

Disassembly new code:
7C801EF2: E9 B9E19A83  JMP 001B00B0
Disassembly of hooker:
001B00B0: 68 25B8E9C4  PUSH C4E9B825
001B00B5: E8 04DF757C  CALL 7C90DFBE
001B00BA: 58           POP EAX
001B00BB: C2 0400      RET 0004
001B00BE: C3           RET ; Pop IP
001B00BF: 0F006A18     VERW WORD PTR DS:[EDX+18]
001B00C3: 68 C82F817C  PUSH 7C812FC8
001B00C8: E9 2C1E657C  JMP 7C801EF9
001B00CD: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of GetStartupInfoW at 7C801E54 (0) got patched. Here is the diff:
Address   New-Original
7C801E54: E9 - 8B 
7C801E55: 74 - FF 
7C801E56: E2 - 55 
7C801E57: 9A - 8B 
7C801E58: 83 - EC 
--> JMP DWORD PTR DS:[001B00CD]
Disassembly old code:
7C801E54: 8BFF         MOV EDI, EDI
7C801E56: 55           PUSH EBP
7C801E57: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801E54: E9 74E29A83  JMP 001B00CD
Disassembly of hooker:
001B00CD: 68 25B8E9C4  PUSH C4E9B825
001B00D2: E8 E7DE757C  CALL 7C90DFBE
001B00D7: 58           POP EAX
001B00D8: C2 0400      RET 0004
001B00DB: C3           RET ; Pop IP
001B00DC: 1000         ADC BYTE PTR DS:[EAX],AL
001B00DE: 8BFF         MOV EDI, EDI
001B00E0: 55           PUSH EBP
001B00E1: 8BEC         MOV EBP, ESP
001B00E3: E9 711D657C  JMP 7C801E59
001B00E8: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryA at 7C801D7B (0) got patched. Here is the diff:
Address   New-Original
7C801D7B: E9 - 8B 
7C801D7C: 51 - FF 
7C801D7D: F2 - 55 
7C801D7E: 9A - 8B 
7C801D7F: 83 - EC 
--> JMP DWORD PTR DS:[001B0FD1]
Disassembly old code:
7C801D7B: 8BFF         MOV EDI, EDI
7C801D7D: 55           PUSH EBP
7C801D7E: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801D7B: E9 51F29A83  JMP 001B0FD1
Disassembly of hooker:
001B0FD1: 68 25B8E9C4  PUSH C4E9B825
001B0FD6: E8 E3CF757C  CALL 7C90DFBE
001B0FDB: 58           POP EAX
001B0FDC: C2 0400      RET 0004
001B0FDF: C3           RET ; Pop IP
001B0FE0: 0800         OR BYTE PTR DS:[EAX],AL
001B0FE2: 8BFF         MOV EDI, EDI
001B0FE4: 55           PUSH EBP
001B0FE5: 8BEC         MOV EBP, ESP
001B0FE7: E9 F6E0677C  JMP 7C82F0E2
001B0FEC: 8BFF         MOV EDI, EDI
001B0FEE: 55           PUSH EBP
001B0FEF: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryExA at 7C801D53 (0) got patched. Here is the diff:
Address   New-Original
7C801D53: E9 - 8B 
7C801D54: 1B - FF 
7C801D55: E3 - 55 
7C801D56: 9A - 8B 
7C801D57: 83 - EC 
--> JMP DWORD PTR DS:[001B0073]
Disassembly old code:
7C801D53: 8BFF         MOV EDI, EDI
7C801D55: 55           PUSH EBP
7C801D56: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801D53: E9 1BE39A83  JMP 001B0073
Disassembly of hooker:
001B0073: 68 25B8E9C4  PUSH C4E9B825
001B0078: E8 41DF757C  CALL 7C90DFBE
001B007D: 58           POP EAX
001B007E: C2 0C00      RET 000C
001B0081: C3           RET ; Pop IP
001B0082: 0A00         OR AL,BYTE PTR DS:[EAX]
001B0084: 68 25B8E9C4  PUSH C4E9B825
001B0089: E8 30DF757C  CALL 7C90DFBE
001B008E: 58           POP EAX
001B008F: C2 0C00      RET 000C
001B0092: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryExW at 7C801AF5 (0) got patched. Here is the diff:
Address   New-Original
7C801AF5: E9 - 6A 
7C801AF6: 8A - 34 
7C801AF7: E5 - 68 
--> JMP DWORD PTR DS:[001B0084]
Disassembly old code:
7C801AF5: 6A34         PUSH 34

Disassembly new code:
7C801AF5: E9 8AE59A83  JMP 001B0084
Disassembly of hooker:
001B0084: 68 25B8E9C4  PUSH C4E9B825
001B0089: E8 30DF757C  CALL 7C90DFBE
001B008E: 58           POP EAX
001B008F: C2 0C00      RET 000C
001B0092: C3           RET ; Pop IP
001B0093: 0B00         OR EAX,DWORD PTR DS:[EAX]
001B0095: 68 25B8E9C4  PUSH C4E9B825
001B009A: E8 1FDF757C  CALL 7C90DFBE
001B009F: 58           POP EAX
001B00A0: C2 1400      RET 0014
001B00A3: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadLibraryW at 7C80AEEB (0) got patched. Here is the diff:
Address   New-Original
7C80AEEB: E9 - 8B 
7C80AEEC: 68 - FF 
7C80AEED: 51 - 55 
7C80AEEE: 9A - 8B 
7C80AEEF: 83 - EC 
--> JMP DWORD PTR DS:[001B0058]
Disassembly old code:
7C80AEEB: 8BFF         MOV EDI, EDI
7C80AEED: 55           PUSH EBP
7C80AEEE: 8BEC         MOV EBP, ESP

Disassembly new code:
7C80AEEB: E9 68519A83  JMP 001B0058
Disassembly of hooker:
001B0058: 68 25B8E9C4  PUSH C4E9B825
001B005D: E8 5CDF757C  CALL 7C90DFBE
001B0062: 58           POP EAX
001B0063: C2 0400      RET 0004
001B0066: C3           RET ; Pop IP
001B0067: 0900         OR DWORD PTR DS:[EAX],EAX
001B0069: 8BFF         MOV EDI, EDI
001B006B: 55           PUSH EBP
001B006C: 8BEC         MOV EBP, ESP
001B006E: E9 7DAE657C  JMP 7C80AEF0
001B0073: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VirtualProtect at 7C801AD4 (0) got patched. Here is the diff:
Address   New-Original
7C801AD4: E9 - 8B 
7C801AD5: C7 - FF 
7C801AD6: F4 - 55 
7C801AD7: 9A - 8B 
7C801AD8: 83 - EC 
--> JMP DWORD PTR DS:[001B0FA0]
Disassembly old code:
7C801AD4: 8BFF         MOV EDI, EDI
7C801AD6: 55           PUSH EBP
7C801AD7: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801AD4: E9 C7F49A83  JMP 001B0FA0
Disassembly of hooker:
001B0FA0: 68 25B8E9C4  PUSH C4E9B825
001B0FA5: E8 14D0757C  CALL 7C90DFBE
001B0FAA: 58           POP EAX
001B0FAB: C2 1000      RET 0010
001B0FAE: C3           RET ; Pop IP
001B0FAF: 0C00         OR AL, 00
001B0FB1: 8BFF         MOV EDI, EDI
001B0FB3: 55           PUSH EBP
001B0FB4: 8BEC         MOV EBP, ESP
001B0FB6: E9 1E0B657C  JMP 7C801AD9
001B0FBB: 6A34         PUSH 34
001B0FBD: 68 F8E0807C  PUSH 7C80E0F8
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of VirtualProtectEx at 7C801A61 (0) got patched. Here is the diff:
Address   New-Original
7C801A61: E9 - 8B 
7C801A62: 2F - FF 
7C801A63: E6 - 55 
7C801A64: 9A - 8B 
7C801A65: 83 - EC 
--> JMP DWORD PTR DS:[001B0095]
Disassembly old code:
7C801A61: 8BFF         MOV EDI, EDI
7C801A63: 55           PUSH EBP
7C801A64: 8BEC         MOV EBP, ESP

Disassembly new code:
7C801A61: E9 2FE69A83  JMP 001B0095
Disassembly of hooker:
001B0095: 68 25B8E9C4  PUSH C4E9B825
001B009A: E8 1FDF757C  CALL 7C90DFBE
001B009F: 58           POP EAX
001B00A0: C2 1400      RET 0014
001B00A3: C3           RET ; Pop IP
001B00A4: 0D 008BFF55  OR EAX, 55FF8B00
001B00A9: 8BEC         MOV EBP, ESP
001B00AB: E9 94D7667C  JMP 7C81D844
001B00B0: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of WinExec at 7C86250D (0) got patched. Here is the diff:
Address   New-Original
7C86250D: E9 - 8B 
7C86250E: D6 - FF 
7C86250F: DB - 55 
7C862510: 94 - 8B 
7C862511: 83 - EC 
--> JMP DWORD PTR DS:[001B00E8]
Disassembly old code:
7C86250D: 8BFF         MOV EDI, EDI
7C86250F: 55           PUSH EBP
7C862510: 8BEC         MOV EBP, ESP

Disassembly new code:
7C86250D: E9 D6DB9483  JMP 001B00E8
Disassembly of hooker:
001B00E8: 68 25B8E9C4  PUSH C4E9B825
001B00ED: E8 CCDE757C  CALL 7C90DFBE
001B00F2: 58           POP EAX
001B00F3: C2 0800      RET 0008
001B00F6: C3           RET ; Pop IP
001B00F7: 1100         ADC DWORD PTR DS:[EAX],EAX
001B00F9: 8BFF         MOV EDI, EDI
001B00FB: 55           PUSH EBP
001B00FC: 8BEC         MOV EBP, ESP
001B00FE: E9 6D22657C  JMP 7C802370
001B0103: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ADVAPI32.dll        (77DD0000 - 77E6B000)
The code of RegCreateKeyA at 77DFBCF3 (0) got patched. Here is the diff:
Address   New-Original
77DFBCF3: E9 - 8B 
77DFBCF4: 48 - FF 
77DFBCF5: 43 - 55 
77DFBCF6: 4A - 8B 
77DFBCF7: 88 - EC 
--> JMP DWORD PTR DS:[002A0040]
Disassembly old code:
77DFBCF3: 8BFF         MOV EDI, EDI
77DFBCF5: 55           PUSH EBP
77DFBCF6: 8BEC         MOV EBP, ESP

