Solved windows update downloads but will not install

[Resolved] windows update downloads but will not install

I had had a problem with installing windows updates. I had been given some advice by Arie.
That seemed to clear the problem with the windows update and seemed to clear away the updates that seemed to be hanging the system. I used custom to download the updates. This went well but some downloads failed. I tried it on express but the system hung again. I went back and followed his instructions again and it seemed ok again. This time I went to custom downloads and tried them one by one. They all failed. I have listed them below. The net framework 1.1 has always failed and I don't think I have .net but the others I think are new.

Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB981997)
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2183461)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB980436)

He advised I check for malware on this forum. I loaded the DDS program to my desktop and tried to make sure I disable any script blocking protection. his did take me a while because I got confused with the active scripting for the internet. When I thought I had managed it and ran the program and nothing seemed to happen. I saw a message at the very end on the dos window but it disappeared so quickly I could not read it. After many attempts I managed to screen shot it and the message at the end was " CScript error: Windows Script Host access is disabled on this machine. Contact your administrator." I am my administrator but I do not know how to make this work

 

OTL file in 2 halves as it was too large
OTL logfile created on: 24/08/2010 09:21:58 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Jacquie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 681.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.80 Gb Total Space | 47.36 Gb Free Space | 42.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.05 Gb Total Space | 77.68 Gb Free Space | 52.12% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIDS-N57OCNO0TC
Current User Name: Jacquie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 09:16:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacquie\Desktop\OTL.exe
PRC - [2010/08/10 15:10:58 | 002,349,776 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/07/21 15:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010/07/18 13:53:09 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/18 13:53:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/18 13:53:02 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/18 13:52:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/18 13:51:26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/18 13:51:14 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/12 14:58:30 | 003,431,256 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 09:16:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacquie\Desktop\OTL.exe
MOD - [2010/06/11 16:21:40 | 000,232,960 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2008/04/14 01:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
MOD - [2008/04/14 01:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 01:11:59 | 002,843,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 17:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll
MOD - [2003/12/24 14:44:50 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll
MOD - [2001/02/07 02:17:02 | 000,364,607 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/07/18 13:52:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/10/18 12:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/03/07 18:01:00 | 000,024,576 | R--- | M] (Creative Technology Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\C0100Srv.exe -- (C0100Srv)
SRV - [2006/06/05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/01/06 22:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/11/24 17:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/11/24 16:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/24 16:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WBHWDOCT.sys -- (WBHWDOCT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\utqwnzm1.sys -- (utqwnzm1)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTPD.sys -- (AdWatchDrv)
DRV - [2010/07/18 13:53:06 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/18 13:51:26 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 21:57:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/09/04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 19:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 19:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/12/10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/07/30 02:03:00 | 000,239,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C0100Dev.sys -- (C0100Dev)
DRV - [2007/06/08 02:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C0100Afx.sys -- (C0100Afx)
DRV - [2007/04/19 15:34:46 | 000,005,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C0100Aul.sys -- (C0100Aul)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/12/05 14:37:46 | 000,007,168 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C0100Vfx.sys -- (C0100Vfx)
DRV - [2006/11/22 04:25:08 | 002,829,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/26 20:20:45 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2006/05/29 08:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/05/29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/05/29 08:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/05/29 08:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006/04/19 02:00:00 | 000,093,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C0100Aud.sys -- (C0100Aud)
DRV - [2006/01/12 12:56:56 | 000,102,528 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\si3112r.sys -- (Si3112r)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/08/10 15:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/11/01 12:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004/05/25 16:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004/05/25 16:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004/05/21 20:21:46 | 000,517,131 | R--- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca536av.sys -- (Ca536av)
DRV - [2003/05/14 10:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera)
DRV - [2003/03/21 13:34:08 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/02/03 04:21:00 | 000,083,360 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2002/11/13 16:10:00 | 000,020,224 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvidesm.sys -- (nvidesm)
DRV - [2002/09/23 11:37:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/06 12:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/08/13 14:27:22 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc)
DRV - [2002/07/03 18:01:50 | 000,115,790 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MR97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: it-IT@dictionaries.addons.mozilla.org:3.1
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 23:14:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/07 10:38:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/23 21:40:43 | 000,000,000 | ---D | M]

[2008/12/18 14:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Mozilla\Extensions
[2010/08/07 10:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Mozilla\Firefox\Profiles\t1y5vvkm.default\extensions
[2010/08/07 10:36:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jacquie\Application Data\Mozilla\Firefox\Profiles\t1y5vvkm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/07 10:36:20 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Jacquie\Application Data\Mozilla\Firefox\Profiles\t1y5vvkm.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/08/07 10:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Mozilla\Firefox\Profiles\t1y5vvkm.default\extensions\de-CH@dictionaries.addons.mozilla.org
[2008/04/10 08:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Mozilla\Firefox\Profiles\t1y5vvkm.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/11/30 11:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Mozilla\Firefox\Profiles\t1y5vvkm.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2008/04/10 08:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Mozilla\Firefox\Profiles\t1y5vvkm.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2010/08/07 10:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/03 17:31:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/16 21:50:30 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007/06/07 21:04:56 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/07/23 01:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 01:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 01:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 01:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/11/29 16:46:23 | 000,361,061 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 go.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 go.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 go.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 go.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 hk.winantivirus.com ## added by CiD
O1 - Hosts: 12357 more lines...
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [CTRegRun] C:\WINDOWS\Ctregrun.exe (Creative Technology Ltd )
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SonnReg.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\True Internet Color Icon.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Jacquie\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} http://www.ksolo.com/playerBase/kSoloIE_old.cab (kSoloCntrlIE Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (cshxq.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jacquie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jacquie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/31 22:09:20 | 000,000,060 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{09b4e754-ea6b-11db-885c-002654132bb4}\Shell - " " = AutoRun
O33 - MountPoints2\{09b4e754-ea6b-11db-885c-002654132bb4}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{09b4e754-ea6b-11db-885c-002654132bb4}\Shell\AutoRun\command - " " = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: Msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\Dvc.dll (Adaptec)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.NSVI - C:\WINDOWS\System32\Nsvideo.dll ()
Drivers32: VIDC.SP54 - C:\WINDOWS\SP5X_32.DLL ()
Drivers32: VIDC.SP55 - C:\WINDOWS\SP5X_32.DLL ()
Drivers32: VIDC.SP56 - C:\WINDOWS\SP5X_32.DLL ()
Drivers32: VIDC.SP57 - C:\WINDOWS\SP5X_32.DLL ()
Drivers32: VIDC.SP58 - C:\WINDOWS\SP5X_32.DLL ()
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 09:16:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jacquie\Desktop\OTL.exe
[2010/08/11 17:29:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/08/11 17:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/08/10 20:44:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution.old2
[2010/08/10 20:38:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/08/02 22:59:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Catroot2.old2
[2010/07/18 13:53:03 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/08 19:00:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2007/06/08 11:04:04 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