Disassembly new code:
77DFBCF3: E9 48434A88  JMP 002A0040
Disassembly of hooker:
002A0040: 68 25B8E9C4  PUSH C4E9B825
002A0045: E8 74DF667C  CALL 7C90DFBE
002A004A: 58           POP EAX
002A004B: C2 0C00      RET 000C
002A004E: C3           RET ; Pop IP
002A004F: 1900         SBB DWORD PTR DS:[EAX],EAX
002A0051: 8BFF         MOV EDI, EDI
002A0053: 55           PUSH EBP
002A0054: 8BEC         MOV EBP, ESP
002A0056: E9 FFB9B577  JMP 77DFBA5A
002A005B: 8BFF         MOV EDI, EDI
002A005D: 55           PUSH EBP
002A005E: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:38:57 PM

Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyExA at 77DDE9F4 (0) got patched. Here is the diff:
Address   New-Original
77DDE9F4: E9 - 8B 
77DDE9F5: AF - FF 
77DDE9F6: 25 - 55 
77DDE9F7: 4C - 8B 
77DDE9F8: 88 - EC 
--> JMP DWORD PTR DS:[002A0FA8]
Disassembly old code:
77DDE9F4: 8BFF         MOV EDI, EDI
77DDE9F6: 55           PUSH EBP
77DDE9F7: 8BEC         MOV EBP, ESP

Disassembly new code:
77DDE9F4: E9 AF254C88  JMP 002A0FA8
Disassembly of hooker:
002A0FA8: 68 25B8E9C4  PUSH C4E9B825
002A0FAD: E8 0CD0667C  CALL 7C90DFBE
002A0FB2: 58           POP EAX
002A0FB3: C2 2400      RET 0024
002A0FB6: C3           RET ; Pop IP
002A0FB7: 1B00         SBB EAX,DWORD PTR DS:[EAX]
002A0FB9: 68 25B8E9C4  PUSH C4E9B825
002A0FBE: E8 FBCF667C  CALL 7C90DFBE
002A0FC3: 58           POP EAX
002A0FC4: C2 0C00      RET 000C
002A0FC7: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyExW at 77DD776C (0) got patched. Here is the diff:
Address   New-Original
77DD776C: E9 - 8B 
77DD776D: FE - FF 
77DD776E: 88 - 55 
77DD776F: 4C - 8B 
77DD7770: 88 - EC 
--> JMP DWORD PTR DS:[002A006F]
Disassembly old code:
77DD776C: 8BFF         MOV EDI, EDI
77DD776E: 55           PUSH EBP
77DD776F: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD776C: E9 FE884C88  JMP 002A006F
Disassembly of hooker:
002A006F: 68 25B8E9C4  PUSH C4E9B825
002A0074: E8 45DF667C  CALL 7C90DFBE
002A0079: 58           POP EAX
002A007A: C2 2400      RET 0024
002A007D: C3           RET ; Pop IP
002A007E: 1C00         SBB AL, 00
002A0080: 0000         ADD BYTE PTR DS:[EAX],AL
002A0082: 0000         ADD BYTE PTR DS:[EAX],AL
002A0084: 0000         ADD BYTE PTR DS:[EAX],AL
002A0086: 0000         ADD BYTE PTR DS:[EAX],AL
002A0088: 0000         ADD BYTE PTR DS:[EAX],AL
002A008A: 0000         ADD BYTE PTR DS:[EAX],AL
002A008C: 0000         ADD BYTE PTR DS:[EAX],AL
002A008E: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegCreateKeyW at 77DFBA55 (0) got patched. Here is the diff:
Address   New-Original
77DFBA55: E9 - 8B 
77DFBA56: 5F - FF 
77DFBA58: 4A - 8B 
77DFBA59: 88 - EC 
--> JMP DWORD PTR DS:[002A0FB9]
Disassembly old code:
77DFBA55: 8BFF         MOV EDI, EDI
77DFBA57: 55           PUSH EBP
77DFBA58: 8BEC         MOV EBP, ESP

Disassembly new code:
77DFBA55: E9 5F554A88  JMP 002A0FB9
Disassembly of hooker:
002A0FB9: 68 25B8E9C4  PUSH C4E9B825
002A0FBE: E8 FBCF667C  CALL 7C90DFBE
002A0FC3: 58           POP EAX
002A0FC4: C2 0C00      RET 000C
002A0FC7: C3           RET ; Pop IP
002A0FC8: 1A00         SBB AL,BYTE PTR DS:[EAX]
002A0FCA: 8BFF         MOV EDI, EDI
002A0FCC: 55           PUSH EBP
002A0FCD: 8BEC         MOV EBP, ESP
002A0FCF: E9 24ADB577  JMP 77DFBCF8
002A0FD4: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyA at 77DDEFC8 (0) got patched. Here is the diff:
Address   New-Original
77DDEFC8: E9 - 8B 
77DDEFC9: 22 - FF 
77DDEFCA: 20 - 55 
77DDEFCB: 4C - 8B 
77DDEFCC: 88 - EC 
--> JMP DWORD PTR DS:[002A0FEF]
Disassembly old code:
77DDEFC8: 8BFF         MOV EDI, EDI
77DDEFCA: 55           PUSH EBP
77DDEFCB: 8BEC         MOV EBP, ESP

Disassembly new code:
77DDEFC8: E9 22204C88  JMP 002A0FEF
Disassembly of hooker:
002A0FEF: 68 25B8E9C4  PUSH C4E9B825
002A0FF4: E8 C5CF667C  CALL 7C90DFBE
002A0FF9: 58           POP EAX
002A0FFA: C2 0C00      RET 000C
002A0FFD: C3           RET ; Pop IP
002A0FFE: 15 00000000  ADC EAX, 00000000
002A1003: 0000         ADD BYTE PTR DS:[EAX],AL
002A1005: 0000         ADD BYTE PTR DS:[EAX],AL
002A1007: 0000         ADD BYTE PTR DS:[EAX],AL
002A1009: 0000         ADD BYTE PTR DS:[EAX],AL
002A100B: 0000         ADD BYTE PTR DS:[EAX],AL
002A100D: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyExA at 77DD7852 (0) got patched. Here is the diff:
Address   New-Original
77DD7852: E9 - 8B 
77DD7853: C4 - FF 
77DD7854: 87 - 55 
77DD7855: 4C - 8B 
77DD7856: 88 - EC 
--> JMP DWORD PTR DS:[002A001B]
Disassembly old code:
77DD7852: 8BFF         MOV EDI, EDI
77DD7854: 55           PUSH EBP
77DD7855: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD7852: E9 C4874C88  JMP 002A001B
Disassembly of hooker:
002A001B: 68 25B8E9C4  PUSH C4E9B825
002A0020: E8 99DF667C  CALL 7C90DFBE
002A0025: 58           POP EAX
002A0026: C2 1400      RET 0014
002A0029: C3           RET ; Pop IP
002A002A: 17           POP SS ; Pop top stack to SS
002A002B: 008B FF558BEC ADD BYTE PTR DS:[EBX+EC8B55FF],CL
002A0031: E9 2178B377  JMP 77DD7857
002A0036: 8BFF         MOV EDI, EDI
002A0038: 55           PUSH EBP
002A0039: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyExW at 77DD6AAF (0) got patched. Here is the diff:
Address   New-Original
77DD6AAF: E9 - 8B 
77DD6AB0: 20 - FF 
77DD6AB1: A5 - 55 
77DD6AB2: 4C - 8B 
77DD6AB3: 88 - EC 
--> JMP DWORD PTR DS:[002A0FD4]
Disassembly old code:
77DD6AAF: 8BFF         MOV EDI, EDI
77DD6AB1: 55           PUSH EBP
77DD6AB2: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD6AAF: E9 20A54C88  JMP 002A0FD4
Disassembly of hooker:
002A0FD4: 68 25B8E9C4  PUSH C4E9B825
002A0FD9: E8 E0CF667C  CALL 7C90DFBE
002A0FDE: 58           POP EAX
002A0FDF: C2 1400      RET 0014
002A0FE2: C3           RET ; Pop IP
002A0FE3: 1800         SBB BYTE PTR DS:[EAX],AL
002A0FE5: 8BFF         MOV EDI, EDI
002A0FE7: 55           PUSH EBP
002A0FE8: 8BEC         MOV EBP, ESP
002A0FEA: E9 DEDFB377  JMP 77DDEFCD
002A0FEF: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of RegOpenKeyW at 77DD7946 (0) got patched. Here is the diff:
Address   New-Original
77DD7946: E9 - 8B 
77DD7947: BF - FF 
77DD7948: 86 - 55 
77DD7949: 4C - 8B 
77DD794A: 88 - EC 
--> JMP DWORD PTR DS:[002A000A]
Disassembly old code:
77DD7946: 8BFF         MOV EDI, EDI
77DD7948: 55           PUSH EBP
77DD7949: 8BEC         MOV EBP, ESP

Disassembly new code:
77DD7946: E9 BF864C88  JMP 002A000A
Disassembly of hooker:
002A000A: 68 25B8E9C4  PUSH C4E9B825
002A000F: E8 AADF667C  CALL 7C90DFBE
002A0014: 58           POP EAX
002A0015: C2 0C00      RET 000C
002A0018: C3           RET ; Pop IP
002A0019: 16           PUSH SS ; Push SS register to the stack
002A001A: 006825       ADD BYTE PTR DS:[EAX+25H],CH
002A001D: B8 E9C4E899  MOV EAX, 99E8C4E9
002A0022: DF667C       FBLD TBYTE PTR DS:[ESI+7CH]
002A0025: 58           POP EAX
002A0026: C2 1400      RET 0014
002A0029: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
BROWSEUI.dll        (75F80000 - 7607D000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
msvcrt.dll          (77C10000 - 77C68000)
The code of _creat at 77C2D40F (0) got patched. Here is the diff:
Address   New-Original
77C2D40F: E9 - 8B 
77C2D410: CF - FF 
77C2D411: 3B - 55 
77C2D412: 68 - 8B 
77C2D413: 88 - EC 
--> JMP DWORD PTR DS:[002B0FE3]
Disassembly old code:
77C2D40F: 8BFF         MOV EDI, EDI
77C2D411: 55           PUSH EBP
77C2D412: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2D40F: E9 CF3B6888  JMP 002B0FE3
Disassembly of hooker:
002B0FE3: 68 25B8E9C4  PUSH C4E9B825
002B0FE8: E8 D1CF657C  CALL 7C90DFBE
002B0FED: 58           POP EAX
002B0FEE: C2 0000      RET 0000
002B0FF1: C3           RET ; Pop IP
002B0FF2: 1F           POP DS ; Pop top stack to DS
002B0FF3: 0000         ADD BYTE PTR DS:[EAX],AL
002B0FF5: 0000         ADD BYTE PTR DS:[EAX],AL
002B0FF7: 0000         ADD BYTE PTR DS:[EAX],AL
002B0FF9: 0000         ADD BYTE PTR DS:[EAX],AL
002B0FFB: 0000         ADD BYTE PTR DS:[EAX],AL
002B0FFD: 0000         ADD BYTE PTR DS:[EAX],AL
002B0FFF: 0000         ADD BYTE PTR DS:[EAX],AL
002B1001: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _open at 77C2F566 (0) got patched. Here is the diff:
Address   New-Original
77C2F566: E9 - 6A 
77C2F567: A1 - 14 
77C2F568: 0A - 68 
--> JMP DWORD PTR DS:[002B000C]
Disassembly old code:
77C2F566: 6A14         PUSH 14

Disassembly new code:
77C2F566: E9 A10A6888  JMP 002B000C
Disassembly of hooker:
002B000C: 68 25B8E9C4  PUSH C4E9B825
002B0011: E8 A8DF657C  CALL 7C90DFBE
002B0016: 58           POP EAX
002B0017: C2 0000      RET 0000
002B001A: C3           RET ; Pop IP
002B001B: 1D 006825B8  SBB EAX, B8256800
002B0020: E9 C4E897DF  JMP DFC2E8E9
002B0025: 65:7C58      JL 002B0080
002B0028: C2 0000      RET 0000
002B002B: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wcreat at 77C2FC9B (0) got patched. Here is the diff:
Address   New-Original
77C2FC9B: E9 - 8B 
77C2FC9C: 1E - FF 
77C2FC9D: 13 - 55 
77C2FC9E: 68 - 8B 
77C2FC9F: 88 - EC 
--> JMP DWORD PTR DS:[002B0FBE]
Disassembly old code:
77C2FC9B: 8BFF         MOV EDI, EDI
77C2FC9D: 55           PUSH EBP
77C2FC9E: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2FC9B: E9 1E136888  JMP 002B0FBE
Disassembly of hooker:
002B0FBE: 68 25B8E9C4  PUSH C4E9B825
002B0FC3: E8 F6CF657C  CALL 7C90DFBE
002B0FC8: 58           POP EAX
002B0FC9: C2 0000      RET 0000
002B0FCC: C3           RET ; Pop IP
002B0FCD: 2000         AND BYTE PTR DS:[EAX],AL
002B0FCF: 8BFF         MOV EDI, EDI
002B0FD1: 55           PUSH EBP
002B0FD2: 8BEC         MOV EBP, ESP
002B0FD4: E9 C7EC9777  JMP 77C2FCA0
002B0FD9: 8BFF         MOV EDI, EDI
002B0FDB: 55           PUSH EBP
002B0FDC: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wopen at 77C30055 (0) got patched. Here is the diff:
Address   New-Original
77C30055: E9 - 6A 
77C30056: C3 - 14 
77C30057: FF - 68 
--> JMP DWORD PTR DS:[002B001D]
Disassembly old code:
77C30055: 6A14         PUSH 14

Disassembly new code:
77C30055: E9 C3FF6788  JMP 002B001D
Disassembly of hooker:
002B001D: 68 25B8E9C4  PUSH C4E9B825
002B0022: E8 97DF657C  CALL 7C90DFBE
002B0027: 58           POP EAX
002B0028: C2 0000      RET 0000
002B002B: C3           RET ; Pop IP
002B002C: 1E           PUSH DS ; Push DS register to the stack
002B002D: 006825       ADD BYTE PTR DS:[EAX+25H],CH
002B0030: B8 E9C4E886  MOV EAX, 86E8C4E9
002B0035: DF657C       FBLD TBYTE PTR SS:[EBP+7CH]
002B0038: 58           POP EAX
002B0039: C2 0000      RET 0000
002B003C: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of _wsystem at 77C2931E (0) got patched. Here is the diff:
Address   New-Original
77C2931E: E9 - 8B 
77C2931F: 0B - FF 
77C29320: 6D - 55 
77C29321: 68 - 8B 
77C29322: 88 - EC 
--> JMP DWORD PTR DS:[002B002E]
Disassembly old code:
77C2931E: 8BFF         MOV EDI, EDI
77C29320: 55           PUSH EBP
77C29321: 8BEC         MOV EBP, ESP

Disassembly new code:
77C2931E: E9 0B6D6888  JMP 002B002E
Disassembly of hooker:
002B002E: 68 25B8E9C4  PUSH C4E9B825
002B0033: E8 86DF657C  CALL 7C90DFBE
002B0038: 58           POP EAX
002B0039: C2 0000      RET 0000
002B003C: C3           RET ; Pop IP
002B003D: 2200         AND AL,BYTE PTR DS:[EAX]
002B003F: 8BFF         MOV EDI, EDI
002B0041: 55           PUSH EBP
002B0042: 8BEC         MOV EBP, ESP
002B0044: E9 DA929777  JMP 77C29323
002B0049: 0000         ADD BYTE PTR DS:[EAX],AL
002B004B: 0000         ADD BYTE PTR DS:[EAX],AL
002B004D: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of system at 77C293C7 (0) got patched. Here is the diff:
Address   New-Original
77C293C7: E9 - 8B 
77C293C8: E1 - FF 
77C293C9: 7B - 55 
77C293CA: 68 - 8B 
77C293CB: 88 - EC 
--> JMP DWORD PTR DS:[002B0FAD]
Disassembly old code:
77C293C7: 8BFF         MOV EDI, EDI
77C293C9: 55           PUSH EBP
77C293CA: 8BEC         MOV EBP, ESP

Disassembly new code:
77C293C7: E9 E17B6888  JMP 002B0FAD
Disassembly of hooker:
002B0FAD: 68 25B8E9C4  PUSH C4E9B825
002B0FB2: E8 07D0657C  CALL 7C90DFBE
002B0FB7: 58           POP EAX
002B0FB8: C2 0000      RET 0000
002B0FBB: C3           RET ; Pop IP
002B0FBC: 2100         AND DWORD PTR DS:[EAX],EAX
002B0FBE: 68 25B8E9C4  PUSH C4E9B825
002B0FC3: E8 F6CF657C  CALL 7C90DFBE
002B0FC8: 58           POP EAX
002B0FC9: C2 0000      RET 0000
002B0FCC: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ole32.dll           (774E0000 - 7761D000)
SHLWAPI.dll         (77F60000 - 77FD6000)
OLEAUT32.dll        (77120000 - 771AB000)
SHDOCVW.dll         (7E290000 - 7E401000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
CRYPTUI.dll         (754D0000 - 75550000)
NETAPI32.dll        (5B860000 - 5B8B5000)
VERSION.dll         (77C00000 - 77C08000)
WININET.dll         (3D930000 - 3DA01000)
The code of InternetOpenA at 3D953081 (0) got patched. Here is the diff:
Address   New-Original
3D953081: E9 - 8B 
3D953082: 84 - FF 
3D953083: CF - 55 
3D953084: 97 - 8B 
3D953085: C2 - EC 
--> JMP DWORD PTR DS:[002D000A]
Disassembly old code:
3D953081: 8BFF         MOV EDI, EDI
3D953083: 55           PUSH EBP
3D953084: 8BEC         MOV EBP, ESP

Disassembly new code:
3D953081: E9 84CF97C2  JMP 002D000A
Disassembly of hooker:
002D000A: 68 25B8E9C4  PUSH C4E9B825
002D000F: E8 AADF637C  CALL 7C90DFBE
002D0014: 58           POP EAX
002D0015: C2 1400      RET 0014
002D0018: C3           RET ; Pop IP
002D0019: 2300         AND EAX,DWORD PTR DS:[EAX]
002D001B: 8BFF         MOV EDI, EDI
002D001D: 55           PUSH EBP
002D001E: 8BEC         MOV EBP, ESP
002D0020: E9 3A6F683D  JMP 3D956F5F
002D0025: 8BFF         MOV EDI, EDI
002D0027: 55           PUSH EBP
002D0028: 8BEC         MOV EBP, ESP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of InternetOpenUrlA at 3D956F5A (0) got patched. Here is the diff:
Address   New-Original
3D956F5A: E9 - 8B 
3D956F5B: 75 - FF 
3D956F5C: A0 - 55 
3D956F5D: 97 - 8B 
3D956F5E: C2 - EC 
--> JMP DWORD PTR DS:[002D0FD4]
Disassembly old code:
3D956F5A: 8BFF         MOV EDI, EDI
3D956F5C: 55           PUSH EBP
3D956F5D: 8BEC         MOV EBP, ESP

Disassembly new code:
3D956F5A: E9 75A097C2  JMP 002D0FD4
Disassembly of hooker:
002D0FD4: 68 25B8E9C4  PUSH C4E9B825
002D0FD9: E8 E0CF637C  CALL 7C90DFBE
002D0FDE: 58           POP EAX
002D0FDF: C2 1800      RET 0018
002D0FE2: C3           RET ; Pop IP
002D0FE3: 25 008BFF55  AND EAX, 55FF8B00
002D0FE8: 8BEC         MOV EBP, ESP
002D0FEA: E9 C726683D  JMP 3D9536B6
002D0FEF: 68 25B8E9C4  PUSH C4E9B825
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of InternetOpenUrlW at 3D998439 (0) got patched. Here is the diff:
Address   New-Original
3D998439: E9 - 8B 
3D99843A: 85 - FF 
3D99843B: 8B - 55 
3D99843C: 93 - 8B 
3D99843D: C2 - EC 
--> JMP DWORD PTR DS:[002D0FC3]
Disassembly old code:
3D998439: 8BFF         MOV EDI, EDI
3D99843B: 55           PUSH EBP
3D99843C: 8BEC         MOV EBP, ESP

Disassembly new code:
3D998439: E9 858B93C2  JMP 002D0FC3
Disassembly of hooker:
002D0FC3: 68 25B8E9C4  PUSH C4E9B825
002D0FC8: E8 F1CF637C  CALL 7C90DFBE
002D0FCD: 58           POP EAX
002D0FCE: C2 1800      RET 0018
002D0FD1: C3           RET ; Pop IP
002D0FD2: 26:006825    ADD BYTE PTR ES:[EAX+25H],CH
002D0FD6: B8 E9C4E8E0  MOV EAX, E0E8C4E9
002D0FDB: CF           IRETD
002D0FDC: 637C58C2     ARPL DWORD PTR DS:[EBX*2+EAX-3EH],EDI
002D0FE0: 1800         SBB BYTE PTR DS:[EAX],AL
002D0FE2: C3           RET ; Pop IP
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of InternetOpenW at 3D9536B1 (0) got patched. Here is the diff:
Address   New-Original
3D9536B1: E9 - 8B 
3D9536B2: 39 - FF 
3D9536B3: D9 - 55 
3D9536B4: 97 - 8B 
3D9536B5: C2 - EC 
--> JMP DWORD PTR DS:[002D0FEF]
Disassembly old code:
3D9536B1: 8BFF         MOV EDI, EDI
3D9536B3: 55           PUSH EBP
3D9536B4: 8BEC         MOV EBP, ESP