2nd half
========== Files - Modified Within 90 Days ==========

[2010/08/24 10:08:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38376464-E0FC-43FD-8246-AD511B85C298}.job
[2010/08/24 09:49:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 09:16:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacquie\Desktop\OTL.exe
[2010/08/24 08:20:19 | 063,755,281 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/24 08:19:56 | 000,828,928 | ---- | M] () -- C:\Documents and Settings\Jacquie\Desktop\Current Rota jac.xls
[2010/08/24 08:13:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/24 08:11:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/24 08:11:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 08:11:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 08:11:35 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 21:48:29 | 015,990,784 | -H-- | M] () -- C:\Documents and Settings\Jacquie\ntuser.dat
[2010/08/23 21:48:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jacquie\ntuser.ini
[2010/08/23 21:48:20 | 009,727,370 | -H-- | M] () -- C:\Documents and Settings\Jacquie\Local Settings\Application Data\IconCache.db
[2010/08/23 21:42:45 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/23 21:40:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2010/08/23 19:56:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jacquie\Local Settings\Application Data\prvlcl.dat
[2010/08/21 12:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/13 14:26:37 | 001,134,592 | ---- | M] () -- C:\Documents and Settings\Jacquie\Desktop\temp screen shot.doc
[2010/08/13 12:34:17 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jacquie\Desktop\dds.scr
[2010/08/10 21:08:03 | 000,511,406 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/10 21:08:03 | 000,447,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/10 21:08:03 | 000,073,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/07 11:09:00 | 001,652,736 | ---- | M] () -- C:\Documents and Settings\Jacquie\Desktop\logfile.doc
[2010/08/07 10:38:52 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Jacquie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/07 10:38:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/08/06 20:00:49 | 000,363,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/06 19:24:38 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/01 22:00:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/07/18 13:53:06 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/18 13:53:03 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/18 13:51:26 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/12 13:30:57 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Jacquie\Desktop\allotment complaint.doc
[2010/07/12 11:39:19 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Jacquie\Desktop\C.V. Ricardo Iadicicco.doc
[2010/07/08 19:13:23 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Jacquie\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2010/06/14 20:54:39 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0
[2010/06/08 23:59:36 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Jacquie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/08 22:35:06 | 005,157,731 | ---- | M] () -- C:\Documents and Settings\Jacquie\Desktop\SDC11373.JPG
[2010/06/08 22:34:42 | 005,145,647 | ---- | M] () -- C:\Documents and Settings\Jacquie\Desktop\SDC11372.JPG
[2010/06/08 16:25:06 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/06/02 21:57:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 11:58:12 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2010/05/31 15:22:02 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/13 14:26:37 | 001,134,592 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\temp screen shot.doc
[2010/08/13 12:34:17 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\dds.scr
[2010/08/07 11:08:59 | 001,652,736 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\logfile.doc
[2010/08/07 10:38:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/07/28 13:29:56 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/12 11:39:18 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\C.V. Ricardo Iadicicco.doc
[2010/07/08 19:13:23 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Jacquie\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2010/07/07 22:15:18 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\allotment complaint.doc
[2010/06/09 00:04:58 | 005,157,731 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\SDC11373.JPG
[2010/06/09 00:04:58 | 005,145,647 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\SDC11372.JPG
[2010/06/09 00:04:57 | 005,160,901 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\SDC11209.JPG
[2010/06/09 00:04:57 | 005,157,581 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\SDC10720.JPG
[2010/06/09 00:04:57 | 005,151,816 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\SDC11231.JPG
[2010/06/09 00:04:57 | 005,120,285 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\SDC10711.JPG
[2010/06/09 00:04:57 | 005,030,082 | ---- | C] () -- C:\Documents and Settings\Jacquie\Desktop\SDC10710.JPG
[2010/06/01 11:58:12 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2009/12/26 16:34:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jacquie\Local Settings\Application Data\prvlcl.dat
[2009/11/13 13:17:16 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Jacquie\Application Data\msnpromo.txt
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 23:06:00 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
[2008/05/26 20:14:00 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/05/26 20:14:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/05/26 20:14:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/05/26 20:14:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008/04/26 21:35:56 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2008/02/21 21:39:33 | 002,170,880 | ---- | C] () -- C:\Documents and Settings\Jacquie\Application Data\sa3125_02_fus_eng.exe
[2008/01/27 18:43:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2007/12/31 12:21:39 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007/08/24 16:15:20 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2007/08/15 15:04:55 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/03 13:50:56 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/05/09 11:51:51 | 000,007,500 | ---- | C] () -- C:\Documents and Settings\Jacquie\Application Data\NMM-MetaData.db
[2007/03/06 21:37:05 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2007/03/06 21:37:05 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2007/03/06 21:37:05 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2007/03/06 21:37:05 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2007/03/06 21:37:05 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2006/12/22 23:41:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/12/22 23:29:47 | 000,003,715 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2006/12/22 23:29:47 | 000,000,295 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2006/12/22 23:29:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/12/22 23:28:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2006/12/15 02:08:17 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/12/15 02:08:17 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/06/26 20:20:45 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2006/06/23 11:09:23 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2006/05/05 09:35:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/02/26 22:27:56 | 000,038,483 | ---- | C] () -- C:\Documents and Settings\Jacquie\Application Data\Comma Separated Values (DOS).ADR
[2006/01/16 15:45:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/28 01:04:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\mtwm2.ini
[2005/12/28 00:51:43 | 000,131,072 | ---- | C] () -- C:\WINDOWS\SP5X_32.DLL
[2005/12/27 17:12:41 | 000,000,470 | R--- | C] () -- C:\WINDOWS\System32\Dext536.ini
[2005/12/27 15:54:47 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2005/12/27 15:54:47 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2005/12/27 15:54:46 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/11/14 18:51:24 | 000,000,762 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/10 12:19:08 | 000,001,551 | ---- | C] () -- C:\WINDOWS\SysMech6.INI
[2005/10/13 14:09:47 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000019.DLL
[2005/10/13 13:42:08 | 000,000,087 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2005/10/02 12:41:42 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jacquie\Local Settings\Application Data\fusioncache.dat
[2005/09/28 09:55:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/09/13 09:39:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2005/09/05 15:30:32 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\Jacquie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/21 22:15:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/21 22:03:24 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/08/21 22:03:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/08/21 22:02:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/08/21 22:00:16 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX420EI.ini
[2005/08/16 16:38:47 | 000,000,074 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2005/08/16 16:36:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2005/08/16 16:36:22 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2005/08/16 16:36:22 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini
[2005/08/07 14:01:48 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/08/04 00:37:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 23:02:15 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2005/08/02 22:53:36 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2005/08/02 22:48:18 | 000,003,981 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/08/02 22:48:16 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/12/20 12:08:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/10 21:39:04 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2003/03/12 08:03:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/14 12:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll

========== LOP Check ==========

[2009/12/07 14:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/06/14 15:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
[2008/10/28 11:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
[2007/11/18 21:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Channel4
[2009/01/28 10:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Documents
[2006/10/26 14:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2009/11/05 01:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2005/10/23 18:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driving Test Success
[2007/12/17 18:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fugazo
[2006/01/20 18:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse
[2008/05/23 15:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
[2005/08/09 12:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hazard Perception Training
[2009/09/16 10:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2010/06/04 21:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
[2008/12/31 22:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies
[2007/06/01 10:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NannyMania
[2009/01/04 21:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2006/08/16 12:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
[2006/07/07 14:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
[2006/05/19 18:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games
[2010/04/09 09:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sports Interactive
[2010/08/13 12:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2006/12/25 21:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
[2005/08/21 22:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
[2005/10/13 14:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2009/04/18 22:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/09 23:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Auslogics
[2009/05/12 22:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2008/08/03 09:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\DataCast
[2008/03/07 21:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Grisoft
[2010/07/07 22:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\IObit
[2005/10/30 10:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Leadertech
[2009/02/10 22:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\LimeWire
[2009/11/13 13:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\MSNInstaller
[2007/05/11 10:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Nokia Multimedia Player
[2007/08/13 21:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\OfficeUpdate12
[2006/06/26 13:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\PC Suite
[2006/02/15 13:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Smart Panel
[2009/01/28 00:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Sports Interactive
[2009/01/04 19:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\SystemRequirementsLab
[2009/02/21 00:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\tmp
[2005/10/13 14:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Ulead Systems
[2009/11/05 01:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Uniblue
[2005/11/30 13:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\VERITAS
[2006/12/12 21:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\Windows Desktop Search
[2008/03/19 23:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacquie\Application Data\WinPatrol
[2010/08/01 22:00:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/08/24 10:08:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{38376464-E0FC-43FD-8246-AD511B85C298}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/11/07 13:48:51 | 000,028,672 | ---- | M] () -- C:\00007E00-E72BE72B
[2006/10/01 13:49:57 | 000,028,672 | ---- | M] () -- C:\00007E00-E72BE72B_Backup
[2009/11/30 13:18:49 | 000,181,212 | ---- | M] () -- C:\aaw7boot.log
[2004/04/14 08:05:39 | 000,160,108 | ---- | M] () -- C:\AnalysisLog.sr0
[2008/12/31 22:09:20 | 000,000,060 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/16 14:30:18 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/06/13 21:04:17 | 000,280,576 | ---- | M] () -- C:\CAPT000.avi
[2005/08/02 19:35:57 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/04/22 19:05:57 | 000,004,244 | ---- | M] () -- C:\data
[2004/11/30 20:27:00 | 000,000,278 | ---- | M] () -- C:\default.set
[2005/01/16 20:46:24 | 000,222,041 | ---- | M] () -- C:\errlgr.txt
[2010/08/24 08:11:35 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2003/12/10 13:05:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/12/10 13:05:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/08/04 07:36:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/24 22:01:48 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/24 08:11:32 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2007/06/13 21:06:29 | 000,011,754 | -H-- | M] () -- C:\POF$$THM.TOF
[2006/08/15 15:22:40 | 000,000,293 | ---- | M] () -- C:\Shortcut to Local Disk (C).lnk
[2009/04/12 17:02:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/12 17:03:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/12 17:05:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/13 22:21:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/13 22:36:23 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/04/19 16:01:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/06/22 21:34:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/06/25 19:11:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/07/27 11:21:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/07/28 17:27:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/06/28 21:20:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/07/04 07:00:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/07/04 12:00:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/07/05 09:34:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/07/27 10:33:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/08/14 13:06:42 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/09/30 20:37:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/09/30 20:38:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/08 01:33:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/11/09 17:04:27 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/12 17:03:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/12 17:05:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/13 22:21:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/13 22:36:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/19 16:01:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/06/22 21:34:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/06/25 19:11:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/07/27 11:21:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/07/28 17:27:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/06/28 21:20:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/07/04 07:00:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/07/04 12:00:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/07/05 09:34:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/07/27 10:33:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/08/14 13:06:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/09/30 20:37:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/09/30 20:38:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/11/09 17:04:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/12 17:02:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/08 01:33:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/12/31 12:24:55 | 000,000,040 | ---- | M] () -- C:\SYSTEM.VER
[2007/12/01 19:39:37 | 014,679,156 | ---- | M] () -- C:\TrendSchedule.csv
[2004/02/14 00:33:05 | 027,262,976 | ---- | M] () -- C:\VIRTPART.DAT
[2004/10/11 20:01:17 | 000,000,080 | RH-- | M] () -- C:\volumeid.zbx
[2006/11/07 13:48:51 | 000,012,288 | ---- | M] () -- C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}
[2006/10/01 13:49:57 | 000,012,288 | ---- | M] () -- C:\Volume{52C8E4FE-B853-42c1-9528-92978438BBF3}_Backup

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/02 20:17:30 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/02 20:17:30 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/02 20:17:29 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:CF652417
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:07BF512B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:ECE4A64B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:26FE5B17
< End of report >

 

OTL Extras logfile created on: 24/08/2010 09:21:58 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Jacquie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 681.00 Mb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.80 Gb Total Space | 47.36 Gb Free Space | 42.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.05 Gb Total Space | 77.68 Gb Free Space | 52.12% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIDS-N57OCNO0TC
Current User Name: Jacquie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = scrfile] -- "%1" /s

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /s
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07295ABF-1245-415A-BE06-863271753443}" = ShowBiz
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{25081482-E242-4FE3-B552-FDC8BA88C90E}" = Ad-Aware 2007 Beta
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{594CC15E-B32D-11D5-9293-0050BA073EEC}" = Presto! VideoWorks 5.0
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Sonic Simple Backup
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7148F0A8-6813-11D6-A77B-00B0D0142090}" = Java 2 Runtime Environment, SE v1.4.2_09
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{783033B0-D8E6-11D5-9293-0050BA073EEC}" = Presto! ImageFolio 4.2
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B76034B-B3ED-46D5-8C66-DEB102CB830A}" = ATI Catalyst Control Center
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA System Utility
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8855FF30-19CE-4CB1-A654-87B38369CCE1}" = Sonic RecordNow DX
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6E71574-2126-4E95-816E-32B2411C94BA}" = Ulead MediaStudio Pro 8.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B0F64C44-DC77-497D-9A27-C0F5BAB12493}" = muveeNow 2.0 - Creative
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C2E8DCAA-1CF4-46CE-8DDD-C89CBA2FFADA}" = MP3 music player
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCD1FF1-6127-41A5-ABF3-D8C494E59094}" = SA31xx Device Manager & Media Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Advanced Video FX Engine" = Advanced Video FX Engine
"All ATI Software" = ATI - Software Uninstall Utility
"ASUS Probe V2.19.07" = ASUS Probe V2.19.07
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"BroadJump Client Foundation" = BroadJump Client Foundation
"Broken Sword" = Broken Sword
"CAM-IN SUITE III" = CAM-IN SUITE III
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Doodling" = Creative Live! Cam Doodling
"Creative Live! Cam FX Creator" = Creative Live! Cam FX Creator
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Optia AF User's Guide English" = Creative Live! Cam Optia AF User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VC0100" = Creative Live! Cam Optia AF Driver (1.03.01.0822)
"Defraggler" = Defraggler (remove only)
"Digital Camera Driver" = Digital Camera Driver
"eDATA Unerase" = eDATA Unerase
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPRX420 Reference Guide" = ESPRX420 Reference Guide
"ESPRX420 Software Guide" = ESPRX420 Software Guide
"Fashion Fits!™" = Fashion Fits!™
"Google Chrome" = Google Chrome
"GSmart Mini 2" = GSmart Mini 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA System Utility
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"IObit Security 360_is1" = IObit Security 360
"LimeWire" = LimeWire 4.18.8
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAnForce" = NVIDIA Windows 2000/XP nForce Drivers
"OpenMG HotFix4.4-05-12-06-01" = OpenMG Limited Patch 4.4-06-13-19-01
"PhotoRecord" = Canon PhotoRecord
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Shockwave" = Shockwave
"SightSpeed" = SightSpeed (remove only)
"Smart Defrag_is1" = Smart Defrag
"Software Informer_is1" = Software Informer 1.0 BETA
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SSC Service Utility_is1" = SSC Service Utility v4.10
"SSUtils" = NVIDIA nForce Utilities
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"tdp" = 3Deep
"Top Chef" = Top Chef
"True Internet Color" = True Internet Color
"Tweak UI 2.10" = Tweak UI
"Vodafone 804SS USB driver" = SAMSUNG Mobile USB Modem ^^
"WIC" = Windows Imaging Component
"WilliamHillPokerXP" = William Hill Poker
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.97
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/08/2010 08:38:00 | Computer Name = KIDS-N57OCNO0TC | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 19/08/2010 11:58:01 | Computer Name = KIDS-N57OCNO0TC | Source = Google Update | ID = 20
Description =

Error - 20/08/2010 06:58:02 | Computer Name = KIDS-N57OCNO0TC | Source = Google Update | ID = 20
Description =

Error - 20/08/2010 07:58:06 | Computer Name = KIDS-N57OCNO0TC | Source = Google Update | ID = 20
Description =

Error - 20/08/2010 13:58:00 | Computer Name = KIDS-N57OCNO0TC | Source = Google Update | ID = 20
Description =

Error - 20/08/2010 14:58:03 | Computer Name = KIDS-N57OCNO0TC | Source = Google Update | ID = 20
Description =

Error - 21/08/2010 07:58:01 | Computer Name = KIDS-N57OCNO0TC | Source = Google Update | ID = 20
Description =

Error - 21/08/2010 08:58:03 | Computer Name = KIDS-N57OCNO0TC | Source = Google Update | ID = 20
Description =

Error - 21/08/2010 09:58:03 | Computer Name = KIDS-N57OCNO0TC | Source = Google Update | ID = 20
Description =

Error - 23/08/2010 16:40:31 | Computer Name = KIDS-N57OCNO0TC | Source = MsiInstaller | ID = 11704
Description = Product: Adobe Reader 9.3.4 -- Error 1704.An installation for Microsoft
Office Professional Edition 2003 is currently suspended. You must undo the changes
made by that installation to continue. Do you want to undo those changes?