Disassembly new code:
3D9536B1: E9 39D997C2  JMP 002D0FEF
Disassembly of hooker:
002D0FEF: 68 25B8E9C4  PUSH C4E9B825
002D0FF4: E8 C5CF637C  CALL 7C90DFBE
002D0FF9: 58           POP EAX
002D0FFA: C2 1400      RET 0014
002D0FFD: C3           RET ; Pop IP
002D0FFE: 2400         AND AL, 00
002D1000: 0000         ADD BYTE PTR DS:[EAX],AL
002D1002: 0000         ADD BYTE PTR DS:[EAX],AL
002D1004: 0000         ADD BYTE PTR DS:[EAX],AL
002D1006: 0000         ADD BYTE PTR DS:[EAX],AL
002D1008: 0000         ADD BYTE PTR DS:[EAX],AL
002D100A: 0000         ADD BYTE PTR DS:[EAX],AL
002D100C: 0000         ADD BYTE PTR DS:[EAX],AL
002D100E: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Normaliz.dll        (00400000 - 00409000)
iertutil.dll        (3DFD0000 - 3E015000)
WINTRUST.dll        (76C30000 - 76C5E000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
WLDAP32.dll         (76F60000 - 76F8C000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
UxTheme.dll         (5AD70000 - 5ADA8000)
ShimEng.dll         (5CB70000 - 5CB96000)
AcGenral.DLL        (6F880000 - 6FA4A000)
WINMM.dll           (76B40000 - 76B6D000)
MSACM32.dll         (77BE0000 - 77BF5000)
USERENV.dll         (769C0000 - 76A74000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
msctfime.ime        (755C0000 - 755EE000)
appHelp.dll         (77B40000 - 77B62000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
AcSignIcon.dll      (62830000 - 62856000)
WINSPOOL.DRV        (73000000 - 73026000)
OLEACC.dll          (74C80000 - 74CAC000)
MSVCP60.dll         (76080000 - 760E5000)
cscui.dll           (77A20000 - 77A74000)
CSCDLL.dll          (76600000 - 7661D000)
themeui.dll         (5BA60000 - 5BAD1000)
MSIMG32.dll         (76380000 - 76385000)
msutb.dll           (5FC10000 - 5FC43000)
MSCTF.dll           (74720000 - 7476C000)
SAMLIB.dll          (71BF0000 - 71C03000)
AcSignCore16.dll    (628E0000 - 62919000)
WS2_32.dll          (71AB0000 - 71AC7000)
The code of socket at 71AB4211 (0) got patched. Here is the diff:
Address   New-Original
71AB4211: E9 - 8B 
71AB4212: EA - FF 
71AB4213: BD - 55 
71AB4214: 87 - 8B 
71AB4215: 8F - EC 
--> JMP DWORD PTR DS:[01330000]
Disassembly old code:
71AB4211: 8BFF         MOV EDI, EDI
71AB4213: 55           PUSH EBP
71AB4214: 8BEC         MOV EBP, ESP

Disassembly new code:
71AB4211: E9 EABD878F  JMP 01330000
Disassembly of hooker:
01330000: 68 25B8E9C4  PUSH C4E9B825
01330005: E8 B4DF5D7B  CALL 7C90DFBE
0133000A: 58           POP EAX
0133000B: C2 0C00      RET 000C
0133000E: C3           RET ; Pop IP
0133000F: 27           DAA
01330010: 0000         ADD BYTE PTR DS:[EAX],AL
01330012: 0000         ADD BYTE PTR DS:[EAX],AL
01330014: 0000         ADD BYTE PTR DS:[EAX],AL
01330016: 0000         ADD BYTE PTR DS:[EAX],AL
01330018: 0000         ADD BYTE PTR DS:[EAX],AL
0133001A: 0000         ADD BYTE PTR DS:[EAX],AL
0133001C: 0000         ADD BYTE PTR DS:[EAX],AL
0133001E: 0000         ADD BYTE PTR DS:[EAX],AL
Patched by C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ntdll.dll!NtYieldExecution+0x0:
Base address:   7C900000
Size:      000B2000
Flags:      80084004
Load count:   65535
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5755
Company:   Microsoft Corporation
File Version:   5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
Description:   NT Layer DLL
Location:   C:\WINDOWS\system32\ntdll.dll
Signed:      > NO! <
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
WS2HELP.dll         (71AA0000 - 71AA8000)
LINKINFO.dll        (76980000 - 76988000)
ntshrui.dll         (76990000 - 769B5000)
ATL.DLL             (76B20000 - 76B31000)
SETUPAPI.dll        (77920000 - 77A13000)
ieframe.dll         (3E1C0000 - 3E78D000)
PSAPI.DLL           (76BF0000 - 76BFB000)
WINSTA.dll          (76360000 - 76370000)
webcheck.dll        (42E40000 - 42E7C000)
MpShHook.dll        (5F800000 - 5F815000)
MSVCR80.dll         (78130000 - 781CB000)
MSVCP80.dll         (7C420000 - 7C4A7000)
NETSHELL.dll        (76400000 - 765A5000)
credui.dll          (76C00000 - 76C2E000)
dot3api.dll         (478C0000 - 478CA000)
rtutils.dll         (76E80000 - 76E8E000)
dot3dlg.dll         (736D0000 - 736D6000)
OneX.DLL            (5DCA0000 - 5DCC8000)
WTSAPI32.dll        (76F50000 - 76F58000)
eappcfg.dll         (745B0000 - 745D2000)
eappprxy.dll        (5DCD0000 - 5DCDE000)
iphlpapi.dll        (76D60000 - 76D79000)
msi.dll             (7D1E0000 - 7D49C000)
stobject.dll        (76280000 - 762A1000)
BatMeter.dll        (74AF0000 - 74AFA000)
POWRPROF.dll        (74AD0000 - 74AD8000)
WPDShServiceObj.dll (164A0000 - 164C3000)
WINHTTP.dll         (4D4F0000 - 4D549000)
rsaenh.dll          (68000000 - 68036000)
urlmon.dll          (01E80000 - 01FA8000)
mydocs.dll          (72410000 - 7242A000)
PortableDeviceTypes.dll(109C0000 - 109EC000)
PortableDeviceApi.dll(10930000 - 10979000)
MLANG.dll           (75CF0000 - 75D81000)
fxsst.dll           (68DF0000 - 68E7D000)
FXSAPI.dll          (5A980000 - 5A9F2000)
NTMARTA.DLL         (77690000 - 776B1000)
MPR.dll             (71B20000 - 71B32000)
AdobeDriveCS4_NP.dll(10000000 - 10013000)
drprov.dll          (75F60000 - 75F67000)
ntlanman.dll        (71C10000 - 71C1E000)
NETUI0.dll          (71CD0000 - 71CE7000)
NETUI1.dll          (71C90000 - 71CD0000)
NETRAP.dll          (71C80000 - 71C87000)
davclnt.dll         (75F70000 - 75F7A000)
xpsp2res.dll        (029D0000 - 02C95000)
PDFShell.dll        (01580000 - 015DB000)

PID 916   - C:\WINDOWS\CTHELPER.EXE
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
MFC42.DLL           (73DD0000 - 73ECE000)
msvcrt.dll          (77C10000 - 77C68000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
ole32.dll           (774E0000 - 7761D000)
SETUPAPI.dll        (77920000 - 77A13000)
IMM32.DLL           (76390000 - 763AD000)
COMCTL32.DLL        (5D090000 - 5D12A000)
msctfime.ime        (755C0000 - 755EE000)
WINTRUST.dll        (76C30000 - 76C5E000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
OLEAUT32.dll        (77120000 - 771AB000)
VERSION.dll         (77C00000 - 77C08000)

PID 944   - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:39:35 PM

-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
IntelMPM.dll        (10000000 - 10020000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
WINSPOOL.DRV        (73000000 - 73026000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
msvcrt.dll          (77C10000 - 77C68000)
COMCTL32.dll        (5D090000 - 5D12A000)
comdlg32.dll        (763B0000 - 763F9000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
oledlg.dll          (7DF70000 - 7DF92000)
ole32.dll           (774E0000 - 7761D000)
OLEPRO32.DLL        (5EDD0000 - 5EDE7000)
OLEAUT32.dll        (77120000 - 771AB000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
msctfime.ime        (755C0000 - 755EE000)

PID 956   - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
MFC42.DLL           (73DD0000 - 73ECE000)
msvcrt.dll          (77C10000 - 77C68000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
ole32.dll           (774E0000 - 7761D000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
msctfime.ime        (755C0000 - 755EE000)

PID 964   - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
MFC42.DLL           (73DD0000 - 73ECE000)
msvcrt.dll          (77C10000 - 77C68000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
ole32.dll           (774E0000 - 7761D000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
OLEAUT32.dll        (77120000 - 771AB000)
VERSION.dll         (77C00000 - 77C08000)
CTAudNav.dll        (10000000 - 1002E000)
msctfime.ime        (755C0000 - 755EE000)

PID 976   - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
WINMM.dll           (76B40000 - 76B6D000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
CTAudSel.dll        (10000000 - 10011000)
SHLWAPI.dll         (77F60000 - 77FD6000)
msvcrt.dll          (77C10000 - 77C68000)
ole32.dll           (774E0000 - 7761D000)
MFC42.DLL           (73DD0000 - 73ECE000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
OLEAUT32.dll        (77120000 - 771AB000)
VERSION.dll         (77C00000 - 77C08000)
MSVCP60.dll         (76080000 - 760E5000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
VolPanel.crl        (61000000 - 61010000)
msctfime.ime        (755C0000 - 755EE000)
CTTheme.dll         (00930000 - 00957000)
CtrlSrc.dll         (00960000 - 0096B000)
CTIniF.dll          (00970000 - 0097E000)
GDICtrl.skc         (00990000 - 009E1000)
comdlg32.dll        (763B0000 - 763F9000)
GDICtrl2.skc        (009F0000 - 00A19000)
gdiplus.dll         (4EC50000 - 4EDFB000)
GDICtrl3.skc        (00A20000 - 00A38000)
RtxCtrl.skc         (00A40000 - 00A5C000)
UxTheme.dll         (5AD70000 - 5ADA8000)

PID 992   - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
SHLWAPI.dll         (77F60000 - 77FD6000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
msvcrt.dll          (77C10000 - 77C68000)
VERSION.dll         (77C00000 - 77C08000)
MFC42.DLL           (73DD0000 - 73ECE000)
comdlg32.dll        (763B0000 - 763F9000)
COMCTL32.dll        (5D090000 - 5D12A000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
ole32.dll           (774E0000 - 7761D000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
msctfime.ime        (755C0000 - 755EE000)
AudDrvEm.dll        (10000000 - 10010000)
WINMM.dll           (76B40000 - 76B6D000)
SETUPAPI.dll        (77920000 - 77A13000)
CTAudSel.dll        (00920000 - 00931000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
OLEAUT32.dll        (77120000 - 771AB000)
CTDCRES.DLL         (01010000 - 01015000)
PanelSvc.dll        (00960000 - 00973000)