[ System Events ]
Error - 14/08/2010 03:24:12 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7000
Description = The DigitalCam Pro Video Camera Device service failed to start due
to the following error: %%1058

Error - 14/08/2010 03:24:12 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 14/08/2010 11:22:30 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7000
Description = The DigitalCam Pro Video Camera Device service failed to start due
to the following error: %%1058

Error - 14/08/2010 11:22:30 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 14/08/2010 12:12:15 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7000
Description = The DigitalCam Pro Video Camera Device service failed to start due
to the following error: %%1058

Error - 14/08/2010 12:12:15 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 15/08/2010 09:07:59 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7000
Description = The DigitalCam Pro Video Camera Device service failed to start due
to the following error: %%1058

Error - 15/08/2010 09:07:59 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 06/08/2010 13:42:41 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7000
Description = The DigitalCam Pro Video Camera Device service failed to start due
to the following error: %%1058

Error - 06/08/2010 13:42:41 | Computer Name = KIDS-N57OCNO0TC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >

 

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4469

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/08/2010 13:17:47
mbam-log-2010-08-24 (13-17-47).txt

Scan type: Quick scan
Objects scanned: 264827
Time elapsed: 2 hour(s), 0 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-24 16:31:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jacquie\LOCALS~1\Temp\aftyafod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF5349B30]
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF53496F0]
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF5349470]
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF5349C50]
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF5349990]
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF53498D0]
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF5349D60]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7657B8D]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1020] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04140001
.text C:\WINDOWS\Explorer.EXE[1020] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1020] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1020] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1020] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1020] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1060] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1060] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1060] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1060] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[1060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001
.text C:\WINDOWS\system32\ctfmon.exe[1060] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1060] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[1060] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1060] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1060] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[1060] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[7552] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7552] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7552] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7552] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7552] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7552] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7552] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7552] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7552] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[7996] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\DOCUME~1\Jacquie\LOCALS~1\Temp\Temporary Directory 1 for gmer[2].zip\gmer.exe[26064] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7342C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7342BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7342B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F73428E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F73428E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7342BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7342C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7342B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7342B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F73428E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7342BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7342C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F73428E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7342B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7342C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7342BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7342C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7342BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F73428E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7342B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F73428E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7342BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7342C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F7342C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F7342BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F7342B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F73428E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F73428E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7342B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7342C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7342BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[7996] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\AvgTdiX \Device\AvgTdi wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\nvidesm \Device\Scsi\nvidesm1Port1Path1Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvidesm \Device\Scsi\nvidesm1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port1Path1Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\nvidesm \Device\Scsi\nvidesm1Port1Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1659004503-1993962763-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 701391134
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1659004503-1993962763-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30098296
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1659004503-1993962763-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 702172384
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1659004503-1993962763-725345543-1003\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30098296
Reg HKLM\SOFTWARE\Classes\CLSID\{5A85D433-BB42-24A0-27A5-E0C507D38021}\InprocServer32@ C:\WINDOWS\system32\CLBCatQ.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{5A85D433-BB42-24A0-27A5-E0C507D38021}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{5A85D433-BB42-24A0-27A5-E0C507D38021}\ProgID@ ComPlusMetaDataServices.ServicesMetaDataDispenser.1
Reg HKLM\SOFTWARE\Classes\CLSID\{5A85D433-BB42-24A0-27A5-E0C507D38021}\VersionIndependentProgID@ ComPlusMetaDataServices.ServicesMetaDataDispenser
Reg HKLM\SOFTWARE\Classes\CLSID\{8B327A17-40C9-481B-239C-C142466AB756}\InprocServer32@ C:\Program Files\Sonic\MyDVD\SonicDSScaler.ax
Reg HKLM\SOFTWARE\Classes\CLSID\{8B327A17-40C9-481B-239C-C142466AB756}\InprocServer32@ThreadingModel Both
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5738DA16-A330-CB69-E961-589514C85D93}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5738DA16-A330-CB69-E961-589514C85D93}@dbcgkhjkgibboajcckbclhahjaainkhhingmlpdk 0x6A 0x61 0x67 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5738DA16-A330-CB69-E961-589514C85D93}@cbmfmmocjikkhmdjbcaedjegcjclipdlekgdjp 0x6A 0x61 0x67 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5738DA16-A330-CB69-E961-589514C85D93}@iacgkhjkgibboajcck 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5738DA16-A330-CB69-E961-589514C85D93}@hamfmmocjikkhmdj 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5738DA16-A330-CB69-E961-589514C85D93}@iagdcnhlhocffcknnd 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5738DA16-A330-CB69-E961-589514C85D93}@abgdcmocfmohnmnmfleehlkmmpdgnnndli 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5738DA16-A330-CB69-E961-589514C85D93}@mahddkjmakdhnnoenonddimide 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65BAB978-688F-D5E5-E94D-620A040DDC34}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65BAB978-688F-D5E5-E94D-620A040DDC34}@dbmboneclohbafboedjabjdndhjocgdochaniapb 0x6A 0x61 0x6C 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65BAB978-688F-D5E5-E94D-620A040DDC34}@cbgcbkmkcndfcinnbmijnekcmhpafhjoicecee 0x6A 0x61 0x6C 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65BAB978-688F-D5E5-E94D-620A040DDC34}@iamboneclohbafboed 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65BAB978-688F-D5E5-E94D-620A040DDC34}@hagcbkmkcndfcinn 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65BAB978-688F-D5E5-E94D-620A040DDC34}@iaialkladmkkmgfgfk 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65BAB978-688F-D5E5-E94D-620A040DDC34}@abialddhmfjhfcjaknenpelgebfmdlaebl 0x61 0x61 0x00 0x06
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{65BAB978-688F-D5E5-E94D-620A040DDC34}@majakejjejmpifgagcocoadcpm 0x61 0x61 0x00 0x06
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4BE0FA5-5BB6-C43E-039D-E6EBBF8AB433}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4BE0FA5-5BB6-C43E-039D-E6EBBF8AB433}@cbfcjebgppeekmmioklpnhjkpikonjddcjgeod 0x6A 0x61 0x6A 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4BE0FA5-5BB6-C43E-039D-E6EBBF8AB433}@bbpbpghaecnkbipmpfbhfpdcggnfajpeakoh 0x6A 0x61 0x6A 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4BE0FA5-5BB6-C43E-039D-E6EBBF8AB433}@iafcjebgppeekmmiok 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4BE0FA5-5BB6-C43E-039D-E6EBBF8AB433}@hapbpghaecnkbipm 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4BE0FA5-5BB6-C43E-039D-E6EBBF8AB433}@iajdfbgkjfhgeflpjf 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2F7D08E-E97B-1717-6A36-AABF7BC7A0B8}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2F7D08E-E97B-1717-6A36-AABF7BC7A0B8}@cbcoandlielnefkjknjcpgfglpkcmdlieahpoj 0x6A 0x61 0x70 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2F7D08E-E97B-1717-6A36-AABF7BC7A0B8}@iamagnffbhhfohbdmc 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2F7D08E-E97B-1717-6A36-AABF7BC7A0B8}@hacoandlielnefkj 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2F7D08E-E97B-1717-6A36-AABF7BC7A0B8}@iaaagnhfkfahcdbpfp 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2F7D08E-E97B-1717-6A36-AABF7BC7A0B8}@dbmagnffbhhfohbdmchfaglbonnaifecgijnmphl 0x6A 0x61 0x70 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2F7D08E-E97B-1717-6A36-AABF7BC7A0B8}@abaagmcdmkngfnckodmbhmgkihnlinkfih 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C2F7D08E-E97B-1717-6A36-AABF7BC7A0B8}@mabalkieiefnkjoojgendpmkng 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.15 ----