PID 1020  - C:\WINDOWS\system32\dla\tfswctrl.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
tfswapi.dll         (10000000 - 1000F000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
tfswcres.dll        (00330000 - 0036B000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
msvcrt.dll          (77C10000 - 77C68000)
SHLWAPI.dll         (77F60000 - 77FD6000)
ole32.dll           (774E0000 - 7761D000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
msctfime.ime        (755C0000 - 755EE000)
Wtsapi32.dll        (76F50000 - 76F58000)
WINSTA.dll          (76360000 - 76370000)
NETAPI32.dll        (5B860000 - 5B8B5000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
OLEAUT32.dll        (77120000 - 771AB000)
VERSION.dll         (77C00000 - 77C08000)
VxBlock.dll         (00960000 - 00969000)
SETUPAPI.dll        (77920000 - 77A13000)

PID 1040  - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
IMM32.DLL           (76390000 - 763AD000)

PID 1048  - C:\Program Files\Dell\Media Experience\DMXLauncher.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
msvcrt.dll          (77C10000 - 77C68000)
SHLWAPI.dll         (77F60000 - 77FD6000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
msctfime.ime        (755C0000 - 755EE000)
ole32.dll           (774E0000 - 7761D000)

PID 1500  - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
COMCTL32.dll        (5D090000 - 5D12A000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
CoreDll.dll         (60680000 - 606E8000)
SHLWAPI.dll         (77F60000 - 77FD6000)
msvcrt.dll          (77C10000 - 77C68000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
MSVCP71.dll         (7C3C0000 - 7C43B000)
MSVCR71.dll         (7C340000 - 7C396000)
comdlg32.dll        (763B0000 - 763F9000)
ole32.dll           (774E0000 - 7761D000)
TrackUtils.dll      (62080000 - 62091000)
Enforce.dll         (67000000 - 6704B000)
Crypt.dll           (606F0000 - 607AE000)
MMReg.dll           (61670000 - 61687000)
MMHttp.dll          (61470000 - 61484000)
WININET.dll         (3D930000 - 3DA01000)
Normaliz.dll        (00330000 - 00339000)
iertutil.dll        (3DFD0000 - 3E015000)
ThreadUtils.dll     (61EC0000 - 61ECA000)
SkinnedCtrls.dll    (61BC0000 - 61C4B000)
MFC71U.DLL          (00420000 - 00522000)
OLEAUT32.dll        (77120000 - 771AB000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
msctfime.ime        (755C0000 - 755EE000)
FileAssoc.dll       (609F0000 - 60A02000)
USERENV.dll         (769C0000 - 76A74000)
netapi32.dll        (5B860000 - 5B8B5000)

PID 904   - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
MPR.dll             (71B20000 - 71B32000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
MFC71.DLL           (7C140000 - 7C243000)
MSVCR71.dll         (7C340000 - 7C396000)
SHLWAPI.dll         (77F60000 - 77FD6000)
msvcrt.dll          (77C10000 - 77C68000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
COMCTL32.dll        (773D0000 - 774D3000)
ole32.dll           (774E0000 - 7761D000)
OLEAUT32.dll        (77120000 - 771AB000)
IMM32.DLL           (76390000 - 763AD000)
MediaDetectRC.dll   (10000000 - 10013000)
msctfime.ime        (755C0000 - 755EE000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
VERSION.dll         (77C00000 - 77C08000)

PID 1836  - C:\Program Files\Common Files\AOL\1144616972\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
IMM32.DLL           (76390000 - 763AD000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
msctfime.ime        (755C0000 - 755EE000)
msvcrt.dll          (77C10000 - 77C68000)
ole32.dll           (774E0000 - 7761D000)

PID 2044  - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
GoogleServices.DLL  (05000000 - 05200000)
GoogleDesktopCommon.dll(42000000 - 42047000)
SHLWAPI.dll         (77F60000 - 77FD6000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
msvcrt.dll          (77C10000 - 77C68000)
ole32.dll           (774E0000 - 7761D000)
OLEAUT32.dll        (77120000 - 771AB000)
WININET.dll         (3D930000 - 3DA01000)
Normaliz.dll        (00340000 - 00349000)
iertutil.dll        (3DFD0000 - 3E015000)
COMCTL32.dll        (773D0000 - 774D3000)
IMM32.dll           (76390000 - 763AD000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
USERENV.dll         (769C0000 - 76A74000)
PSAPI.DLL           (76BF0000 - 76BFB000)
GoogleDesktopResources_en.dll(62000000 - 62091000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
VERSION.dll         (77C00000 - 77C08000)
wtsapi32.dll        (76F50000 - 76F58000)
WINSTA.dll          (76360000 - 76370000)
NETAPI32.dll        (5B860000 - 5B8B5000)
msctfime.ime        (755C0000 - 755EE000)
mswsock.dll         (71A50000 - 71A8F000)
hnetcfg.dll         (662B0000 - 66308000)
wshtcpip.dll        (71A90000 - 71A98000)
shell32.dll         (7C9C0000 - 7D1D7000)
msxml3.dll          (74980000 - 74AA3000)
rsaenh.dll          (68000000 - 68036000)
UxTheme.dll         (5AD70000 - 5ADA8000)
GoogleDesktopHyper.dll(4D000000 - 4D024000)
USP10.dll           (74D90000 - 74DFB000)
asycfilt.dll        (708F0000 - 70903000)

PID 404   - C:\Program Files\Bellsouth\HelpCenter\bin\sprtcmd.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
VERSION.dll         (77C00000 - 77C08000)
IMM32.DLL           (76390000 - 763AD000)
msctfime.ime        (755C0000 - 755EE000)
msvcrt.dll          (77C10000 - 77C68000)
ole32.dll           (774E0000 - 7761D000)

PID 420   - C:\Program Files\Dell Support Center\bin\sprtcmd.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
SHLWAPI.dll         (77F60000 - 77FD6000)
msvcrt.dll          (77C10000 - 77C68000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
VERSION.dll         (77C00000 - 77C08000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
msctfime.ime        (755C0000 - 755EE000)
ole32.dll           (774E0000 - 7761D000)
sprtmessage.dll     (10000000 - 10014000)
mscoree.dll         (79000000 - 79046000)
Cannot read memory @00007CB0: 8000000D
  SupportSoft.A_CorDllMain              --[HOOKED]--  @00007CB0
Cannot read memory @00003D50: 8000000D
  SupportSoft.A_CorDllMain              --[HOOKED]--  @00003D50
mscorwks.dll        (79E70000 - 7A400000)
MSVCR80.dll         (78130000 - 781CB000)
mscorlib.ni.dll     (790C0000 - 79BB7000)
mscorjit.dll        (79060000 - 790BB000)
sprtsched.dll       (62D20000 - 62DFD000)
sprtevent.dll       (62BE0000 - 62C3E000)
OLEAUT32.dll        (77120000 - 771AB000)
sprtfod.dll         (627C0000 - 62823000)
WSOCK32.dll         (71AD0000 - 71AD9000)
WS2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
LIBEAY32.dll        (61F30000 - 62038000)
NETAPI32.dll        (5B860000 - 5B8B5000)
WININET.DLL         (3D930000 - 3DA01000)
Normaliz.dll        (02EA0000 - 02EA9000)
iertutil.dll        (3DFD0000 - 3E015000)
URLMON.DLL          (030C0000 - 031E8000)
sprtsync.dll        (65700000 - 657DF000)
WINSPOOL.DRV        (73000000 - 73026000)
sprtui.dll          (654B0000 - 65510000)
mswsock.dll         (71A50000 - 71A8F000)
DNSAPI.dll          (76F20000 - 76F47000)
iphlpapi.dll        (76D60000 - 76D79000)
winrnr.dll          (76FB0000 - 76FB8000)
WLDAP32.dll         (76F60000 - 76F8C000)
mdnsNSP.dll         (64000000 - 64025000)
rasadhlp.dll        (76FC0000 - 76FC6000)
NTMARTA.DLL         (77690000 - 776B1000)
SAMLIB.dll          (71BF0000 - 71C03000)
SupportSoft.Agent.Sprocket.SupportMessa ge.dll(11000000 - 1100C000)
SupportSoft.Agent.Sprocket.dll(03EC0000 - 03EC8000)
System.ni.dll       (7A440000 - 7ABC5000)
System.Xml.ni.dll   (637A0000 - 63CD6000)

PID 352   - C:\Program Files\Java\jre6\bin\jusched.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
WININET.dll         (3D930000 - 3DA01000)
msvcrt.dll          (77C10000 - 77C68000)
SHLWAPI.dll         (77F60000 - 77FD6000)
Normaliz.dll        (00340000 - 00349000)
iertutil.dll        (3DFD0000 - 3E015000)
ole32.dll           (774E0000 - 7761D000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
OLEAUT32.dll        (77120000 - 771AB000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
comctl32.dll        (5D090000 - 5D12A000)
Apphelp.dll         (77B40000 - 77B62000)
ws2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
RASAPI32.dll        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
NETAPI32.dll        (5B860000 - 5B8B5000)
TAPI32.dll          (76EB0000 - 76EDF000)
rtutils.dll         (76E80000 - 76E8E000)
WINMM.dll           (76B40000 - 76B6D000)
USERENV.dll         (769C0000 - 76A74000)
mswsock.dll         (71A50000 - 71A8F000)
urlmon.dll          (78130000 - 78258000)
DNSAPI.dll          (76F20000 - 76F47000)
iphlpapi.dll        (76D60000 - 76D79000)
mdnsNSP.dll         (64000000 - 64025000)
rasadhlp.dll        (76FC0000 - 76FC6000)