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 145):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7A6F000 \WINDOWS\system32\KDCOM.DLL
0xF797F000 \WINDOWS\system32\BOOTVID.dll
0xF7520000 ACPI.sys
0xF7A71000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF750F000 pci.sys
0xF756F000 isapnp.sys
0xF757F000 ohci1394.sys
0xF758F000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF7B37000 pciide.sys
0xF77EF000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF759F000 MountMgr.sys
0xF74F0000 ftdisk.sys
0xF7A73000 dmload.sys
0xF74CA000 dmio.sys
0xF77F7000 PartMgr.sys
0xF75AF000 sfsync02.sys
0xF75BF000 VolSnap.sys
0xF74B2000 atapi.sys
0xF7498000 si3112r.sys
0xF7480000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xF77FF000 nvidesm.sys
0xF75CF000 disk.sys
0xF75DF000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7460000 fltmgr.sys
0xF744E000 sr.sys
0xF743A000 drvmcdb.sys
0xF75EF000 PxHelp20.sys
0xF7983000 SiWinAcc.sys
0xF7423000 KSecDD.sys
0xF7410000 WudfPf.sys
0xF7383000 Ntfs.sys
0xF7356000 NDIS.sys
0xF7339000 Teefer.sys
0xF7807000 sfhlp02.sys
0xF7327000 sfdrv01.sys
0xF7987000 nv_agp.sys
0xF730D000 Mup.sys
0xF763F000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF769F000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF788F000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF663C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7897000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF6628000 \SystemRoot\System32\DRIVERS\NVENET.sys
0xF76AF000 \SystemRoot\system32\drivers\nvax.sys
0xF76BF000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF72D9000 \SystemRoot\system32\drivers\pfc.sys
0xF76CF000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76DF000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6605000 \SystemRoot\System32\DRIVERS\ks.sys
0xF76EF000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF65F3000 \SystemRoot\System32\DRIVERS\el90Xbc5.SYS
0xF632D000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF6319000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF789F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF76FF000 \SystemRoot\System32\DRIVERS\serial.sys
0xF72D1000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6305000 \SystemRoot\System32\DRIVERS\parport.sys
0xF770F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF78A7000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF78AF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7C51000 \SystemRoot\system32\drivers\msmpu401.sys
0xF62E1000 \SystemRoot\system32\drivers\portcls.sys
0xF772F000 \SystemRoot\system32\drivers\drmk.sys
0xF72CD000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF78B7000 \SystemRoot\system32\DRIVERS\livecamv.sys
0xF7C52000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF6EEC000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF72C9000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF62CA000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF6E8C000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF761F000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF78BF000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF62B9000 \SystemRoot\System32\DRIVERS\psched.sys
0xF66F0000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF61F5000 \SystemRoot\System32\drivers\dmboot.sys
0xF782F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7837000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF61C5000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF66D0000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7AA3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6167000 \SystemRoot\System32\DRIVERS\update.sys
0xF6F80000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF66C0000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7AA5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF6660000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF5B99000 \SystemRoot\system32\drivers\nvapu.sys
0xF5AAE000 \SystemRoot\system32\drivers\nvmcp.sys
0xF5A9D000 \SystemRoot\system32\drivers\nvarm.sys
0xF7917000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7ADF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C11000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AE1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7927000 \SystemRoot\System32\drivers\vga.sys
0xF7AE3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AE5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF792F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7937000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A6B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA8C51000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xA8BF8000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xA8BBE000 \SystemRoot\System32\Drivers\avgtdix.sys
0xA556A000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF541F000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF540F000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xA5400000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF3E66000 \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys
0xF614F000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA53DE000 \SystemRoot\System32\drivers\afd.sys
0xF3E56000 \SystemRoot\System32\DRIVERS\netbios.sys
0xA53B3000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xA5343000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF3E36000 \SystemRoot\System32\Drivers\Fips.SYS
0xF4D25000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA52BB000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF539F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7A4B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF4CF5000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C2A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF056000 \SystemRoot\System32\ati2cqag.dll
0xBF09E000 \SystemRoot\System32\atikvmag.dll
0xBF0E3000 \SystemRoot\System32\ati3duag.dll
0xBF34C000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF53FF000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA555A000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0x9E776000 \SystemRoot\SYSTEM32\Drivers\wg3n.sys
0x9E772000 \SystemRoot\SYSTEM32\Drivers\wg4n.sys
0x9E766000 \SystemRoot\SYSTEM32\Drivers\wg5n.sys
0x9E762000 \SystemRoot\SYSTEM32\Drivers\wg6n.sys
0x9E66D000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7AF5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7C0C000 \??\C:\WINDOWS\system32\drivers\aslm75.sys
0x9E5A9000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x9E4DA000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1244000 \SystemRoot\System32\DRIVERS\secdrv.sys
0x9E1F5000 \SystemRoot\system32\drivers\wdmaud.sys
0xA09F8000 \SystemRoot\system32\drivers\sysaudio.sys
0x9DD6E000 \SystemRoot\System32\Drivers\HTTP.sys
0x9DA73000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
976 C:\WINDOWS\system32\smss.exe
1104 C:\WINDOWS\system32\csrss.exe
1140 C:\WINDOWS\system32\winlogon.exe
1204 C:\WINDOWS\system32\services.exe
1216 C:\WINDOWS\system32\lsass.exe
1368 C:\WINDOWS\system32\ati2evxx.exe
1392 C:\WINDOWS\system32\svchost.exe
1476 C:\WINDOWS\system32\svchost.exe
1568 C:\WINDOWS\system32\svchost.exe
1600 C:\WINDOWS\system32\svchost.exe
1640 C:\Program Files\Sygate\SPF\Smc.exe
1728 C:\WINDOWS\system32\ati2evxx.exe
1736 C:\Program Files\AVG\AVG9\avgchsvx.exe
1744 C:\Program Files\AVG\AVG9\avgrsx.exe
1924 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1940 C:\WINDOWS\system32\svchost.exe
336 C:\WINDOWS\system32\svchost.exe
704 C:\WINDOWS\system32\spoolsv.exe
920 C:\WINDOWS\system32\svchost.exe
952 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1008 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1076 C:\Program Files\Bonjour\mDNSResponder.exe
1760 C:\Program Files\IObit\IObit Security 360\is360srv.exe
372 C:\Program Files\AVG\AVG9\avgnsx.exe
388 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
496 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
816 C:\WINDOWS\system32\svchost.exe
2304 C:\WINDOWS\system32\alg.exe
2340 C:\WINDOWS\system32\wbem\wmiprvse.exe
3916 C:\WINDOWS\explorer.exe
3984 C:\WINDOWS\system32\ctfmon.exe
3464 C:\WINDOWS\system32\svchost.exe
1056 C:\Program Files\IObit\IObit Security 360\is360tray.exe
1296 C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
2152 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
2212 C:\PROGRA~1\AVG\AVG9\avgtray.exe
1088 C:\Program Files\IObit\IObit Security 360\is360.exe
4376 C:\Program Files\Internet Explorer\iexplore.exe
5644 C:\Program Files\Internet Explorer\iexplore.exe
2360 C:\Program Files\Internet Explorer\iexplore.exe
4100 C:\Documents and Settings\Jacquie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP1203N, Rev: TL10
PhysicalDrive1 Model Number: SAMSUNGSP1654N, Rev: BV10

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

Hi
It is too late now to do the next part. I will do it tomorrow. I still do not know how to disable the script host as when I tried to run the DDS program I got the message:-
" CScript error: Windows Script Host access is disabled on this machine. Contact your administrator."
I am my administrator but I do not know how to make this work.
I have downloaded the combofix program ready to roll tomorrow

 

I have uninstalled Spybot. I have IObit advance system care and security 360. will they interefere with the combofix?

 

I am glad but I think I must have messed up somewhere. I disabled firewall (Sygate) and anti-virus (AVG) I ran Combofix it loaded and a small box showed on the screen titled combofix and there was a green progress bar. This filled up and it just sat there. I thought it may take some time so I left it on all night but it was still the same. I could not do anything unless I rebooted. I deleted the combofix icon from my desktop and downloaded it again. I contacted you to check about IObit System Care and Security360. When you said it should not affect it I tried again to run Combofix, the progress bar filled up. I left it all night again but it did not seem to complete. Should I have left it longer?

 

I ran the rkill
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Jacquie on 27/08/2010 at 23:05:20.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Jacquie\Desktop\rkill.com


Rkill completed on 27/08/2010 at 23:05:25.

Then I ran exe helper

exeHelper by Raktor
Build 20100414
Run at 23:08:35 on 08/27/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 00:16:45 on 08/28/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I then ran combofix. It did get further it asked me to allow it to run. I can't remember the exact message but it was something like there was a warning that it was not associated with some other combo programs and to agree to run it click yes or to exit click no. I clicked yes. It then opened a blue coloured DOS screen and the cursor was flashing and that is all it did. I left it for an hour but it did not change. I then ran exehelper in case it might show anything else.
It is Friday night here. I will be away until Wednesday. I will not be able to reply to any posts until then.

 

Yes it did work in safe mode. I had to do Safe mode with networking as Combofix needed the internet. I was a bit concerned because when the computer rebooted of course the firewall statrted up on its own but Combofix was just doing the log file.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Jacquie on 27/08/2010 at 23:05:20.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Jacquie\Desktop\rkill.com


Rkill completed on 27/08/2010 at 23:05:25.

exeHelper by Raktor
Build 20100414
Run at 23:08:35 on 08/27/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 00:16:45 on 08/28/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 20:48:54 on 08/31/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 21:34:43 on 08/31/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 23:29:08 on 09/01/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

 