PID 456   - C:\Program Files\McAfee.com\Agent\mcagent.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
WINTRUST.dll        (76C30000 - 76C5E000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
msvcrt.dll          (77C10000 - 77C68000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
COMDLG32.dll        (763B0000 - 763F9000)
COMCTL32.dll        (5D090000 - 5D12A000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
SHLWAPI.dll         (77F60000 - 77FD6000)
ole32.dll           (774E0000 - 7761D000)
OLEAUT32.dll        (77120000 - 771AB000)
WININET.dll         (3D930000 - 3DA01000)
Normaliz.dll        (00340000 - 00349000)
iertutil.dll        (3DFD0000 - 3E015000)
VERSION.dll         (77C00000 - 77C08000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
McUtil.dll          (62600000 - 62643000)
SETUPAPI.dll        (77920000 - 77A13000)
msctfime.ime        (755C0000 - 755EE000)
psapi.dll           (76BF0000 - 76BFB000)
rsaenh.dll          (68000000 - 68036000)
xpsp2res.dll        (00EB0000 - 01175000)
userenv.dll         (769C0000 - 76A74000)
netapi32.dll        (5B860000 - 5B8B5000)
cryptnet.dll        (75E60000 - 75E73000)
SensApi.dll         (722B0000 - 722B5000)
WINHTTP.dll         (4D4F0000 - 4D549000)
WLDAP32.dll         (76F60000 - 76F8C000)
Cabinet.dll         (75150000 - 75163000)
ws2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
mswsock.dll         (71A50000 - 71A8F000)
hnetcfg.dll         (662B0000 - 66308000)
wshtcpip.dll        (71A90000 - 71A98000)
RASAPI32.DLL        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
TAPI32.dll          (76EB0000 - 76EDF000)
rtutils.dll         (76E80000 - 76E8E000)
WINMM.dll           (76B40000 - 76B6D000)
DNSAPI.dll          (76F20000 - 76F47000)
iphlpapi.dll        (76D60000 - 76D79000)
mdnsNSP.dll         (64000000 - 64025000)
rasadhlp.dll        (76FC0000 - 76FC6000)
McRtMui.dll         (10000000 - 10077000)
WTSAPI32.dll        (76F50000 - 76F58000)
WINSTA.dll          (76360000 - 76370000)
LangSel.dll         (014B0000 - 014DE000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
msxml4.dll          (69B10000 - 69C5D000)
McOemRes.dll        (016A0000 - 016A2000)
OemUI.dll           (01CC0000 - 01CC2000)
mcprlres.dll        (66500000 - 667FA000)
mcmscshm.dll        (01EF0000 - 01F89000)
McBrwsr2.dll        (62400000 - 62463000)
urlmon.dll          (78130000 - 78258000)
wbemprox.dll        (74EF0000 - 74EF8000)
wbemcomn.dll        (75290000 - 752C7000)
mpfshm.dll          (020F0000 - 0214D000)
MSIMG32.dll         (76380000 - 76385000)
mskcshim.dll        (025A0000 - 025FE000)
mcoasshm.dll        (02610000 - 02663000)
SXS.DLL             (7E720000 - 7E7D0000)
McLWAPI.DLL         (026B0000 - 026D8000)

PID 1296  - C:\Program Files\DellSupport\DSAgnt.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
GDI32.dll           (77F10000 - 77F59000)
USER32.dll          (7E410000 - 7E4A1000)
msvcrt.dll          (77C10000 - 77C68000)
SHLWAPI.dll         (77F60000 - 77FD6000)
WININET.dll         (3D930000 - 3DA01000)
Normaliz.dll        (00340000 - 00349000)
iertutil.dll        (3DFD0000 - 3E015000)
ole32.dll           (774E0000 - 7761D000)
OLEAUT32.dll        (77120000 - 771AB000)
VERSION.dll         (77C00000 - 77C08000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
NTMARTA.DLL         (77690000 - 776B1000)
SAMLIB.dll          (71BF0000 - 71C03000)
WLDAP32.dll         (76F60000 - 76F8C000)
msctfime.ime        (755C0000 - 755EE000)
ws2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
GTAgnt.dll          (10000000 - 10023000)
CfgData.DLL         (00C20000 - 00C59000)
ActMgr.dll          (00C60000 - 00C8B000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
msxml3.dll          (74980000 - 74AA3000)
urlmon.dll          (78130000 - 78258000)
MSOXMLMF.DLL        (01E90000 - 01E9D000)
brkrsvch.dll        (01EB0000 - 01ED3000)
grouph.dll          (01F00000 - 01F29000)
pnph.dll            (01F50000 - 01F7D000)
qdiagh.dll          (01FA0000 - 01FC3000)
trgloadh.dll        (01FF0000 - 02033000)
trgregh.dll         (02060000 - 02092000)
TrgMgr.DLL          (020B0000 - 020DF000)
OLEACC.dll          (74C80000 - 74CAC000)
MSVCP60.dll         (76080000 - 760E5000)
WINSPOOL.DRV        (73000000 - 73026000)
rasapi32.dll        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
NETAPI32.dll        (5B860000 - 5B8B5000)
TAPI32.dll          (76EB0000 - 76EDF000)
rtutils.dll         (76E80000 - 76E8E000)
WINMM.dll           (76B40000 - 76B6D000)
FILET.DLL           (02A40000 - 02A66000)
TIMERT.DLL          (02B80000 - 02BA7000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
mlang.dll           (75CF0000 - 75D81000)
gdql_d.dll          (02E10000 - 0301F000)
comdlg32.dll        (763B0000 - 763F9000)
MPR.dll             (71B20000 - 71B32000)
MSACM32.dll         (77BE0000 - 77BF5000)
MSVFW32.dll         (75A70000 - 75A91000)
AVICAP32.dll        (73B80000 - 73B92000)
SXS.DLL             (7E720000 - 7E7D0000)
Iphlpapi.dll        (76D60000 - 76D79000)
DSPROCT.DLL         (03240000 - 03266000)
PSAPI.DLL           (76BF0000 - 76BFB000)
DSWNHNT.DLL         (03380000 - 033B6000)
mswsock.dll         (71A50000 - 71A8F000)
DNSAPI.dll          (76F20000 - 76F47000)
mdnsNSP.dll         (64000000 - 64025000)
rasadhlp.dll        (76FC0000 - 76FC6000)

PID 2020  - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 08, 2010, 09:41:22 PM

-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
SHLWAPI.dll         (77F60000 - 77FD6000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
msvcrt.dll          (77C10000 - 77C68000)
IMM32.DLL           (76390000 - 763AD000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
comctl32.dll        (773D0000 - 774D3000)
NTMARTA.DLL         (77690000 - 776B1000)
ole32.dll           (774E0000 - 7761D000)
SAMLIB.dll          (71BF0000 - 71C03000)
WLDAP32.dll         (76F60000 - 76F8C000)
netapi32.dll        (5B860000 - 5B8B5000)
SETUPAPI.dll        (77920000 - 77A13000)
appHelp.dll         (77B40000 - 77B62000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
OLEAUT32.dll        (77120000 - 771AB000)
VERSION.dll         (77C00000 - 77C08000)
rsaenh.dll          (68000000 - 68036000)
urlmon.dll          (00B20000 - 00C48000)
iertutil.dll        (3DFD0000 - 3E015000)

PID 616   - C:\Program Files\Citrix\ICA Client\pnagent.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
msvcrt.dll          (77C10000 - 77C68000)
SHLWAPI.dll         (77F60000 - 77FD6000)
COMCTL32.dll        (5D090000 - 5D12A000)
ICALOGON.dll        (66240000 - 6624B000)
VERSION.dll         (77C00000 - 77C08000)
ole32.dll           (774E0000 - 7761D000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
wininet.dll         (3D930000 - 3DA01000)
Normaliz.dll        (008B0000 - 008B9000)
iertutil.dll        (3DFD0000 - 3E015000)
pnagenUI.DLL        (008D0000 - 008F1000)
msctfime.ime        (755C0000 - 755EE000)
ws2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
RASAPI32.dll        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
NETAPI32.dll        (5B860000 - 5B8B5000)
TAPI32.dll          (76EB0000 - 76EDF000)
rtutils.dll         (76E80000 - 76E8E000)
WINMM.dll           (76B40000 - 76B6D000)
USERENV.dll         (769C0000 - 76A74000)
mswsock.dll         (71A50000 - 71A8F000)
urlmon.dll          (78130000 - 78258000)
OLEAUT32.dll        (77120000 - 771AB000)
DNSAPI.dll          (76F20000 - 76F47000)
iphlpapi.dll        (76D60000 - 76D79000)
mdnsNSP.dll         (64000000 - 64025000)
rasadhlp.dll        (76FC0000 - 76FC6000)

PID 2480  - C:\Documents and Settings\Timothy Donovan\Desktop\radixgui.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
comdlg32.dll        (763B0000 - 763F9000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
COMCTL32.dll        (5D090000 - 5D12A000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
msvcrt.dll          (77C10000 - 77C68000)
SHLWAPI.dll         (77F60000 - 77FD6000)
ole32.dll           (774E0000 - 7761D000)
VERSION.dll         (77C00000 - 77C08000)
IMM32.DLL           (76390000 - 763AD000)
comctl32.dll        (773D0000 - 774D3000)
wintrust.dll        (76C30000 - 76C5E000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
sfc.dll             (76BB0000 - 76BB5000)
sfc_os.dll          (76C60000 - 76C8A000)
NTMARTA.DLL         (77690000 - 776B1000)
SAMLIB.dll          (71BF0000 - 71C03000)
WLDAP32.dll         (76F60000 - 76F8C000)
msctfime.ime        (755C0000 - 755EE000)
DisasmEngineDLL.dll (10000000 - 10021000)
xpsp2res.dll        (01F10000 - 021D5000)
rsaenh.dll          (68000000 - 68036000)
userenv.dll         (769C0000 - 76A74000)
netapi32.dll        (5B860000 - 5B8B5000)
cryptnet.dll        (75E60000 - 75E73000)
PSAPI.DLL           (76BF0000 - 76BFB000)
SensApi.dll         (722B0000 - 722B5000)
WINHTTP.dll         (4D4F0000 - 4D549000)
Cabinet.dll         (75150000 - 75163000)
ws2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
mswsock.dll         (71A50000 - 71A8F000)
hnetcfg.dll         (662B0000 - 66308000)
wshtcpip.dll        (71A90000 - 71A98000)
RASAPI32.DLL        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
TAPI32.dll          (76EB0000 - 76EDF000)
rtutils.dll         (76E80000 - 76E8E000)
WINMM.dll           (76B40000 - 76B6D000)
DNSAPI.dll          (76F20000 - 76F47000)
iphlpapi.dll        (76D60000 - 76D79000)
mdnsNSP.dll         (64000000 - 64025000)
rasadhlp.dll        (76FC0000 - 76FC6000)

PID 3336  - C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe
-------------------------------------------------------------------------------
ntdll.dll           (7C900000 - 7C9B2000)
kernel32.dll        (7C800000 - 7C8F6000)
VERSION.dll         (77C00000 - 77C08000)
USER32.dll          (7E410000 - 7E4A1000)
GDI32.dll           (77F10000 - 77F59000)
ole32.dll           (774E0000 - 7761D000)
ADVAPI32.dll        (77DD0000 - 77E6B000)
RPCRT4.dll          (77E70000 - 77F02000)
Secur32.dll         (77FE0000 - 77FF1000)
msvcrt.dll          (77C10000 - 77C68000)
OLEAUT32.dll        (77120000 - 771AB000)
SHLWAPI.dll         (77F60000 - 77FD6000)
WINTRUST.dll        (76C30000 - 76C5E000)
CRYPT32.dll         (77A80000 - 77B15000)
MSASN1.dll          (77B20000 - 77B32000)
IMAGEHLP.dll        (76C90000 - 76CB8000)
IMM32.DLL           (76390000 - 763AD000)
SHELL32.dll         (7C9C0000 - 7D1D7000)
comctl32.dll        (773D0000 - 774D3000)
psapi.dll           (76BF0000 - 76BFB000)
rsaenh.dll          (68000000 - 68036000)
xpsp2res.dll        (00BC0000 - 00E85000)
userenv.dll         (769C0000 - 76A74000)
netapi32.dll        (5B860000 - 5B8B5000)
cryptnet.dll        (75E60000 - 75E73000)
SensApi.dll         (722B0000 - 722B5000)
WINHTTP.dll         (4D4F0000 - 4D549000)
WLDAP32.dll         (76F60000 - 76F8C000)
Cabinet.dll         (75150000 - 75163000)
ws2_32.dll          (71AB0000 - 71AC7000)
WS2HELP.dll         (71AA0000 - 71AA8000)
mswsock.dll         (71A50000 - 71A8F000)
hnetcfg.dll         (662B0000 - 66308000)
wshtcpip.dll        (71A90000 - 71A98000)
RASAPI32.DLL        (76EE0000 - 76F1C000)
rasman.dll          (76E90000 - 76EA2000)
TAPI32.dll          (76EB0000 - 76EDF000)
rtutils.dll         (76E80000 - 76E8E000)
WINMM.dll           (76B40000 - 76B6D000)
DNSAPI.dll          (76F20000 - 76F47000)
iphlpapi.dll        (76D60000 - 76D79000)
mdnsNSP.dll         (64000000 - 64025000)
rasadhlp.dll        (76FC0000 - 76FC6000)
SecurityScanner.dll (10000000 - 10069000)
WININET.dll         (3D930000 - 3DA01000)
Normaliz.dll        (01160000 - 01169000)
iertutil.dll        (3DFD0000 - 3E015000)
msctfime.ime        (755C0000 - 755EE000)
UxTheme.dll         (5AD70000 - 5ADA8000)
McBrwsr2.dll        (62400000 - 62468000)
urlmon.dll          (78130000 - 78258000)
McUtil.dll          (62600000 - 62643000)
SETUPAPI.dll        (77920000 - 77A13000)
MispLF.dll          (62500000 - 62538000)
MSIMG32.dll         (76380000 - 76385000)
CLBCATQ.DLL         (76FD0000 - 7704F000)
COMRes.dll          (77050000 - 77115000)
ieframe.dll         (3E1C0000 - 3E78D000)
NTMARTA.DLL         (77690000 - 776B1000)
SAMLIB.dll          (71BF0000 - 71C03000)
---- Check ended at 8.8.2010 21:22:52 ----
 
They're getting longer...scary...

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 09, 2010, 11:23:27 PM

Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
• Copy and paste that information in your next post.

Note: If the scan freezes for more than 30 minutes, stop the scan, and report back to me.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 10, 2010, 11:44:49 AM

I can't run the scanner on the infected machine, I'm still having all of the original problems, including the lack of internet connection.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 10, 2010, 12:21:26 PM

Would you be up to do a data-safe system repair, or do you not have a disc to do that?

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 10, 2010, 12:30:13 PM

I don't think we have the disk for it, but I could be wrong. Although I'm not sure I know what that is.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 10, 2010, 11:50:09 PM

Download Preformat.zip by Noviciate from here (http://images.malwareremoval.com/Noviciate/Preformat.zip) and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...

In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

You should now see a folder with a .vbs file in it. Double click Preformat.vbs to run it and a text file called Preformat.txt should be created in the same folder - either that or you'll get an error message.

Please copy and paste the contents of the text file into your next reply and
then you can delete both of the folders and their contents.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 11, 2010, 11:11:47 AM

I can't get the program to run, I got it onto the machine with no problems but double clicking or clicking and hitting enter don't start the program, nor does right click > open.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 11, 2010, 01:43:09 PM

I'm very suspicious of something.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe)
Link 2 (http://ad13.geekstogo.com/MBRCheck.exe)
Link 3 (http://www.kernelmode.info/MBRCheck.exe)[/list]

• Double-click on MBRCheck.exe to run it.
  
• It will open a black window...please do not fix anything (if it gives you an option).
  
• When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  
• A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
• Please copy and paste the contents of that log in your next reply.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 11, 2010, 02:54:01 PM

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows XP Professional
Windows Information:      Service Pack 3 (build 2600)
Logical Drives Mask:      0x000001fd

Kernel Drivers (total 155):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E4000 \WINDOWS\system32\hal.dll
  0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
  0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
  0xB9F79000 ACPI.sys
  0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB9F68000 pci.sys
  0xBA0A8000 isapnp.sys
  0xBA670000 pciide.sys
  0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xBA0B8000 MountMgr.sys
  0xB9F49000 ftdisk.sys
  0xBA5AC000 dmload.sys
  0xB9F23000 dmio.sys
  0xB9F10000 nvraid.sys
  0xBA0C8000 \WINDOWS\system32\drivers\CLASSPNP.SYS
  0xBA330000 PartMgr.sys
  0xBA0D8000 VolSnap.sys
  0xB9EF8000 atapi.sys
  0xB9EE1000 nvatabus.sys
  0xBA0E8000 disk.sys
  0xB9EC1000 fltmgr.sys
  0xB9EAF000 sr.sys
  0xB9E53000 mfehidk.sys
  0xB9E3E000 drvmcdb.sys
  0xBA0F8000 PxHelp20.sys
  0xB9E27000 KSecDD.sys
  0xB9E14000 WudfPf.sys
  0xB9D87000 Ntfs.sys
  0xB9D5A000 NDIS.sys
  0xBA108000 ohci1394.sys
  0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xB9D40000 Mup.sys
  0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xBA1E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB8E66000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB8E52000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xBA420000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xBA1F8000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB918B000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xBA428000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xB8E2E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xBA430000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xBA208000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xBA60A000 \SystemRoot\system32\drivers\sscdbhk5.sys
  0xBA218000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xBA228000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB8E0B000 \SystemRoot\system32\DRIVERS\ks.sys
  0xBA438000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0xB8D9F000 \SystemRoot\system32\drivers\ctaud2k.sys
  0xB8D7B000 \SystemRoot\system32\drivers\portcls.sys
  0xBA238000 \SystemRoot\system32\drivers\drmk.sys
  0xB8D49000 \SystemRoot\system32\drivers\ctoss2k.sys
  0xB8D25000 \SystemRoot\system32\drivers\mfeavfk.sys
  0xB8CDA000 \SystemRoot\system32\drivers\mfefirek.sys
  0xBA440000 \SystemRoot\system32\drivers\ctprxy2k.sys
  0xBA248000 \SystemRoot\system32\DRIVERS\IntelC53.sys
  0xB8BB3000 \SystemRoot\system32\DRIVERS\IntelC51.sys
  0xB8B1E000 \SystemRoot\system32\DRIVERS\IntelC52.sys
  0xBA450000 \SystemRoot\system32\DRIVERS\mohfilt.sys
  0xBA458000 \SystemRoot\System32\Drivers\Modem.SYS
  0xBA590000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
  0xB8AD8000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
  0xB8AA4000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
  0xBA78D000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB8A90000 \SystemRoot\system32\DRIVERS\mfendisk.sys
  0xBA258000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB8A79000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xBA268000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xBA278000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xBA460000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB8A68000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB98A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xBA468000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xBA480000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xBA470000 \SystemRoot\system32\DRIVERS\wanatw4.sys
  0xB8A38000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xB9898000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xBA488000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xBA610000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB89B2000 \SystemRoot\system32\DRIVERS\update.sys
  0xB9D07000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB9888000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
  0xB9878000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xBA298000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xBA616000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB9C3C000 \SystemRoot\system32\drivers\MODEMCSA.sys
  0xB5FE6000 \SystemRoot\system32\drivers\ha20x2k.sys
  0xB5FB9000 \SystemRoot\system32\drivers\emupia2k.sys
  0xB5908000 \SystemRoot\system32\drivers\ctsfm2k.sys
  0xB586C000 \SystemRoot\system32\drivers\ctac32k.sys
  0xB57C0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xB8A1C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
  0xBA6B7000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
  0xBA71B000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
  0xBA666000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA723000 \SystemRoot\System32\Drivers\Null.SYS
  0xBA668000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB57A0000 \SystemRoot\system32\drivers\ssrtln.sys
  0xB510E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xB5106000 \SystemRoot\System32\drivers\vga.sys
  0xBA66C000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xBA66E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB50FE000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB50F6000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB8A10000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB2D58000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB2CFF000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xB2CEC000 \SystemRoot\system32\drivers\mfetdi2k.sys
  0xB2CC6000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xB2C62000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB5F69000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB2C36000 \SystemRoot\System32\drivers\afd.sys
  0xB5F59000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xB5F49000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xB2C0B000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xB2B9B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xB5F39000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB6516000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB52F3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xB50D6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xB9C30000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xB3609000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xB12B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xAAFFC000 \SystemRoot\System32\Drivers\dump_nvraid.sys
  0xAB541000 \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xABC4A000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB3772000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xBA6A6000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xB9828000 \SystemRoot\system32\drivers\drvnddm.sys
  0xAB1A6000 \SystemRoot\system32\dla\tfsndres.sys
  0xAA045000 \SystemRoot\system32\dla\tfsnifs.sys
  0xAFB15000 \SystemRoot\system32\dla\tfsnopio.sys
  0xBA5DC000 \SystemRoot\system32\dla\tfsnpool.sys
  0xB2DCE000 \SystemRoot\system32\dla\tfsnboio.sys
  0xB9818000 \SystemRoot\system32\dla\tfsncofs.sys
  0xAB1A5000 \SystemRoot\system32\dla\tfsndrct.sys
  0xAA02C000 \SystemRoot\system32\dla\tfsnudf.sys
  0xAA013000 \SystemRoot\system32\dla\tfsnudfa.sys
  0xB9C4C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA9FE6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xA9FD5000 \SystemRoot\System32\Drivers\adfs.SYS
  0xBA60C000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
  0xA9794000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA9261000 \SystemRoot\system32\drivers\mfeapfk.sys
  0xAB4F1000 \SystemRoot\system32\drivers\mfebopk.sys
  0xA91A0000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xBA632000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
  0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
       0 System Idle Process
       4 System
    1000 C:\WINDOWS\system32\smss.exe
    1056 csrss.exe
    1080 C:\WINDOWS\system32\winlogon.exe
    1124 C:\WINDOWS\system32\services.exe
    1136 C:\WINDOWS\system32\lsass.exe
    1528 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    1540 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1560 C:\Program Files\Bonjour\mDNSResponder.exe
    1592 C:\WINDOWS\system32\CTSVCCDA.EXE
    1636 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    1688 C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    1764 C:\Program Files\Java\jre6\bin\jqs.exe
    1852 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    1884 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    1928 C:\WINDOWS\system32\nvsvc32.exe
    1948 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    1968 C:\WINDOWS\wanmpsvc.exe
    2016 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
     116 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
     408 C:\WINDOWS\explorer.exe
     904 C:\WINDOWS\CTHELPER.EXE
     920 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
     944 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
     952 C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
     960 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
     980 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
     656 C:\WINDOWS\system32\dla\tfswctrl.exe
    1020 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    1036 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    1476 C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
    1684 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    1820 C:\Program Files\Common Files\AOL\1144616972\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
    1876 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
     272 C:\Program Files\BellSouth\HelpCenter\bin\sprtcmd.exe
     300 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
     368 C:\Program Files\Java\jre6\bin\jusched.exe
     384 C:\Program Files\McAfee.com\Agent\mcagent.exe
     388 C:\Program Files\DellSupport\DSAgnt.exe
    1916 C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
     232 C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
    1268 C:\Program Files\Citrix\ICA Client\pnagent.exe
     896 C:\Program Files\Dell Support Center\gs_agent\dsc.exe
    2692 I:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00  (NTFS)

PhysicalDrive0 Model Number: NVIDIAMIRROR   149.01G, Rev:

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   RE: Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644 A


Done!

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 13, 2010, 01:10:02 AM

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.

• Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  
• Enter 'Y' and then press Enter.
  
• When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  
• Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  
• Enter 0 and press the Enter key.
  
• The program will show Available MBR codes followed by a list of operating systems as shown below:
  
  Quote

  Available MBR codes:
  [ 0] Default (Windows XP)
  [ 1] Windows XP
  [ 2] Windows Server 2003
  [ 3] Windows Vista
  [ 4] Windows 2008
  [ 5] Windows 7
  [-1] Cancel
  Please select the MBR code to write to this drive:
  

• Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  
• When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  
• Left-click on the title bar (where program name and path is written).
• From the menu chose Edit -> Select All.
  
• Press the Enter key to copy selected text.
  
• Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  
• When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  
• Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  
• If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) (http://www.dewassoc.com/kbase/hard_drives/master_boot_record.htm) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

• Invalid Partition Table
• Missing Operating System
• Error loading operating system

If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console (http://www.bleepingcomputer.com/tutorials/tutorial117.html#what) before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

• How to use the Recovery Console (http://support.microsoft.com/kb/307654)
• How to fix MBR in Windows XP and Vista (http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/)

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 16, 2010, 10:17:37 AM

The MBRcheck method doesn't allow the input, it just runs through really fast and says "Done! Press Enter to exit...".

I can't seem to find our windows disk anymore either.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 16, 2010, 02:40:48 PM

Allow us to try this...

Download Bootkit Remover (http://www.esagelab.com/files/bootkit_remover.rar) to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/ (http://www.7-zip.org/)
  
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
  
• Press Enter
  
• Open a Notepad and press CTRL V
• Post the output back here.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 18, 2010, 12:49:25 PM

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: SPTI_Read() fails for \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd

     Size  Device Name          MBR Status
 --------------------------------------------
   149 GB  \\.\PhysicalDrive0   OK (DOS/Win32 Boot code found)


Press any key to quit...

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 19, 2010, 12:27:06 PM

Good. There is nothing wrong with the MBR.

Please download Norman Malware Cleaner (http://www.norman.com/support/support_tools/58732/en) and save to your desktop.
alternate download link (http://www.majorgeeks.com/Norman_Malware_Cleaner__d5450.html)

• Double-click on Norman_Malware_Cleaner.exe to start the program.
  
• Read the End User License Agreement and click the Accept button to open the scanning window.
  
• Click Start Scan to begin.
  
• In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  
• After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.

Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 22, 2010, 05:16:20 PM

Alright, the scan finished and generated the log. Post it?

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 25, 2010, 03:18:58 AM

If the log is not too big, go ahead with posting it. (Sorry for delay :P)

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 26, 2010, 08:40:32 AM

It is quite large, probably not good for posting.

The problems still persist as well.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 26, 2010, 02:16:15 PM

Hi

Seems the malware is just too prevalent. Would you like to try the Kaspersky Rescue Disc environment, and we can try to disinfect without the operating system being loaded?

I have a feeling there is something hidden beyond the scope of our search.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on August 29, 2010, 03:32:13 PM

At this point I'm up for just about anything. So long as it doesn't affect certain files that are rather important and for some reason were never backed up.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on August 30, 2010, 10:30:53 PM

• Kaspersky RescueDisk (http://www.techmixer.com/kaspersky-rescue-disk-2010/)
  If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum (http://forum.kaspersky.com/index.php?showforum=4).
  

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO (http://www.bleepingcomputer.com/tutorials/tutorial114.html). If you need a FREE utility to burn the ISO image, download and use ImgBurn (http://www.imgburn.com/).

Let me know how it goes.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 04, 2010, 09:12:00 PM

Well this is strange. Ran the scan, it found and removed six infections. Problem is now I can't boot the computer. Says something about "(some letter, it's cut off the side of the screen)TLDR is missing" then gives the option to reboot, nothing more.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 05, 2010, 01:26:44 PM

OH..wow..I would have never imagine you having an infection in NTLDR.

No wonder why we could not find the infection. It was in the boot loader.

Problem is, the Rescue Disc probably deleted or modified the boot loader. So, we will have to fix that.

This is one of three possible problems:

-MBR is damaged (fixable).
-Corrupt NTLDR file (fixable).
-Misconfiguration of boot.ini file (fixable).



Now, I don't quite remember...did you have an XP CD or not? Either way, we can still work on the system.

Let me know that, so we can continue diagnosing and fixing the issue at hand.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 05, 2010, 04:11:37 PM

We've got it, I'll have to ask my dad where he put it but I can find it.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 05, 2010, 08:14:39 PM

Ok. Let me know if you can find it.

We're actually getting somewhere now. ;)

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 05, 2010, 08:32:29 PM

Finally some progress.

Alright I managed to find the CD. Ready for whatever's next.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 06, 2010, 09:17:10 PM

Let's attempt to fix the MBR first.

Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Try to boot back in to Windows and let me know if it works.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 07, 2010, 12:42:40 PM

Didn't work, NTLDR is still missing.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 08, 2010, 02:28:12 PM

Do the same method for the Recovery Console, except put in the following command this time:

fixboot


Let me know of the results.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 08, 2010, 03:16:44 PM

Still nothing changes I'm afraid.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 09, 2010, 01:49:07 PM

NTLDR is indeed corrupt.

So, let us try this...

• Insert the Windows CD and start the computer.
• When the Welcome to Setup screen appears, press R.
• Type a number corresponding to the Windows installation you wish to repair (usually 1) and press Enter.
• When prompted, type the administrator password and press Enter.
• From the command prompt, copy NTLDR and NTDETECT.COM from the i386 folder of the CD to the root folder of the hard drive. In the example commands given below, C: is the hard drive and D: is the CD-ROM drive. You will need to change the drive letters if appropriate:

COPY D:\I386\NTLDR C:\
COPY D:\I386\NTDETECT.COM C:\

• Remove the Windows XP CD from the drive and restart the computer.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 09, 2010, 04:21:06 PM

Great. More problems. Attempting to copy the files results in an error of "The file could not be copied."  I made sure I was using the right drive (for some reason h: is the cd drive in recovery console, it's normally d:) after getting a few "access is denied" messages, which got me the other message.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 11, 2010, 01:55:43 PM

In the Recovery Console...

Type cd \ and press "Enter".

Type cd windows\system32\config and press "Enter".

Type ren system system.bak and press "Enter".

Type exit and press "Enter".

Your PC will reboot, go back into the Recovery Console and start from the beginning.

Then, try the command above again to replace NTLDR.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 11, 2010, 02:13:50 PM

Still can't copy it, but now I'm asked to confirm overwriting NTLDR.
cd windows\system32\config gives the message "The path or file specified is not valid"
ren system system.bak prompts the error "The system cannot find the file or directory specified"

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 11, 2010, 02:15:10 PM

Confirm overwriting NTLDR...

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 11, 2010, 02:22:30 PM

I did.
"File could not be copied"

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 13, 2010, 10:48:28 PM

Are you sure that was the right CD drive?

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 14, 2010, 11:19:37 AM

Rather certain, I checked the directory on it with dir h:, and it looked right to me.
I went at it alphabetically, h: was the first with anything in it, besides c:

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 16, 2010, 04:11:03 AM

Allow me to explore a couple other options. I won't be long. :)

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 17, 2010, 03:24:04 AM

Does your computer have a floppy drive? Do you have a spare floppy disk?

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 17, 2010, 02:49:19 PM

The main computer has a floppy drive, but the computer I've been using does not. I don't think I have a floppy lying around either.

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 21, 2010, 02:48:34 AM

Fixing NTLDR via Recovery Console

• Insert the Windows CD and start the computer.
• When the Welcome to Setup screen appears, press R.
• Type a number corresponding to the Windows installation you wish to repair (usually 1) and press Enter.
• When prompted, type the administrator password and press Enter.
• From the command prompt, copy NTLDR and NTDETECT.COM from the i386 folder of the CD to the root folder of the hard drive. In the example commands given below, C: is the hard drive and D: is the CD-ROM drive. You will need to change the drive letters if appropriate:

expand D:\I386\NTLDR C:\
expand D:\I386\NTDETECT.COM C:\

• Remove the Windows XP CD from the drive and restart the computer.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on September 21, 2010, 03:42:37 PM

That didn't work either I'm afraid.

Took a look at the CD itself, and found the problem I think. In tiny letters it says "This CD is not for reinstallation of programs or drivers." I should really pay more attention to these things  :-[

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on September 26, 2010, 01:37:55 PM

If you can find a CD, that would be good.

Try a local computer repair shop, and see if they will sell one to you. They rarely charge anything much.

Title: Re: Can't run programs or connect to internet
Post by: Xerinous on October 26, 2010, 01:10:41 PM

Okay, been a while since I posted here. It took me a long time to find a repair shop, then a while to get there. When I finally got there to ask about a new cd, I was offered the same one I already had. So, tinkering with the one I had, I managed to somehow get the recovery console to copy the files, but now it looks like boot.ini and hal.dll are missing,so I still can't boot the computer. I tried the same method to get them off the disk but it doesn't seem able to find them.

(Sorry if this is considered a necropost.)

Title: Re: Can't run programs or connect to internet
Post by: Dr Jay on October 27, 2010, 11:21:40 PM

This topic has gone on long enough. Please start a new topic.