ComboFix 10-09-01.02 - Jacquie 01/09/2010 23:50:45.2.1 - x86 NETWORK
Running from: c:\documents and settings\Jacquie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\home video\sdvdc.exe
c:\documents and settings\Paolo\klitekpp243e.exe
c:\documents and settings\Ricci\eMule0.46c_Installer.exe
c:\documents and settings\Ricci\System
c:\documents and settings\Ricci\System\AICore.t3u
c:\documents and settings\Ricci\System\binkw32.dll
c:\documents and settings\Ricci\System\Core.int
c:\documents and settings\Ricci\System\Core.t3u
c:\documents and settings\Ricci\System\D3DDrv.int
c:\documents and settings\Ricci\System\DEFAULT.INI
c:\documents and settings\Ricci\System\eax.dll
c:\documents and settings\Ricci\System\Editor.int
c:\documents and settings\Ricci\System\Editor.t3u
c:\documents and settings\Ricci\System\Engine.int
c:\documents and settings\Ricci\System\Engine.t3u
c:\documents and settings\Ricci\System\FacialExp.ini
c:\documents and settings\Ricci\System\Fire.t3u
c:\documents and settings\Ricci\System\Ion Launcher.exe
c:\documents and settings\Ricci\System\MotionTags.ini
c:\documents and settings\Ricci\System\reverbstyles.ini
c:\documents and settings\Ricci\System\Startup.int
c:\documents and settings\Ricci\System\t3.exe
c:\documents and settings\Ricci\System\T3AI.t3u
c:\documents and settings\Ricci\System\T3AutoTag.ini
c:\documents and settings\Ricci\System\T3Camera.ini
c:\documents and settings\Ricci\System\T3Game.t3u
c:\documents and settings\Ricci\System\T3Gamesys.t3u
c:\documents and settings\Ricci\System\T3Hud.ini
c:\documents and settings\Ricci\System\T3InputMem.ini
c:\documents and settings\Ricci\System\T3ItemGrid.ini
c:\documents and settings\Ricci\System\T3Main.exe
c:\documents and settings\Ricci\System\T3PhysicsSound.ini
c:\documents and settings\Ricci\System\T3Player.t3u
c:\documents and settings\Ricci\System\T3PlayerAnims.ini
c:\documents and settings\Ricci\System\T3Rumble.ini
c:\documents and settings\Ricci\System\T3UI.ini
c:\documents and settings\Ricci\System\T3UILights.ini
c:\documents and settings\Ricci\System\T3UISoup.ini
c:\documents and settings\Ricci\System\T3UIText.int
c:\documents and settings\Ricci\System\t3uw.int
c:\documents and settings\Ricci\System\UnrealEd.int
c:\documents and settings\Ricci\System\Window.int
c:\documents and settings\Ricci\System\WinDrv.int
c:\documents and settings\sims utils\DEPatch.exe
c:\documents and settings\sims utils\SimsFileCop.exe
c:\windows\Downloaded Program Files\DDSonic.1.0.0.92
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53
c:\windows\system\BCBSMP35.BPL
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
c:\windows\system32\sstray.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG
-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-24 10:18 . 2010-08-24 10:18 -------- d-----w- c:\documents and settings\Jacquie\Application Data\Malwarebytes
2010-08-24 10:17 . 2010-08-24 10:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 22:15 . 2007-12-17 17:27 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-09-01 19:12 . 2009-12-26 15:34 0 -c--a-w- c:\documents and settings\Jacquie\Local Settings\Application Data\prvlcl.dat
2010-08-25 19:21 . 2003-12-12 08:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-25 19:20 . 2005-08-04 07:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-08-24 10:17 . 2010-08-24 10:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 12:25 . 2006-11-13 19:40 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-13 11:42 . 2004-04-01 09:24 -------- d-----w- c:\program files\SpywareBlaster
2010-07-19 18:20 . 2009-11-12 21:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-18 12:53 . 2009-03-28 21:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-18 12:53 . 2010-07-18 12:53 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-18 12:51 . 2008-10-01 18:34 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-09 22:41 . 2008-05-11 18:35 -------- d-----w- c:\documents and settings\Jacquie\Application Data\Auslogics
2010-07-09 20:52 . 2008-12-23 09:46 -------- d-----w- c:\documents and settings\Jacquie\Application Data\Skype
2010-07-09 20:33 . 2008-12-23 09:51 -------- d-----w- c:\documents and settings\Jacquie\Application Data\skypePM
2010-07-08 18:13 . 2008-03-06 11:46 -------- d-----w- c:\program files\Auslogics
2010-07-07 21:43 . 2008-04-10 13:05 -------- d-----w- c:\documents and settings\Jacquie\Application Data\IObit
2010-06-14 14:31 . 2005-08-02 18:33 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2007-06-07 20:04 . 2007-06-08 10:04 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-06-15 20:33 . 2008-12-31 22:08 233472 -c--a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 . 2008-12-31 22:08 204895 -c--a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 . 2008-12-31 22:08 77824 -c--a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 . 2008-12-31 22:08 426081 -c--a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 . 2008-12-31 22:07 458752 -c--a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 . 2008-12-31 22:08 139264 -c--a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 . 2008-12-31 22:07 204800 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 . 2008-12-31 22:07 106496 -c--a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 . 2008-12-31 22:07 212992 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 . 2008-12-31 22:07 167936 -c--a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2008-12-31 22:08 . 2008-12-31 22:08 80 -csh--r- c:\windows\CT4CET.bin
2008-03-11 21:59 . 2008-03-08 00:10 6651936 -csha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0036\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-23 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-23 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-03-06 . 4EA08A8BBDF8DDEE0F173BB999C153C3 . 263680 . . [5.1.2600.1361] . . c:\windows\$xpsp1hfm$\KB828741\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 1998-05-18 09:52 . 7B0DAACACD98548A43BC286EE408C5E8 . 458752 . . [4.72.3110.1] . . c:\windows\system\COMCTL32.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$xpsp1hfm$\KB828741\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution.old2\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3GDR\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution.old2\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3GDR\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\softwaredistribution.old\Download\53d91b4cb515ff831fd50b1300c41863\SP3GDR\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\softwaredistribution.old\Download\53d91b4cb515ff831fd50b1300c41863\SP3QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie8\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-16 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-07 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\ie7\mshtml.dll
[-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll
[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\20417d45f198df0887b15c6703a74b0a\SP3GDR\ntoskrnl.exe
[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution.old2\Download\20417d45f198df0887b15c6703a74b0a\SP3GDR\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\20417d45f198df0887b15c6703a74b0a\SP3QFE\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution.old2\Download\20417d45f198df0887b15c6703a74b0a\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe