Redirect Problems San Jose CA [Archive]

Jack Fischer

2010-11-19, 06:42

I was able to get through all the steps except the last. The GMER application would start running as soon as it was launched and almost immediately crash the system and give me the same error message as when I tried to run DDS.

That error information is as follows:
DRIVER_IRQL_NOT_LESS_OR_EQUAL

TEHCNICAL INFO:

STOP:0x000000D1 (0x0A140017,0x00000005,0x00000000,0xF77C6E3E)

IdeChnDr.sys - Address F77C6E3E base at F77C3000,DateStamp 3bd89c65

Here's the first log:

OTL logfile created on: 11/18/2010 8:35:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.94 Gb Free Space | 26.71% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
PRC - [2010/10/28 08:40:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 08:39:57 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 15:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 16:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/10 09:39:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/13 01:39:09 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2005/06/06 22:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2001/09/23 07:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
PRC - [2001/09/22 14:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP2.EXE

========== Modules (SafeList) ==========

MOD - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/22 21:28:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)
SRV - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2010/08/02 15:10:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/02 15:10:10 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)
DRV - [2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(r)
DRV - [2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 10:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 20:21:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/08 20:09:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/18 20:21:09 | 000,000,000 | ---D | M]

[2010/10/10 11:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions
[2010/10/10 11:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions
[2009/08/09 07:07:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/13 21:34:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/23 18:36:34 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\askcom.xml
[2010/02/23 18:38:45 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\bing.xml
[2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 21:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 21:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 14:50:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/12/22 08:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2010/06/05 17:01:14 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab (FilePlanet Download Control Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab (Windows Live Safety Center Base Module)
O16 - DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} http://haserv1.liveglobalbid.com/lgbmpr.cab (LgbMediaPlayer Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124349026031 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/04 22:19:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4713e108-c71e-11de-a6f7-00055d371377}\Shell - "" = AutoRun
O33 - MountPoints2\{4713e108-c71e-11de-a6f7-00055d371377}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4713e108-c71e-11de-a6f7-00055d371377}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6f61693c-091a-11dd-a5a9-00038a000015}\Shell\AutoRun\command - "" = E:\PortableVault.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 20:34:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
[2010/11/06 14:50:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/06 14:50:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/06 14:50:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/05 17:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWiSHzone.com
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 20:35:20 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
[2010/11/18 20:32:45 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2010/11/18 20:32:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/18 20:31:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/18 20:30:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/18 20:30:43 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/18 20:21:10 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/18 20:18:57 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2010/11/17 21:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/17 20:14:07 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
[2010/11/15 21:42:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/13 15:59:43 | 000,249,722 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\att bill wireless and landline.pdf
[2010/11/07 10:41:50 | 000,432,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 10:41:50 | 000,067,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 12:19:16 | 058,025,396 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\avira_antivir_personal_en.zip
[2010/11/04 17:53:49 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/17 20:14:05 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
[2010/11/13 15:59:43 | 000,249,722 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\att bill wireless and landline.pdf
[2010/11/06 12:12:21 | 058,025,396 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\avira_antivir_personal_en.zip
[2010/10/24 20:11:23 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/22 07:32:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/07/12 19:47:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
[2007/07/12 19:47:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PICTURM8.ini
[2007/02/26 22:56:21 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2006/09/13 19:52:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\sview.ini
[2006/09/13 19:44:36 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\svfiles.log
[2006/01/18 18:58:06 | 000,000,681 | ---- | C] () -- C:\WINDOWS\arp.INI
[2006/01/18 17:21:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\dpss.ini
[2006/01/16 22:13:27 | 000,000,395 | ---- | C] () -- C:\WINDOWS\DSSCC.INI
[2005/05/29 23:56:24 | 000,015,409 | ---- | C] () -- C:\WINDOWS\System32\lqmsaaaa.dll
[2005/05/29 13:40:58 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/29 13:40:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/29 13:40:07 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/25 20:24:58 | 000,002,640 | ---- | C] () -- C:\WINDOWS\System32\lqkaaaaa.dll
[2005/05/25 20:23:56 | 000,011,304 | ---- | C] () -- C:\WINDOWS\System32\haghkdf.dll
[2005/05/25 19:26:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/25 19:26:06 | 000,108,301 | ---- | C] () -- C:\WINDOWS\System32\comprsvp.dll
[2004/12/16 19:33:46 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/11/29 22:28:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/06 21:23:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MFSBaseLib2889.dll
[2004/10/06 21:23:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\MFSIFLib2889.dll
[2004/09/25 22:08:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS1280.ini
[2004/09/12 10:25:40 | 000,000,621 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/08/16 17:30:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 17:30:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/30 15:18:38 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/04/14 15:13:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/04/09 06:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL
[2004/03/22 20:44:47 | 000,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/03/22 20:44:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ICE.INI
[2004/03/08 19:59:17 | 000,000,590 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/02/09 19:36:21 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/01/27 07:45:49 | 000,108,273 | ---- | C] () -- C:\WINDOWS\System32\autokdll.dll
[2004/01/27 07:45:49 | 000,103,575 | ---- | C] () -- C:\WINDOWS\System32\read87em.dll
[2004/01/27 07:45:47 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\plusideo.dll
[2004/01/10 19:42:03 | 000,050,012 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/01/08 09:05:51 | 000,110,708 | ---- | C] () -- C:\WINDOWS\System32\mtxo0081.dll
[2004/01/08 09:04:32 | 000,111,252 | ---- | C] () -- C:\WINDOWS\System32\hostgwiz.dll
[2004/01/08 09:01:42 | 000,102,687 | ---- | C] () -- C:\WINDOWS\System32\1252sutb.dll
[2004/01/08 08:57:36 | 000,110,292 | ---- | C] () -- C:\WINDOWS\System32\ltwvodex.dll
[2004/01/08 08:57:23 | 000,103,708 | ---- | C] () -- C:\WINDOWS\System32\vbamgnt5.dll
[2004/01/05 21:18:58 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2004/01/05 19:34:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/01/05 19:07:42 | 000,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/05 17:31:34 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/05 00:39:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPC60.ini
[2004/01/04 22:43:20 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2004/01/04 22:43:20 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2004/01/04 22:43:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2004/01/04 22:43:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/01/04 22:32:37 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\lsasqdv.dll
[2004/01/04 22:18:14 | 000,103,103 | ---- | C] () -- C:\WINDOWS\System32\esenonui.dll
[2004/01/04 14:00:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/04 13:59:55 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\noisshrm.dll
[2004/01/04 13:59:51 | 000,103,475 | ---- | C] () -- C:\WINDOWS\System32\freebteg.dll
[2003/11/03 15:38:02 | 000,007,731 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/08/18 04:00:00 | 000,110,736 | ---- | C] () -- C:\WINDOWS\System32\msv1arp.dll
[2001/08/18 04:00:00 | 000,109,089 | ---- | C] () -- C:\WINDOWS\System32\kbdcela3.dll
[2001/08/18 04:00:00 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\ntshpi32.dll
[2001/08/18 04:00:00 | 000,105,666 | ---- | C] () -- C:\WINDOWS\System32\msexjsel.dll
[2001/08/18 04:00:00 | 000,105,321 | ---- | C] () -- C:\WINDOWS\System32\msh2pgrd.dll
[2001/08/18 04:00:00 | 000,104,363 | ---- | C] () -- C:\WINDOWS\System32\wshoepad.dll
[2001/08/17 14:36:34 | 000,111,008 | ---- | C] () -- C:\WINDOWS\System32\javax11n.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1995/09/15 16:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== LOP Check ==========

[2008/12/14 14:33:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/15 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/03/07 17:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/10/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/03/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2006/01/18 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/06/05 14:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/12 21:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/09 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/11 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Acoustica
[2009/09/11 20:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
[2010/08/02 07:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Cisco
[2006/01/18 19:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Digital Photo Slide Show
[2005/04/14 18:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ICAClient
[2004/01/05 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Leadertech
[2004/05/19 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
[2006/01/20 19:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Netscape
[2008/05/01 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Opera
[2009/11/14 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\QuadToneRIP
[2010/10/10 11:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird
[2004/05/30 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
[2006/01/18 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Ulead Systems
[2010/06/05 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Uniblue

========== Purity Check ==========

< End of report >

second log to follow in separate message.

Jack Fischer

2010-11-19, 06:43

extras log:

OTL Extras logfile created on: 11/18/2010 8:35:34 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 377.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 9.94 Gb Free Space | 26.71% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{0C3831BF-D6CA-43A1-B32D-9A0CCCF9DD9E}" = Tunebite
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{146ED22B-BC11-4017-BBE8-E393848AA92A}" = MUSICMATCH iPod Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37306C0F-1248-4C2E-9B86-E964AAA81101}" = Minolta DiMAGE Scan Dual3 ver 1.0
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{73006B34-9743-4A39-AC37-38EDFCEB6DCE}" = Adobe Product/Adobe Studio Update 10/2001
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6392127-1223-4C7F-BBC8-87CCB449F96C}" = ArcSoft WebCam Companion 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D94B11F6-EDA8-466D-9E0F-5D49DED06FA0}" = ArcSoft Magic-i 3
"{DB978C71-BB58-4F94-AE95-18C119196937}" = ICC Color Profiles
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAE92D24-1E4B-4B3B-894D-622E942939DA}" = Google Desktop Plugin - eBay Watcher
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1
"3DGroove" = 3D Groove Playback Engine
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"Avery Wizard 2.1 MSW10" = Avery® Wizard 2.1 for Microsoft® Word 2002
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0" = Conexant HSF V92 56K Data Fax PCI Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Elf Bowling 3" = Elf Bowling 3 (remove only)
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Ink Monitor" = Ink Monitor
"InstallShield_{B9987754-9A14-4B61-ABB3-73A79503238D}" = iPod for Windows User Guide
"InstallShield_{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}" = iPod System Software Updater 2.0.1
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QTRgui" = QTRgui
"Real Estate Transaction Viewer" = Real Estate Transaction Viewer
"RealPlayer 6.0" = RealPlayer
"REAP LITE" = REAP LITE
"Shockwave" = Shockwave
"Shutterfly Plugin" = Shutterfly Plugin
"Sierra Uninstall" = Sierra On-Line Games (Remove only)
"Silent Package Run-Time Sample" = EPSON PictureMate User's Guide
"StreetPlugin" = Learn2 Player (Uninstall Only)
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2010 6:36:16 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4624687

Error - 10/19/2010 6:36:16 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4624687

Error - 10/19/2010 6:36:19 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/19/2010 6:36:19 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4628078

Error - 10/19/2010 6:36:19 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4628078

Error - 10/19/2010 6:36:21 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/19/2010 6:36:21 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4630031

Error - 10/19/2010 6:36:21 PM | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4630031

Error - 10/24/2010 4:23:09 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3937, faulting
module xul.dll, version 1.9.2.3937, fault address 0x00720448.

Error - 10/24/2010 4:23:18 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3937, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 11/6/2010 12:55:41 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 11/6/2010 12:55:41 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 11/6/2010 3:22:15 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The EPSON V3 Service2(02) service has reported an invalid current
state 0.

Error - 11/6/2010 4:05:34 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The EPSON V3 Service2(02) service has reported an invalid current
state 0.

Error - 11/6/2010 4:09:53 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 11/6/2010 4:09:53 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 11/11/2010 1:47:28 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The MgiSvr service has reported an invalid current state 32.

Error - 11/13/2010 4:44:00 AM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.9 for the Network Card with network
address 00055D371377 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/18/2010 12:14:22 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The EPSON V3 Service2(02) service has reported an invalid current
state 0.

Error - 11/19/2010 12:22:05 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7016
Description = The EPSON V3 Service2(02) service has reported an invalid current
state 0.

< End of report >

What's next?

Best,

jack

Jack&Jill

2010-11-20, 05:17

Hello Jack :),

Is this a business computer?

Validate Windows

Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here. (http://go.microsoft.com/fwlink/?linkid=52012)
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

--------------------

Check for additional security risks

Please download CKScanner© by askey127 and save to your desktop. Click here. (http://downloads.malwareremoval.com/CKScanner.exe)
Double click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.

--------------------

Please download Rootkit Unhooker and save it to your desktop. Click here. (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar )

Extract the file to the desktop using 7-Zip (http://www.7-zip.org/) or a suitable archive utility that handles RAR files.
Double click on RkU3.8.388.590.exe to run the installer and follow the steps accordingly.
Once complete, start Rookit Unhooker by going to Start > All Programs >, then Rookit Unhooker LE and click on RkU.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):

Drivers
Stealth Code
Files
Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the answer to my question about your computer
2. MGADiag result
3. CKScanner log
4. the Rookit Unhooker log

Jack Fischer

2010-11-20, 21:31

Okay, did it all! :D:

It is a home computer, not a business computer. Here is the MGADiag result:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.17.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1078081533-688789844-1801674531</SID><SYSTEM><Manufacturer>Dell Computer Corporation </Manufacturer><Model>DIM4400 </Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20020108000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>14E03EAF0184C06E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57456</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840:Dell Inc|112F5:Dell Inc|112F5:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

And here is CKScanner file. All it generated was this:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

And, last, here is the RKU report. The program wouldn't let me "save report." It was grayed out. But it had a quick report option and this is what it generated. It's way shorter than the full list the program generated:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80570833-->F2F55E96 [Unknown module filename]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x80587A3C-->F2F55E8C [Unknown module filename]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80595316-->F2F55E9B [Unknown module filename]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80592D64-->F2F55EA5 [Unknown module filename]
ntoskrnl.exe-->NtLoadKey, Type: Address change 0x805AEE7B-->F2F55EAA [Unknown module filename]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x805719AC-->F2F55E78 [Unknown module filename]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058E5C4-->F2F55E7D [Unknown module filename]
ntoskrnl.exe-->NtReplaceKey, Type: Address change 0x8064F446-->F2F55EB4 [Unknown module filename]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064EFDD-->F2F55EAF [Unknown module filename]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80572A6E-->F2F55EA0 [Unknown module filename]

What's next? :D:

Thanks and best,

jack

Jack&Jill

2010-11-21, 06:05

Hello Jack :),

The Microsoft Office Professional Edition 2003 on your computer is a non-genuine copy. It was installed with a now blocked Volume Licensing Key (VLK) that was valid and only available to corporations, education entities and government agencies. VLKs are blocked by Microsoft at the request and consent of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, Microsoft may have blocked the key if it notices a pattern of misuse, that is more installations of XP using that key than authorized.
A VL Product Key is non-transferable to individuals.

Please read the fourth post of the Forum Rules (http://forums.spybot.info/showthread.php?t=288) .

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
If there are more such new findings after this, the topic will also be closed.

You may return to the seller to demand for a replacement with a genuine copy or get a full refund. Have a read here (http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en#ID0EKNAC) to see if you qualify for Genuince Office Offer. As an alternative, you can also try OpenOffice (http://www.openoffice.org/).

Jack Fischer

2010-11-22, 02:01

I had no idea that the Office suite was not the real thing. I purchased it several years ago on Ebay and there was nothing in the packaging or anything else that would make anyone suspicious. I'm sure I can no longer find that vendor, so I'm out the software, I guess. I'm download open office and see if it does what I need.

I'm on a different machine now, but I'll take the Microsoft version it off later and let you know. You'll need to tell me how you want to check it so we can proceed.

jack

Jack&Jill

2010-11-22, 14:26

Hello Jack :),

Please run MGADiag again and post back the new results after you have addressed the issue.

Jack Fischer

2010-11-23, 06:29

Okay, Office 2003 removed and here's the diag file:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 55277-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.17.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x800b0003]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x800b0003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1ADDB1BF-7C41-47ED-AE8E-11FA6D83E63A}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1078081533-688789844-1801674531</SID><SYSTEM><Manufacturer>Dell Computer Corporation </Manufacturer><Model>DIM4400 </Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="3"/><Date>20020108000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>14E03EAF0184C06E</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1E840:Dell Inc|112F5:Dell Inc|112F5:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

What's next? I assume we're still in the diagnosing stage. We're still having the redirect problem.

Thanks!

jack

Jack&Jill

2010-11-23, 08:35

Hello Jack :),

What's next? I assume we're still in the diagnosing stage. We're still having the redirect problem. Yes, you are right. I need you to address Office issue before I can continue. Thanks for adhering to our rules.

--------------------

The Rookit Unhooker log that you posted earlier is incomplete due to you saving the Quick Report while it was scanning. Please run it again, read carefully the steps and follow them closely. You may need to wait a bit for the prompt to select disk for scan.

Rerun Rookit Unhooker

Start Rookit Unhooker by going to Start > All Programs >, then Rookit Unhooker LE and click on RkU.
Click the Report tab, then click Scan.
Ensure the following are checked (ticked):

Drivers
Stealth Code
Files
Code Hooks
Uncheck the rest, then click OK. An initial scan will be performed.
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
Save the report somewhere you can find it. Click Close to exit.
Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

Please post back:
1. the Rookit Unhooker log

Jack Fischer

2010-11-25, 10:19

I followed your directions carefully and even let Root kit run all night to be sure it was done, but it would not let me save the report. The save report option was grayed out and I could only use the quick report option, which is what I posted last time. Is it possible that the malware prevents its proper operation? And what next? Do you have advice to save the report?

Thanks!

jack

Jack&Jill

2010-11-25, 11:22

Hello Jack :),

Please try running Rookit Unhooker in Safe Mode. You might want to print out the instructions for the Rookit Unhooker steps.

Restart in Safe Mode

Reboot your computer and tap on the F8 key repeatedly during startup.
A menu will appear. Select to start Windows in Safe Mode by using the arrow keys. Click here for tutorial on how to boot up in Safe Mode if you need help. (http://www.bleepingcomputer.com/forums/index.php?showtutorial=61)

Please post back the result.

Jack Fischer

2010-11-26, 23:57

I think I found the problem I was having with the Rootkit Unhooker software. When it finishes scanning, it switches from the report tab to the tab that is open when you launch the software. And when you're on that tab, you can't generate the report. I switched back to the report tab and was able to save the results. See how this looks:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF76ED000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6245000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 552960 bytes (Conexant Systems, WinACHSF driver)
0xEB2C6000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xEC17D000 C:\WINDOWS\System32\DRIVERS\v124nt.sys 491520 bytes (Conexant Systems, V124NT driver)
0xEB3A8000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6182000 C:\WINDOWS\system32\drivers\smwdm.sys 417792 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEB60A000 C:\WINDOWS\System32\DRIVERS\k56nt.sys 393216 bytes (Conexant Systems, K56NT driver)
0xF5976000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEB48D000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEC26A000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvaa.dll 319488 bytes (ATI Technologies Inc., ATI RAGE 128 WindowsNT Display Driver)
0xF6315000 C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys 299008 bytes (ATI Technologies Inc., ATI RAGE 128 Miniport Driver)
0xEB169000 C:\WINDOWS\System32\DRIVERS\fallback.sys 290816 bytes (Conexant Systems, Fallback driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEBCC3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEC239000 C:\WINDOWS\System32\DRIVERS\faxnt.sys 200704 bytes (Conexant Systems, FaxNT driver)
0xF7820000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEB0B3000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF76C0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEB418000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEB465000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF621F000 C:\WINDOWS\System32\DRIVERS\AmosNt.SYS 155648 bytes (Conexant Systems, AmosNT driver)
0xEB382000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEB98A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF615E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF62DD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEB35F000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF61E8000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEB443000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF77A3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77F0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEB341000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xEB14C000 C:\WINDOWS\System32\DRIVERS\fsksnt.sys 118784 bytes (Conexant Systems, FSKsNT driver)
0xF76A6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF77D8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF777A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5AAD000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEB28B000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xEB2A0000 C:\WINDOWS\System32\Drivers\dump_IdeChnDr.sys 86016 bytes
0xF77C3000 IdeChnDr.sys 86016 bytes (Intel Corporation, Intel Ultra ATA Storage Driver)
0xEB1FE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF620B000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6301000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEB4E6000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7791000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF62CC000 C:\WINDOWS\System32\DRIVERS\basic2.sys 69632 bytes (Conexant Systems, NTRksample driver)
0xEBB16000 C:\WINDOWS\System32\Drivers\EPLPDX02.SYS 69632 bytes (MK Systems CO., LTD., LPT I/O driver for EPSON PRINTER)
0xF780F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5A9C000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEB2B5000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF7A2F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF799F000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF78CF000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7A0F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xEEBD6000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7A4F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A3F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF79EF000 C:\WINDOWS\System32\DRIVERS\rksample.sys 61440 bytes (Conexant Systems, Rksample WDM driver)
0xF427C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEF51F000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF42AC000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF78DF000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF78AF000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF79FF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A6F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7A5F000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xEB535000 C:\WINDOWS\System32\DRIVERS\tonesnt.sys 53248 bytes (Conexant Systems, TonesNT driver)
0xF788F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xEF50F000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF6858000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78EF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xEEBF6000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7A1F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF787F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6868000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6828000 C:\WINDOWS\system32\DRIVERS\rrnetcap.sys 45056 bytes (RapidSolution Software AG, Intermediate Filter Driver)
0xF78BF000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xF79DF000 C:\WINDOWS\System32\DRIVERS\SOAR.SYS 45056 bytes (Conexant Systems, Soar driver)
0xF786F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF42CC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xEB5A2000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF6838000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF789F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEF52F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6848000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEF29C000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEB741000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF79CF000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xEEBE6000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7C57000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xEF94D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEF1CF000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7C4F000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7C77000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xEF602000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xEF5FA000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xEF5F2000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 28672 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF7AFF000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xF7AEF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEF1D7000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7B07000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7C6F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7C67000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7C5F000 C:\WINDOWS\System32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xEF1DF000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7B0F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEF95D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xEF96D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xEF955000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AF7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7B7F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B87000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7B77000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7C47000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xEF5EA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF765E000 C:\WINDOWS\system32\DRIVERS\ArcSoftVirtualCapture.sys 16384 bytes (ArcSoft, Inc., ArcSoft Magic-i Driver)
0xF7C83000 IdeBusDr.sys 16384 bytes (Intel Corporation, Intel Ultra ATA Storage Driver)
0xF7D0F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF5A8C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF3723000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF766A000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7662000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C7F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEFCE4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEF37B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF766E000 C:\WINDOWS\System32\DRIVERS\IPFilter.sys 12288 bytes (Microsoft Corporation, Microsoft IntelliPoint)
0xEF377000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6C97000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF373F000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF3737000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xEB757000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7D81000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D7F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D73000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D6F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D83000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DBF000 C:\WINDOWS\System32\DRIVERS\msikbd2k.sys 8192 bytes (Netropa Corporation, Multimedia Keyboard Driver for Windows 2000)
0xF7DFB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D85000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7DDF000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7DC1000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D71000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F10000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xEE623000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEEA41000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7F0E000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)

Jack Fischer

2010-11-27, 03:14

Here's another, more recent, that I just ran. It seems longer, so I'd study this one. --jack

First half:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF76ED000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6245000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 552960 bytes (Conexant Systems, WinACHSF driver)
0xEB2C6000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xEC17D000 C:\WINDOWS\System32\DRIVERS\v124nt.sys 491520 bytes (Conexant Systems, V124NT driver)
0xEB3A8000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6182000 C:\WINDOWS\system32\drivers\smwdm.sys 417792 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEB60A000 C:\WINDOWS\System32\DRIVERS\k56nt.sys 393216 bytes (Conexant Systems, K56NT driver)
0xF5976000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEB48D000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEC26A000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvaa.dll 319488 bytes (ATI Technologies Inc., ATI RAGE 128 WindowsNT Display Driver)
0xF6315000 C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys 299008 bytes (ATI Technologies Inc., ATI RAGE 128 Miniport Driver)
0xEB169000 C:\WINDOWS\System32\DRIVERS\fallback.sys 290816 bytes (Conexant Systems, Fallback driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEBCC3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEC239000 C:\WINDOWS\System32\DRIVERS\faxnt.sys 200704 bytes (Conexant Systems, FaxNT driver)
0xF7820000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEB0B3000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF76C0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEB418000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEB465000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF621F000 C:\WINDOWS\System32\DRIVERS\AmosNt.SYS 155648 bytes (Conexant Systems, AmosNT driver)
0xEB382000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEB98A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF615E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF62DD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEB35F000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF61E8000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEB443000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF77A3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77F0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEB341000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xEB14C000 C:\WINDOWS\System32\DRIVERS\fsksnt.sys 118784 bytes (Conexant Systems, FSKsNT driver)
0xF76A6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF77D8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF777A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5AAD000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEB28B000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xEB2A0000 C:\WINDOWS\System32\Drivers\dump_IdeChnDr.sys 86016 bytes
0xF77C3000 IdeChnDr.sys 86016 bytes (Intel Corporation, Intel Ultra ATA Storage Driver)
0xEB1FE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF620B000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6301000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEB4E6000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7791000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF62CC000 C:\WINDOWS\System32\DRIVERS\basic2.sys 69632 bytes (Conexant Systems, NTRksample driver)
0xEBB16000 C:\WINDOWS\System32\Drivers\EPLPDX02.SYS 69632 bytes (MK Systems CO., LTD., LPT I/O driver for EPSON PRINTER)
0xF780F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5A9C000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEB2B5000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF7A2F000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF799F000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF78CF000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7A0F000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xEEBD6000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7A4F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A3F000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF79EF000 C:\WINDOWS\System32\DRIVERS\rksample.sys 61440 bytes (Conexant Systems, Rksample WDM driver)
0xF427C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEF51F000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF42AC000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF78DF000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF78AF000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF79FF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A6F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7A5F000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xEB535000 C:\WINDOWS\System32\DRIVERS\tonesnt.sys 53248 bytes (Conexant Systems, TonesNT driver)
0xF788F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xEF50F000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF6858000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78EF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xEEBF6000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7A1F000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF787F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6868000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF6828000 C:\WINDOWS\system32\DRIVERS\rrnetcap.sys 45056 bytes (RapidSolution Software AG, Intermediate Filter Driver)
0xF78BF000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xF79DF000 C:\WINDOWS\System32\DRIVERS\SOAR.SYS 45056 bytes (Conexant Systems, Soar driver)
0xF786F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF42CC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xEB5A2000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF6838000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF789F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEF52F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6848000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEF29C000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEB741000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF79CF000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xEEBE6000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7C57000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xEF94D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEF1CF000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7C4F000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7C77000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xEF602000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xEF5FA000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xEF5F2000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 28672 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xF7AFF000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xF7AEF000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xEF1D7000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7B07000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7C6F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7C67000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7C5F000 C:\WINDOWS\System32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xEF1DF000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7B0F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEF95D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xEF96D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xEF955000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AF7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7B7F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B87000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7B77000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7C47000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xEF5EA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF765E000 C:\WINDOWS\system32\DRIVERS\ArcSoftVirtualCapture.sys 16384 bytes (ArcSoft, Inc., ArcSoft Magic-i Driver)
0xF7C83000 IdeBusDr.sys 16384 bytes (Intel Corporation, Intel Ultra ATA Storage Driver)
0xF7D0F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF5A8C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF3723000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF766A000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7662000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C7F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEFCE4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEF37B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF766E000 C:\WINDOWS\System32\DRIVERS\IPFilter.sys 12288 bytes (Microsoft Corporation, Microsoft IntelliPoint)
0xEF377000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6C97000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF373F000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF3737000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xEB757000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7D81000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D7F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D73000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D6F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D83000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DBF000 C:\WINDOWS\System32\DRIVERS\msikbd2k.sys 8192 bytes (Netropa Corporation, Multimedia Keyboard Driver for Windows 2000)
0xF7DFB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D85000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7DDF000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7DC1000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D71000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F10000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xEE623000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEEA41000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7F0E000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Config.Msi
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat(2)
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Adobe\Updater6
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL Downloads\updateni_setup90
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL\AOL Spyware Protection
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL\OptScan
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\toaster\aol.activeupdate
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\toaster\aol.aspApp
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 3.525.26.13
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.1.1.13
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\Apple Mobile Device Support 2.1.2.7
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\AppleApplicationSupport 1.1.0
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\ArcSoft
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\CanonBJ
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Citrix
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Google
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Google Updater
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\GTek
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\10696
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Cache\Qps
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\0647a1f9a55c283c5bf2cbdd01f1
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\WIA
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\MSN6
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\03-20-2009-19h40m32s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\03-20-2009-19h40m40s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\03-20-2009-19h40m47s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\03-21-2009-09h45m48s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\08-19-2009-07h59m28s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\08-19-2009-07h59m31s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\08-19-2009-07h59m33s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\08-20-2009-08h30m07s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\11-10-2008-17h29m09s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\11-10-2008-17h29m11s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\11-10-2008-17h29m19s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-10-2008-20h46m10s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-08h15m58s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-08h16m33s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h01m21s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h01m39s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h01m47s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h04m17s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h04m26s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\NortonInstaller\Logs\12-14-2008-09h04m32s
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\00000082
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Pure Networks
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\RapidSolution\Tunebite_2009\EncodingBackend
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\RapidSolution\Tunebite_2009\StandardProfiles\Restrictions
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\RapidSolution\Tunebite_2009\UserProfiles
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sun
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}\x86
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86
!-->[Hidden] C:\Documents and Settings\All Users\Documents\D-Link docs
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\My Playlists
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists
!-->[Hidden] C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists
!-->[Hidden] C:\Documents and Settings\All Users\DRM\Cache
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Studio
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\AOL Instant Messenger
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Magic-i 3
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft WebCam Companion 2
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Avery Products
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Avira
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP1800 series
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Chessmaster 9000
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\FreshDevices
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Google Updater
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\iPod
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\NStorm
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Real Estate Transaction Viewer
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Safari
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Shutterfly
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\ubi.com
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
!-->[Hidden] C:\Documents and Settings\BB443B11-7D12-450c-9F85-2D32804655F9
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\.limewire\themes\classic_theme
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\AdobeAUM
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\7.0\Collab
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\7.0\JavaScripts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\7.0\Preferences
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\7.0\Updater
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Acrobat\9.0\JavaScripts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\CameraRaw
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Color
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\ESD
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\FileBrowser
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\ImageReady
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Photoshop Album\3.0\browserCache
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Photoshop Album\3.0\OLS\sessions
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Photoshop\7.0\Adobe Photoshop 7.0 Settings
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Photoshop\9.0\Adobe Photoshop CS2 Settings\WorkSpaces
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Plugins
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Updater
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Adobe\Workflow
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\AOL
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Apple Computer\QuickTime
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ArcSoft\ArcSoft Magic-i
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ArcSoft\ArcSoft Registration
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ArcSoft\ArcSoft WebCam Companion
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ArcSoft\log
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Google
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\GTek
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Lavasoft
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\a.blip.tv\scripts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\a.espncdn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\aa.online-metrix.net
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\admin.brightcove.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\adsatt.espn.go.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.espn.go.com\espntv\2009\ESPNGuideLoader_10.swf
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.espn.go.com\espnvideo\mpf32\prod\r_3_2_0_10\ESPN_Player.swf
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.espn.go.com\espnvideo\mpf32\prod\r_3_2_0_12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.espn.go.com\espnvideo\mpf32\prod\r_3_2_0_13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\assets.newsinc.com\[[IMPORT]]
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cache.vindicosuite.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn-akm.vmixcore.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn-video.adconion.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn.abclocal.go.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn.gourmandia.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\cdn2.telemetryverification.net
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\d1.scribdassets.com\ScribdViewer.swf
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\galleries.payserve.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\grfx.cstv.com\#gametracker
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\grfx.cstv.com\flash
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\grfx.cstv.com\[[IMPORT]]
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\i.cdn.turner.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\images.ibsys.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\img.widgets.video.s-msn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\kiks.yandex.ru
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\media1.break.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\msnbcmedia.msn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\pfiles.5min.com\FlexPlayers\SmartPlayer_141.swf
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\player.cdn.targetspot.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\pvs.gotuit.com\4.2
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\pvs.gotuit.com\turner_si
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\secure.harryreid.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\static.awempire.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\static.foxsports.com\content\fscom\flash\2010\09\23
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\webdata2.vidz.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.analyticnet.info\analytics
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.blogtalkradio.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.caforward.org
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.directorslive.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.mevio.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.pornkeeper.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.stormmedia.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\#SharedObjects\LLNPYYPQ\www.theonion.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a.espncdn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#aa.online-metrix.net
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#admin.brightcove.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adsatt.espn.go.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.newsinc.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.vindicosuite.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn-video.adconion.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.abclocal.go.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.gourmandia.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn2.telemetryverification.net
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d1.scribdassets.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#galleries.payserve.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#grfx.cstv.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i.cdn.turner.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images-na.ssl-images-amazon.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.ibsys.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.widgets.video.s-msn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#kiks.yandex.ru
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mauthstudios.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.break.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.clubpenguin.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#msnbcmedia.msn.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#my.screenname.aol.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.cdn.targetspot.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pvs.gotuit.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secure.harryreid.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.awempire.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#webdata2.vidz.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.am600kogo.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.analyticnet.info
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.blogtalkradio.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.caforward.org
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.directorslive.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.getscorecash.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mevio.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.pornkeeper.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.stormmedia.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Macromedia\Shockwave Player
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Clip Organizer
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\CLR Security Config\v2.0.50727.42
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Excel
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Forms
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Media Player
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Office\Actors
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Speech\Files\UserLexicons
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Microsoft\Templates\Avery
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Move Networks\QMCache00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Move Networks\temp
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\MozillaControl\profiles\MozillaControl\6yqfsoyv.slt
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\MSN6
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\Msg
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\RealOne Player\DRM
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\RealOne Player\ErrorLogs
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\RealOne Player\library
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Real\RealOne Player\skins\data
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Skype\Content
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Skype\jack.fischer321\chatsync\c8
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\jre1.6.0_11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\jre1.6.0_14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Talkback
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird\Profiles\dbgu6lan.default\extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}\chrome
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird\Profiles\dbgu6lan.default\extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}\defaults
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird\Profiles\dbgu6lan.default\Mail\Local Folders\Piezography.sbd
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird\Profiles\dbgu6lan.default\minidumps
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\vlc
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Application Data\You've Got Pictures Screensaver\PictureDir
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\antique bottle
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\AOL Saved PFC
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\Downloads
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\image0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\Unused Desktop Shortcuts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Desktop\Win32
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Favorites\Adobe Studio
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Favorites\Microsoft Websites
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Favorites\Real Estate
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Acrobat\7.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Acrobat\9.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Fonts
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Reader 9.1
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\TypeSpt
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Adobe\Updater6
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\08
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\01\14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\01
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\03
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\02\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\08
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\03\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\01
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\03
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\01
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\02
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\08
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\09
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\05\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\06\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\07
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\09
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\07\13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\03
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\07
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\08\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\07
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\09\14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\05
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\08
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\10\14
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\02
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\03
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\06
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\14\13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\04
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\11
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Apple Computer\QuickTime\downloads\15\13
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\ArcSoft
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Citrix
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Google\Google Desktop\b277f1ec2a0f\icons
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Google\Google Desktop\b277f1ec2a0f\safeweb
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Graboid
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Graboid_Inc
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Learn2.com
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Feeds
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Feeds Cache
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Internet Explorer\Services
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Media Player
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\OFFICE\12.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Silverlight
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Windows Live OneCare safety scanner\BackUp
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Windows Media\10.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Microsoft\Windows Media\11.0
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\Cache\FCCC8CF8d01
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\RapidSolution\Tunebite_2009\Log\EncodingBackend
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\RapidSolution\Tunebite_2009\Log\EncodingProfiles
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\WMTools Downloaded Files
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\History\History.IE5\MSHist012010110120101108
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\183.tmp
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\7.dir
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\A.dir
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\MFPrint_PCL5c_3812
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-10
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-12
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-15
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-20
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-21
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-22
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-23
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-24
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\plugtmp-9
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\WER08d2.dir00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\WER0c1f.dir00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\WER2e2f.dir00
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Local Settings\Temp\~nsu.tmp
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My

Jack Fischer

2010-11-27, 03:15

Second half:

Documents\AdobeStockPhotos
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Art
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\BirthdayCandlesMain
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Chessmaster 9000
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\download
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\filelib
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\My Downloads
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\My Google Gadgets
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\My Pictures\Adobe
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\sculpture
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Updater
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\vim
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\WebCam Albums
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\WebCam Media
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1986
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1987
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1988
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1989
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1990
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1991
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1992
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1993
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1994
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1995
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1996
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1997
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1998
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\1999
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2000
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2001
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2002
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2003
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2004
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2005
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\2006
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\All Mercury News stories\Jack
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\Books
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\Mailing labels
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\Paul estate business
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\My Documents\Words\Rental properties
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\NetHood\c on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\NetHood\My Documents on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\NetHood\SharedDocs on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\PrivacIE
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\c on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\john's docs on 1.7 GHz Celeron, 256 MB DDR, 60GB (Johns)
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\My Documents on Dell
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\temp on 1.7 GHz Celeron, 256 MB DDR, 60GB (Johns)
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Recent\temp on 1.7 GHz Celeron, 256 MB DDR, 60GB (Johns) (2)
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Start Menu\Programs\Accessories\System Tools
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Start Menu\Programs\Jack
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Start Menu\Programs\QuadToneRIP
!-->[Hidden] C:\Documents and Settings\Joycellen Floyd\Start Menu\Programs\REAP LITE
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Microsoft\HTML Help
!-->[Hidden] C:\Documents and Settings\LocalService\Application Data\Symantec
!-->[Hidden] C:\Documents and Settings\LocalService\Desktop
!-->[Hidden] C:\Documents and Settings\LocalService\IETldCache
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
!-->[Hidden] C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\LocalService\My Documents
!-->[Hidden] C:\Documents and Settings\NetworkService\IETldCache
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Silverlight
!-->[Hidden] C:\epson
!-->[Hidden] C:\Graphs
!-->[Hidden] C:\hegames
!-->[Hidden] C:\My Downloads\grc
!-->[Hidden] C:\Netgear
!-->[Hidden] C:\Program Files\3DGroove
!-->[Hidden] C:\Program Files\Actiontec
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\ActiveX
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Esl
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Help
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Reader
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Resource
!-->[Hidden] C:\Program Files\Adobe\Acrobat 7.0\Update
!-->[Hidden] C:\Program Files\Adobe\Adobe Stock Photos\Help
!-->[Hidden] C:\Program Files\Adobe\Adobe Stock Photos\Resources\da_DK
!-->[Hidden] C:\Program Files\Adobe\Adobe Studio
!-->[Hidden] C:\Program Files\Adobe\Photoshop 7.0
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Browser
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\IDTemplates
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Javascripts
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Legal
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Optional
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\AcroForm
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annotations
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Reader\Tracker
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Resource\CMap
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Resource\Font
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Resource\SaslPrep
!-->[Hidden] C:\Program Files\Adobe\Reader 9.0\Resource\TypeSupport
!-->[Hidden] C:\Program Files\AIM
!-->[Hidden] C:\Program Files\Amazon
!-->[Hidden] C:\Program Files\Apple Software Update\plugins
!-->[Hidden] C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources
!-->[Hidden] C:\Program Files\ArcSoft\Magic-i 3
!-->[Hidden] C:\Program Files\Audible\Bin\HTML
!-->[Hidden] C:\Program Files\Avery Wizard
!-->[Hidden] C:\Program Files\Avira\AntiVir Desktop\EVENTDB
!-->[Hidden] C:\Program Files\Avira\AntiVir Desktop\FAILSAFE
!-->[Hidden] C:\Program Files\CanonBJ
!-->[Hidden] C:\Program Files\CASIO
!-->[Hidden] C:\Program Files\Citrix\GoToAssist
!-->[Hidden] C:\Program Files\Citrix\icaweb32
!-->[Hidden] C:\Program Files\Common Files\Adobe\Calibration
!-->[Hidden] C:\Program Files\Common Files\Adobe\Color\Profiles
!-->[Hidden] C:\Program Files\Common Files\Adobe\Color\Settings
!-->[Hidden] C:\Program Files\Common Files\Adobe\Fonts
!-->[Hidden] C:\Program Files\Common Files\Adobe\Legal
!-->[Hidden] C:\Program Files\Common Files\Adobe\PDFL
!-->[Hidden] C:\Program Files\Common Files\Adobe\TypeSpt\Unicode
!-->[Hidden] C:\Program Files\Common Files\Adobe\Updater6
!-->[Hidden] C:\Program Files\Common Files\Adobe\Web
!-->[Hidden] C:\Program Files\Common Files\Adobe\Workflow
!-->[Hidden] C:\Program Files\Common Files\AOL\AOL Spyware Protection
!-->[Hidden] C:\Program Files\Common Files\AOL\Screensaver
!-->[Hidden] C:\Program Files\Common Files\AOL\System Information
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServicesUI.resources
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Bookmarks.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\de.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\es.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Calendars.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\de.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\es.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Contacts.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\de.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\es.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\MailAccounts.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\de.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\es.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\fr.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\it.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\ja.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\nb.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\nl.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Schemas\Notes.syncschema\Contents\Resources\pt.lproj
!-->[Hidden] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources
!-->[Hidden] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\doc
!-->[Hidden] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\UI
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Driver\9
!-->[Hidden] C:\Program Files\Common Files\InstallShield\Professional
!-->[Hidden] C:\Program Files\Common Files\Java
!-->[Hidden] C:\Program Files\Common Files\Logitech
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1025
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1028
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1031
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1036
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1040
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1041
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\1042
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\2052
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\DW\3082
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\OFFICE12
!-->[Hidden] C:\Program Files\Common Files\Microsoft Shared\VC
!-->[Hidden] C:\Program Files\Common Files\Nullsoft\ActiveX\2.0
!-->[Hidden] C:\Program Files\Common Files\PC Tools
!-->[Hidden] C:\Program Files\Common Files\PocketSoft
!-->[Hidden] C:\Program Files\Common Files\Real\GToolbar
!-->[Hidden] C:\Program Files\Common Files\xing shared
!-->[Hidden] C:\Program Files\CONEXANT
!-->[Hidden] C:\Program Files\DivX
!-->[Hidden] C:\Program Files\DS_Dual3\EasyScan\Progress
!-->[Hidden] C:\Program Files\DS_Dual3\Prefs\Calibration
!-->[Hidden] C:\Program Files\DS_Dual3\Prefs\EasyScan
!-->[Hidden] C:\Program Files\DS_Dual3\Prefs\standard
!-->[Hidden] C:\Program Files\EPSON Software
!-->[Hidden] C:\Program Files\EPSON\EPSON CardMonitor
!-->[Hidden] C:\Program Files\EPSON\EPSON PictureMate
!-->[Hidden] C:\Program Files\EPSON\guide
!-->[Hidden] C:\Program Files\EPSON\PrinterDriverTemp\PMATE
!-->[Hidden] C:\Program Files\EPSON\PrinterDriverTemp\SC60
!-->[Hidden] C:\Program Files\EPSON\PrinterDriverTemp\SP1280
!-->[Hidden] C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\FreshDevices
!-->[Hidden] C:\Program Files\GameSpy Arcade
!-->[Hidden] C:\Program Files\Google\Chrome
!-->[Hidden] C:\Program Files\Google\Common
!-->[Hidden] C:\Program Files\Google\CrashReports
!-->[Hidden] C:\Program Files\Google\Google Desktop Search
!-->[Hidden] C:\Program Files\Google\Google Toolbar
!-->[Hidden] C:\Program Files\Google\Google Updater
!-->[Hidden] C:\Program Files\Google\GoogleToolbarNotifier
!-->[Hidden] C:\Program Files\Google\Update
!-->[Hidden] C:\Program Files\Griffin Technology
!-->[Hidden] C:\Program Files\HarvEX
!-->[Hidden] C:\Program Files\Hewlett-Packard
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{146ED22B-BC11-4017-BBE8-E393848AA92A}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{3CB41017-F5CA-4C56-934C-ED02156251E6}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{B9987754-9A14-4B61-ABB3-73A79503238D}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{D94B11F6-EDA8-466D-9E0F-5D49DED06FA0}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{DB978C71-BB58-4F94-AE95-18C119196937}
!-->[Hidden] C:\Program Files\InstallShield Installation Information\{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}
!-->[Hidden] C:\Program Files\Internet Explorer\en-US
!-->[Hidden] C:\Program Files\iPod\iPod for Windows User guide
!-->[Hidden] C:\Program Files\iPod\Updater_2.0.1
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\fi.lproj\WelcomeWindow.nib
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\fr.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\it.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\ja.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\ko.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\nb.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\nl.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\pl.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\pt.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\ru.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\sv.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\iTunes\iTunesHelper.Resources
!-->[Hidden] C:\Program Files\iTunes\iTunesMiniPlayer.Resources
!-->[Hidden] C:\Program Files\iTunes\Mozilla Plugins
!-->[Hidden] C:\Program Files\KODAK
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\InitData
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Joycellen Floyd\Data\57b6\a9a3e36
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Joycellen Floyd\Data\57b6\a9a3e54
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Joycellen Floyd\Data\57b6\a9a3ef0
!-->[Hidden] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Joycellen Floyd\Data\57b6\a9a3f17
!-->[Hidden] C:\Program Files\Microsoft Games
!-->[Hidden] C:\Program Files\Microsoft Office\Office12
!-->[Hidden] C:\Program Files\Microsoft Silverlight
!-->[Hidden] C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\Mozilla Firefox\dictionaries
!-->[Hidden] C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome
!-->[Hidden] C:\Program Files\Mozilla Firefox\modules
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\dictionaries
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\isp
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\modules
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\res\fonts
!-->[Hidden] C:\Program Files\Mozilla Thunderbird\res\html
!-->[Hidden] C:\Program Files\MSECache
!-->[Hidden] C:\Program Files\MsnMusic
!-->[Hidden] C:\Program Files\MSN\MSNCoreFiles\install
!-->[Hidden] C:\Program Files\MSN\MSNCoreFiles\oobe
!-->[Hidden] C:\Program Files\MSXML 4.0
!-->[Hidden] C:\Program Files\MusicMatch\MusicMatch Jukebox\CDArt
!-->[Hidden] C:\Program Files\MusicMatch\MusicMatch Jukebox\Plugins\Portables\Apple_2
!-->[Hidden] C:\Program Files\MusicMatch\MusicMatch Jukebox\Skins\Apple iPod
!-->[Hidden] C:\Program Files\MusicMatch\MusicMatch Jukebox\Skins\Phoenix
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB.tmp
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB\Images
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB\sonic
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB\WMFDist9_5
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\MMJB_\partitions
!-->[Hidden] C:\Program Files\MusicMatch\MUSICMATCH Update\UPSELL\.castanet
!-->[Hidden] C:\Program Files\Nstorm
!-->[Hidden] C:\Program Files\PixiePack Codec Pack
!-->[Hidden] C:\Program Files\PopCap Games
!-->[Hidden] C:\Program Files\Pure Networks
!-->[Hidden] C:\Program Files\QuadToneRIP\icc
!-->[Hidden] C:\Program Files\QuadToneRIP\Profiles
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9500-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9600
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9600-K7
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad980
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9800
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9800-K7
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\Quad9880
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadEX
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR1800
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR1800-3MK
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR1800-K7
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR200-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR200-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR220-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR220-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR2400
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR2400-K7
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR260
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR260-MIS
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR280
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR280-MIS
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR300-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR300-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR320-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR320-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR340-GQ
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR340-K6
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR380
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR380-MIS
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR800
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR800-3MK
!-->[Hidden] C:\Program Files\QuadToneRIP\QuadTone\QuadR800-K7
!-->[Hidden] C:\Program Files\QuickTime\Plugins
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVR.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources
!-->[Hidden] C:\Program Files\QuickTime\QTSystem\QuickTimeWebHelper.Resources
!-->[Hidden] C:\Program Files\Real\RealPlayer\cache_db
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Formats
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GetMedia
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\GPFeat
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Help
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\howto
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\keywords
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\library
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Login
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\mstore
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\musicguide
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\prefs
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\Radio
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\search
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\sendlink
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\web
!-->[Hidden] C:\Program Files\Real\RealPlayer\DataCache\webresources
!-->[Hidden] C:\Program Files\Real\RealPlayer\Firstrun
!-->[Hidden] C:\Program Files\Real\RealPlayer\Producer
!-->[Hidden] C:\Program Files\REAPLITE
!-->[Hidden] C:\Program Files\Safari\PubSub.resources\Framework\pt.lproj
!-->[Hidden] C:\Program Files\Safari\PubSub.resources\pt.lproj
!-->[Hidden] C:\Program Files\Safari\Safari.resources\BookmarkChooser
!-->[Hidden] C:\Program Files\Safari\Safari.resources\Help\pt.lproj
!-->[Hidden] C:\Program Files\SDHelper (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\Shutterfly
!-->[Hidden] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
!-->[Hidden] C:\Program Files\THQ
!-->[Hidden] C:\Program Files\Transaction Viewer
!-->[Hidden] C:\Program Files\TryMedia
!-->[Hidden] C:\Program Files\ubi.com
!-->[Hidden] C:\Program Files\Uninstall Information\mupdate
!-->[Hidden] C:\Program Files\Windows Live Safety Center
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Player\Installer
!-->[Hidden] C:\Program Files\Windows Media Player\Network Sharing
!-->[Hidden] C:\Program Files\WinZip
!-->[Hidden] C:\SIERRA
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1616\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1619\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1620\snapshot
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1621
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1622
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1623
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1624
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1625
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1626
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1627\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1635
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1637
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1641
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1642\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1643
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1645
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1646
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1647\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1648
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1653
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1656
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1657\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1658
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1662
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1665\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1666
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1667
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1668
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1669
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1670
!-->[Hidden] C:\System Volume Information\_restore{34009F4D-3D27-46D3-B070-BF2BE740FDE8}\RP1671
!-->[Hidden] C:\WINDOWS\$hf_mig$
!-->[Hidden] C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2121546$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2141007$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2158563$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2229593$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2259922$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2279986$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2296011$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2345886$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2347290$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2378111_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB2387149$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB826942$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB828028$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB833987$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB839645$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB840315$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB840374$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB840987$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB841356$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB841533$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB841873$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB842773$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB873333_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB873339_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB873376$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB885492$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB885835_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB885836_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB888113_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB888302_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB890046_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB890859_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB891781_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB893066_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB893086_0$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB893756_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896358_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896422_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896423_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896426$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB896727-IE6SP1-20050719.165959$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB897715-OE6SP1-20050503.210336$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB898461$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB899587_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB899588_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB899591_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB900485$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB901214_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB904942$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB908531$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB911562$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB911567$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB912812$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB913580$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914388$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB914440$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB915865$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB916595$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917159$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB917422$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB918118$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB918899$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920213$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920214$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920670$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB920683$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921398$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921503$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB921883$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922616$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB922760$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923561$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB923980$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924270$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB924667$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926239$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB926436$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927779$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB927802$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928090$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928255$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB928843$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929123$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB929969$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB930916$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB931768$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB931836$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933360$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933566$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB933729$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB935839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB935840$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936021$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936357$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB936782_WMP11$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB937143$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938127$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938828$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB938829$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB939653$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB939683$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941568$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941569$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB941693$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942615$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942763$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB942840$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943055$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943460$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB943485$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB944338$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB944533$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB944653$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB945553$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946026$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB946648_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB947864$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948590$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB948881$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950749$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950759$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950759_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950762$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950762_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950974$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB950974_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951066_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951072-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951376-v2_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951698_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951748$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB951978$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952004$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952069_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952287_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB952954_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953838$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953838_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB953839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954211_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954459$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB954600$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955069$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB955839$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956390$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956391$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956572$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956744$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956803$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956803_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB956841$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957095$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957095_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB957097$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958215$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958644$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB958644_0$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB959426$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960225$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960714$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960803$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB960859$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961118$\spuninst
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961373$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB961501$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB963027$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB968537$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970238$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB970653-v3$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971557$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971633$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB971657$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973346$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973354$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973507$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973540_WM9$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973815$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB973869$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB975558_WM8$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB979687$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB981322$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982132$
!-->[Hidden] C:\WINDOWS\$NtUninstallKB982802$
!-->[Hidden] C:\WINDOWS\$NtUninstallMSCompPackV1$
!-->[Hidden] C:\WINDOWS\$NtUninstallQ327979$
!-->[Hidden] C:\WINDOWS\$NtUninstallWdf01005$
!-->[Hidden] C:\WINDOWS\$NtUninstallWMFDist11$
!-->[Hidden] C:\WINDOWS\$NtUninstallwmp11$
!-->[Hidden] C:\WINDOWS\$NtUninstallWudf01000$
!-->[Hidden] C:\WINDOWS\.file_store_32
!-->[Hidden] C:\WINDOWS\.jagex_cache_32
!-->[Hidden] C:\WINDOWS\assembly
!-->[Hidden] C:\WINDOWS\Debug\Setup
!-->[Hidden] C:\WINDOWS\Debug\WPD
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{4C797164-EDB9-458E-B3BA-3E7790D30CF5}
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{8A232810-B5F1-48DD-A63D-B439D7680D94}
!-->[Hidden] C:\WINDOWS\Downloaded Installations\{918E420F-2FF7-4EB4-A5C3-B02DA887D83F}
!-->[Hidden] C:\WINDOWS\EPSON CardMonitor Essential
!-->[Hidden] C:\WINDOWS\ie8
!-->[Hidden] C:\WINDOWS\ie8updates
!-->[Hidden] C:\WINDOWS\inf\IEM
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
!-->[Hidden] C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3
!-->[Hidden] C:\WINDOWS\Installer\tsclientmsitrans
!-->[Hidden] C:\WINDOWS\Installer\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
!-->[Hidden] C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
!-->[Hidden] C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
!-->[Hidden] C:\WINDOWS\Installer\{8DC42D05-680B-41B0-8878-6C14D24602DB}
!-->[Hidden] C:\WINDOWS\Installer\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
!-->[Hidden] C:\WINDOWS\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
!-->[Hidden] C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}
!-->[Hidden] C:\WINDOWS\Installer\{B9987754-9A14-4B61-ABB3-73A79503238D}
!-->[Hidden] C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}
!-->[Hidden] C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
!-->[Hidden] C:\WINDOWS\Installer\{E7004147-2CCA-431C-AA05-2AB166B9785D}
!-->[Hidden] C:\WINDOWS\Installer\{EAC1077D-EB12-4515-B8B1-2E55AA026D3E}
!-->[Hidden] C:\WINDOWS\Installer\{EAE92D24-1E4B-4B3B-894D-622E942939DA}
!-->[Hidden] C:\WINDOWS\Installer\{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
!-->[Hidden] C:\WINDOWS\Installer\{F958CA02-BB40-4007-894B-258729456EE4}
!-->[Hidden] C:\WINDOWS\Installer\{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4}
!-->[Hidden] C:\WINDOWS\l2schemas
!-->[Hidden] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
!-->[Hidden] C:\WINDOWS\Minidump
!-->[Hidden] C:\WINDOWS\network diagnostic
!-->[Hidden] C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps
!-->[Hidden] C:\WINDOWS\PCHEALTH\HELPCTR\Config\News
!-->[Hidden] C:\WINDOWS\Performance\WinSAT
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CAC24AF7-5447-4F19-9FA6-F6E6E69D395E}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}
!-->[Hidden] C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$
!-->[Hidden] C:\WINDOWS\ServicePackFiles\ServicePackCache
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\AuthCabs\Redir
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\398f0c45cd46f045925de8cfce3ac8c4
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\8a4341850daecfe5fcade73622025bbf
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\94076d2dfaa176bbb2083a92af29814c
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\backup
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\sp1qfe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\sp2gdr
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\sp2qfe
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\update
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\d0cba3879be069dcb3baf4851afcf42d
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\Download\f393f65782d41e425cfd1141aa65e1b5
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D
!-->[Hidden] C:\WINDOWS\Sun
!-->[Hidden] C:\WINDOWS\SxsCaPendDel
!-->[Hidden] C:\WINDOWS\system32\bits
!-->[Hidden] C:\WINDOWS\system32\CanonIJ Uninstaller Information
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache
!-->[Hidden] C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
!-->[Hidden] C:\WINDOWS\system32\drivers\UMDF
!-->[Hidden] C:\WINDOWS\system32\DRVSTORE
!-->[Hidden] C:\WINDOWS\system32\en
!-->[Hidden] C:\WINDOWS\system32\en-US
!-->[Hidden] C:\WINDOWS\system32\LogFiles\WUDF
!-->[Hidden] C:\WINDOWS\system32\Macromed
!-->[Hidden] C:\WINDOWS\system32\Microsoft\Crypto
!-->[Hidden] C:\WINDOWS\system32\PreInstall
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0004
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0005
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0006
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0007
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0008
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0009
!-->[Hidden] C:\WINDOWS\system32\ReinstallBackups\0010
!-->[Hidden] C:\WINDOWS\system32\Resource
!-->[Hidden] C:\WINDOWS\system32\scripting
!-->[Hidden] C:\WINDOWS\system32\SoftwareDistribution
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\canonip1800_series47d4
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\epsonpicturemateda58
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_1243d9
!-->[Hidden] C:\WINDOWS\system32\spool\drivers\WIN40
!-->[Hidden] C:\WINDOWS\temp\Cookies
!-->[Hidden] C:\WINDOWS\temp\CR_11.tmp
!-->[Hidden] C:\WINDOWS\temp\CR_19.tmp
!-->[Hidden] C:\WINDOWS\temp\CR_248.tmp
!-->[Hidden] C:\WINDOWS\temp\History
!-->[Hidden] C:\WINDOWS\temp\Temporary Internet Files
!-->[Hidden] C:\WINDOWS\WBEM
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_x-ww_527a1c68
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_x-ww_caeee150
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-ww_0f75c32e
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_x-ww_7d81c9f9
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-ww_9e7eb501
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_x-ww_037be232
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_x-ww_9b2f5ded
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_x-ww_b8438ace
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-ww_4ee8bb30
!-->[Hidden] C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_x-ww_6ad67377
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1643_x-ww_7c3a9bc6
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c
!-->[Hidden] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4
!-->[Hidden] C:\_OTM\MovedFiles\06052010_174150\C_Program Files\Common Files\Symantec Shared\VirusDefs\20070530.020
!-->[Hidden] C:\_OTM\MovedFiles\06052010_174150\C_Program Files\Common Files\Symantec Shared\VirusDefs\tmp5a02.tmp
!-->[Hidden] C:\_OTM\MovedFiles\06052010_174150\C_Program Files\Common Files\Symantec Shared\VirusDefs\tmp60f8.tmp
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
[1488]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[1604]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1604]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1604]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1604]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1604]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1604]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1604]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3904]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[436]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x0101B0A0-->00000000 [unknown_code_page]
[436]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0101B0A4-->00000000 [unknown_code_page]

Jack&Jill

2010-11-27, 17:39

Hello Jack :),

Check some files with OTL

Double click on OTL.exe to run it.
Make sure all the None options is checked (ticked). There are eight of them.
Copy and paste the following into the white box under Custom Scans/Fixes:

%systemroot%\system32\*.dll /lockedfiles
C:\WINDOWS\system32\DRIVERS\avgntflt.sys /md5
C:\WINDOWS\system32\drivers\wdmaud.sys /md5
C:\WINDOWS\System32\Drivers\IdeChnDr.sys /md5
Click on Run Scan at the top left hand corner. This might take a while.
When done, the OTL.txt file will open. Please post back the contents of this log.

--------------------

The Rootkit Unhooker log is not yielding the result I need. Please try GMER in Safe Mode. I will repeat the steps here. I have to be sure what we are dealing with to plan my approach and reduce the risk of any unforeseen circumstances.

Rerun GMER in Safe Mode

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
Uncheck IAT/EAT
Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

--------------------

Does the redirect happen when you use both Firefox and Internet Explorer? Or only specific one browser?

--------------------

Please post back:
1. OTL result
2. GMER log
3. the answer to my question about the redirect

Jack Fischer

2010-11-27, 22:24

Hi. OTL ran fine with your code pasted in, but I was not able to get GMER to run after multiple tries. I disabled Spybot, Avira and Malwarebyte and started in safe mode, but when I double clicked it to launch the GMER software it began to scan immediately without giving the the GUI interface or letting me uncheck any boxes. And then it crashed and gave me a blue screen that said:

A problem was detected and windows was shut down to prevent damage.

DRIVER_IRQL_NOT_LESS_OR_EQUAL

Technical info:

stop:0x000000D1 (0x3F3F3F, 0x00000002,0x00000000,0xF77c33ce)
IdeChnDr.Sys-Address F77C33CE base at F77C3000,DateStamp 3bd89c65

Beginning dump of physical memory...

Here's the text from OTL:

OTL logfile created on: 11/27/2010 12:14:44 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 246.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.75 Gb Free Space | 31.57% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/09/09 21:58:05 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

< C:\WINDOWS\system32\DRIVERS\avgntflt.sys /md5 >
[2010/11/22 18:18:34 | 000,061,960 | ---- | M] (Avira GmbH) MD5=47B879406246FFDCED59E18D331A0E7D -- C:\WINDOWS\system32\drivers\avgntflt.sys

< C:\WINDOWS\system32\drivers\wdmaud.sys /md5 >
[2008/04/13 11:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) MD5=6768ACF64B18196494413695F0C3A00F -- C:\WINDOWS\system32\drivers\wdmaud.sys

< C:\WINDOWS\System32\Drivers\IdeChnDr.sys /md5 >
[2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) MD5=B5E01B50B08B440018F437AEBED0BCCF -- C:\WINDOWS\system32\drivers\IdeChnDr.sys

< End of report >

Jack&Jill

2010-11-28, 08:06

Jack Fischer

2010-11-30, 04:06

Here's the result of the Virus total scans:

1)

Inbox
Virus Total
Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
avgntflt.sys
Submission date:
2010-11-30 02:27:07 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.30.00 2010.11.29 -
AntiVir 7.10.14.136 2010.11.29 -
Antiy-AVL 2.0.3.7 2010.11.30 -
Avast 4.8.1351.0 2010.11.29 -
Avast5 5.0.677.0 2010.11.29 -
AVG 9.0.0.851 2010.11.30 -
BitDefender 7.2 2010.11.30 -
CAT-QuickHeal 11.00 2010.11.29 -
ClamAV 0.96.4.0 2010.11.30 -
Command 5.2.11.5 2010.11.30 -
Comodo 6896 2010.11.30 -
DrWeb 5.0.2.03300 2010.11.30 -
Emsisoft 5.0.0.50 2010.11.30 -
eSafe 7.0.17.0 2010.11.29 -
eTrust-Vet 36.1.8007 2010.11.29 -
F-Prot 4.6.2.117 2010.11.29 -
F-Secure 9.0.16160.0 2010.11.30 -
Fortinet 4.2.254.0 2010.11.29 -
GData 21 2010.11.30 -
Ikarus T3.1.1.90.0 2010.11.30 -
Jiangmin 13.0.900 2010.11.29 -
K7AntiVirus 9.69.3115 2010.11.29 -
Kaspersky 7.0.0.125 2010.11.29 -
McAfee 5.400.0.1158 2010.11.30 -
McAfee-GW-Edition 2010.1C 2010.11.29 -
Microsoft 1.6402 2010.11.29 -
NOD32 5659 2010.11.29 -
Norman 6.06.10 2010.11.29 -
nProtect 2010-11-29.01 2010.11.29 -
Panda 10.0.2.7 2010.11.29 -
PCTools 7.0.3.5 2010.11.30 -
Prevx 3.0 2010.11.30 -
Rising 22.75.06.04 2010.11.30 -
Sophos 4.60.0 2010.11.29 -
SUPERAntiSpyware 4.40.0.1006 2010.11.30 -
Symantec 20101.2.0.161 2010.11.29 -
TheHacker 6.7.0.1.093 2010.11.30 -
TrendMicro 9.120.0.1004 2010.11.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.30 -
VBA32 3.12.14.2 2010.11.29 -
VIPRE 7450 2010.11.30 -
ViRobot 2010.11.29.4175 2010.11.29 -
VirusBuster 13.6.66.0 2010.11.29 -
Additional information
Show all
MD5 : 47b879406246ffdced59e18d331a0e7d
SHA1 : 839b4f08cae589f91cae2685e651926fed017706
SHA256: afe467f41eb8db905abe0478eaeb75ea16ee7b39470d56968210c191ed96418c
ssdeep: 1536:QBhB9hgPhAOoImEMuLQlstdoytJFAkNfD:6B9hoOOoDZuLQGtdoyVA2
File size : 61960 bytes
First seen: 2010-11-22 10:17:48
Last seen : 2010-11-30 02:27:07
TrID:
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Avira GmbH
copyright....: Copyright (c) 1996-2009 Avira GmbH. All rights reserved.
product......: AntiVir Workstation
description..: Avira Minifilter Driver
original name: avgntflt.sys
internal name: avgntflt.sys
file version.: 10.00.08.07
comments.....: Avira Minifilter Driver - fre_win7_x86
signers......: Avira GmbH
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 6:05 PM 11/11/2010
verified.....: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1174A
timedatestamp....: 0x4CDC11C7 (Thu Nov 11 15:54:47 2010)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x7DBA, 0x7E00, 6.44, 7831b8ed2fbc42b8186a5f8a9872fe64
NONPAGED, 0x9000, 0x15, 0x200, 0.23, 2d3d4c9db47a525fab5be72a9b38f91a
.rdata, 0xA000, 0x694, 0x800, 3.57, 5c22563829ba936fc02ccc5255583112
.data, 0xB000, 0x36E0, 0x200, 1.37, de8cbc28c7e7d6ddccf7cc2dee8206c8
PAGE, 0xF000, 0x1832, 0x1A00, 6.09, 10b17bf5d26b5ecc3d20f466b42ed3bd
INIT, 0x11000, 0x17C4, 0x1800, 5.94, 8aeae19f5bd9f9602eb6403f893652e0
.rsrc, 0x13000, 0x538, 0x600, 3.07, eef6122de9431a83a9094c5c9a138fa9
.reloc, 0x14000, 0x1000, 0x1000, 5.96, 4881fe98a2293bb46f0f7f1af8fd054a

[[ 3 import(s) ]]
ntoskrnl.exe: RtlCompareUnicodeString, ZwReadFile, memset, ZwSetInformationFile, ZwQueryInformationFile, RtlFreeUnicodeString, wcsncat, RtlAnsiStringToUnicodeString, RtlInitAnsiString, KeQuerySystemTime, RtlLengthSid, RtlValidSid, SeQueryInformationToken, IoIsSystemThread, PsGetCurrentProcessId, IoThreadToProcess, ExInitializePagedLookasideList, strncpy, MmMapLockedPagesSpecifyCache, RtlNtStatusToDosError, memmove, PsGetCurrentThreadId, ExDeletePagedLookasideList, ExDeleteResourceLite, RtlLookupElementGenericTableAvl, ObfDereferenceObject, KeBugCheckEx, IoGetTopLevelIrp, RtlInsertElementGenericTableAvl, PsRevertToSelf, SeImpersonateClientEx, KeWaitForMultipleObjects, ObReferenceObjectByHandle, PsCreateSystemThread, IoCreateSymbolicLink, IoCreateDevice, KeClearEvent, ExInitializeResourceLite, KeQueryTimeIncrement, MmGetSystemRoutineAddress, ZwWriteFile, ZwClose, IoDeleteDevice, IoDeleteSymbolicLink, KeTickCount, RtlUnwind, RtlDeleteElementGenericTableAvl, ZwOpenKey, PsSetCreateProcessNotifyRoutine, ZwQueryValueKey, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, RtlCopyUnicodeString, RtlUpcaseUnicodeString, toupper, RtlCompareMemory, RtlEnumerateGenericTableWithoutSplayingAvl, IoGetDeviceObjectPointer, IofCallDriver, IoBuildDeviceIoControlRequest, RtlGetVersion, KeNumberProcessors, SeTokenType, PsDereferencePrimaryToken, PsDereferenceImpersonationToken, memcpy, _wcsupr, ExAcquireResourceSharedLite, IoGetCurrentProcess, KeWaitForSingleObject, KeResetEvent, KeEnterCriticalRegion, ExAcquireResourceExclusiveLite, ExReleaseResourceLite, KeLeaveCriticalRegion, KeSetEvent, PsTerminateSystemThread, RtlInitUnicodeString, IoCreateSynchronizationEvent, _allmul, KeDelayExecutionThread, RtlInitializeGenericTableAvl, ExFreePoolWithTag, ExAllocatePoolWithTag, SeCreateClientSecurity, IoGetStackLimits, KeGetCurrentThread, InterlockedPushEntrySList, InterlockedPopEntrySList, IofCompleteRequest, KeInitializeEvent
HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql
FLTMGR.SYS: FltRegisterFilter, FltBuildDefaultSecurityDescriptor, FltCreateCommunicationPort, FltFreeSecurityDescriptor, FltStartFiltering, FltObjectReference, FltObjectDereference, FltCancelFileOpen, FltReferenceFileNameInformation, FltReferenceContext, FltCloseClientPort, FltCloseCommunicationPort, FltUnregisterFilter, FltDeleteContext, FltDoCompletionProcessingWhenSafe, FltGetFileNameInformation, FltParseFileNameInformation, FltSetStreamHandleContext, FltGetStreamHandleContext, FltGetInstanceContext, FltSendMessage, FltCreateFile, FltClose, FltGetVolumeProperties, FltAllocateContext, FltSetInstanceContext, FltReleaseContext, FltReleaseFileNameInformation, FltGetRoutineAddress

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold
text -- italics
text -- underline
text -- strikethrough

text -- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware
Malware
Spam attachment/link

P2P download
Propagating via IM
Network worm

Drive-by-download

2)
Antivirus Version Last Update Result
AhnLab-V3 2010.11.30.00 2010.11.29 -
AntiVir 7.10.14.136 2010.11.29 -
Antiy-AVL 2.0.3.7 2010.11.30 -
Avast 4.8.1351.0 2010.11.29 -
Avast5 5.0.677.0 2010.11.29 -
AVG 9.0.0.851 2010.11.30 -
BitDefender 7.2 2010.11.30 -
CAT-QuickHeal 11.00 2010.11.29 -
ClamAV 0.96.4.0 2010.11.30 -
Command 5.2.11.5 2010.11.30 -
Comodo 6896 2010.11.30 -
DrWeb 5.0.2.03300 2010.11.30 -
Emsisoft 5.0.0.50 2010.11.30 -
eSafe 7.0.17.0 2010.11.29 -
eTrust-Vet 36.1.8007 2010.11.29 -
F-Prot 4.6.2.117 2010.11.29 -
Fortinet 4.2.254.0 2010.11.29 -
GData 21 2010.11.30 -
Ikarus T3.1.1.90.0 2010.11.30 -
Jiangmin 13.0.900 2010.11.29 -
K7AntiVirus 9.69.3115 2010.11.29 -
Kaspersky 7.0.0.125 2010.11.29 -
McAfee 5.400.0.1158 2010.11.30 -
McAfee-GW-Edition 2010.1C 2010.11.29 -
Microsoft 1.6402 2010.11.29 -
NOD32 5659 2010.11.29 -
Norman 6.06.10 2010.11.29 -
nProtect 2010-11-29.01 2010.11.29 -
Panda 10.0.2.7 2010.11.29 -
PCTools 7.0.3.5 2010.11.30 -
Prevx 3.0 2010.11.30 -
Rising 22.75.06.04 2010.11.30 -
Sophos 4.60.0 2010.11.30 -
SUPERAntiSpyware 4.40.0.1006 2010.11.30 -
Symantec 20101.2.0.161 2010.11.29 -
TheHacker 6.7.0.1.093 2010.11.30 -
TrendMicro 9.120.0.1004 2010.11.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.30 -
VBA32 3.12.14.2 2010.11.29 -
VIPRE 7450 2010.11.30 -
ViRobot 2010.11.29.4175 2010.11.29 -
VirusBuster 13.6.66.0 2010.11.29 -
Additional information
Show all
MD5 : b5e01b50b08b440018f437aebed0bccf
SHA1 : f02673d227cf6c7497ab285313fd8a93768f5cf4
SHA256: d4d478743d0590595413afe4fe5d71e7c54c72fb947200987a8b6cdcd284e0d1

3)

user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
dxtmsft.dll
Submission date:
2010-11-30 02:56:43 (UTC)
Current status:
queued (#4) queued (#4) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.30.00 2010.11.29 -
AntiVir 7.10.14.136 2010.11.29 -
Antiy-AVL 2.0.3.7 2010.11.30 -
Avast 4.8.1351.0 2010.11.29 -
Avast5 5.0.677.0 2010.11.29 -
AVG 9.0.0.851 2010.11.30 -
BitDefender 7.2 2010.11.30 -
CAT-QuickHeal 11.00 2010.11.29 -
ClamAV 0.96.4.0 2010.11.30 -
Command 5.2.11.5 2010.11.30 -
Comodo 6896 2010.11.30 -
DrWeb 5.0.2.03300 2010.11.30 -
Emsisoft 5.0.0.50 2010.11.30 -
eSafe 7.0.17.0 2010.11.29 -
eTrust-Vet 36.1.8007 2010.11.29 -
F-Prot 4.6.2.117 2010.11.29 -
F-Secure 9.0.16160.0 2010.11.30 -
Fortinet 4.2.254.0 2010.11.29 -
GData 21 2010.11.30 -
Ikarus T3.1.1.90.0 2010.11.30 -
Jiangmin 13.0.900 2010.11.29 -
K7AntiVirus 9.69.3115 2010.11.29 -
Kaspersky 7.0.0.125 2010.11.29 -
McAfee 5.400.0.1158 2010.11.30 -
McAfee-GW-Edition 2010.1C 2010.11.29 -
Microsoft 1.6402 2010.11.29 -
NOD32 5659 2010.11.29 -
Norman 6.06.10 2010.11.29 -
nProtect 2010-11-29.01 2010.11.29 -
Panda 10.0.2.7 2010.11.29 -
PCTools 7.0.3.5 2010.11.30 -
Prevx 3.0 2010.11.30 -
Rising 22.75.06.04 2010.11.30 -
Sophos 4.60.0 2010.11.30 -
SUPERAntiSpyware 4.40.0.1006 2010.11.30 -
Symantec 20101.2.0.161 2010.11.29 -
TheHacker 6.7.0.1.093 2010.11.30 -
TrendMicro 9.120.0.1004 2010.11.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.30 -
VBA32 3.12.14.2 2010.11.29 -
VIPRE 7450 2010.11.30 -
ViRobot 2010.11.29.4175 2010.11.29 -
VirusBuster 13.6.66.0 2010.11.29 -

4)

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
dxtrans.dll
Submission date:
2010-11-30 03:00:30 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.30.00 2010.11.29 -
AntiVir 7.10.14.136 2010.11.29 -
Antiy-AVL 2.0.3.7 2010.11.30 -
Avast 4.8.1351.0 2010.11.29 -
Avast5 5.0.677.0 2010.11.29 -
AVG 9.0.0.851 2010.11.30 -
BitDefender 7.2 2010.11.30 -
CAT-QuickHeal 11.00 2010.11.29 -
ClamAV 0.96.4.0 2010.11.30 -
Command 5.2.11.5 2010.11.30 -
Comodo 6896 2010.11.30 -
DrWeb 5.0.2.03300 2010.11.30 -
Emsisoft 5.0.0.50 2010.11.30 -
eSafe 7.0.17.0 2010.11.29 -
eTrust-Vet 36.1.8007 2010.11.29 -
F-Prot 4.6.2.117 2010.11.29 -
F-Secure 9.0.16160.0 2010.11.30 -
Fortinet 4.2.254.0 2010.11.29 -
GData 21 2010.11.30 -
Ikarus T3.1.1.90.0 2010.11.30 -
Jiangmin 13.0.900 2010.11.29 -
K7AntiVirus 9.69.3115 2010.11.29 -
Kaspersky 7.0.0.125 2010.11.29 -
McAfee 5.400.0.1158 2010.11.30 -
McAfee-GW-Edition 2010.1C 2010.11.29 -
Microsoft 1.6402 2010.11.29 -
NOD32 5659 2010.11.29 -
Norman 6.06.10 2010.11.29 -
nProtect 2010-11-29.01 2010.11.29 -
Panda 10.0.2.7 2010.11.29 -
PCTools 7.0.3.5 2010.11.30 -
Prevx 3.0 2010.11.30 -
Rising 22.75.06.04 2010.11.30 -
Sophos 4.60.0 2010.11.30 -
SUPERAntiSpyware 4.40.0.1006 2010.11.30 -
Symantec 20101.2.0.161 2010.11.29 -
TheHacker 6.7.0.1.093 2010.11.30 -
TrendMicro 9.120.0.1004 2010.11.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.30 -
VBA32 3.12.14.2 2010.11.29 -
VIPRE 7450 2010.11.30 -
ViRobot 2010.11.29.4175 2010.11.29 -
VirusBuster 13.6.66.0 2010.11.29 -
Additional information
Show all
MD5 : 5e1a0476e009a1930a524dff4ca13982
SHA1 : e43784c51aa4a14122c5e880059c145609ddf0c2
SHA256: 02635287787412c2075f48a1bba60b2705c13f5e0d82f82c8c048ed9d8ab5f26

5)

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
iepeers.dll
Submission date:
2010-11-30 03:03:14 (UTC)
Current status:
queued (#16) queued (#6) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.30.00 2010.11.29 -
AntiVir 7.10.14.136 2010.11.29 -
Antiy-AVL 2.0.3.7 2010.11.30 -
Avast 4.8.1351.0 2010.11.29 -
Avast5 5.0.677.0 2010.11.29 -
AVG 9.0.0.851 2010.11.30 -
BitDefender 7.2 2010.11.30 -
CAT-QuickHeal 11.00 2010.11.29 -
ClamAV 0.96.4.0 2010.11.30 -
Command 5.2.11.5 2010.11.30 -
Comodo 6896 2010.11.30 -
DrWeb 5.0.2.03300 2010.11.30 -
Emsisoft 5.0.0.50 2010.11.30 -
eSafe 7.0.17.0 2010.11.29 -
eTrust-Vet 36.1.8007 2010.11.29 -
F-Prot 4.6.2.117 2010.11.29 -
F-Secure 9.0.16160.0 2010.11.30 -
Fortinet 4.2.254.0 2010.11.29 -
GData 21 2010.11.30 -
Ikarus T3.1.1.90.0 2010.11.30 -
Jiangmin 13.0.900 2010.11.29 -
K7AntiVirus 9.69.3115 2010.11.29 -
Kaspersky 7.0.0.125 2010.11.29 -
McAfee 5.400.0.1158 2010.11.30 -
McAfee-GW-Edition 2010.1C 2010.11.29 -
Microsoft 1.6402 2010.11.29 -
NOD32 5659 2010.11.29 -
Norman 6.06.10 2010.11.29 -
nProtect 2010-11-29.01 2010.11.29 -
Panda 10.0.2.7 2010.11.29 -
PCTools 7.0.3.5 2010.11.30 -
Prevx 3.0 2010.11.30 -
Rising 22.76.00.01 2010.11.30 -
Sophos 4.60.0 2010.11.30 -
SUPERAntiSpyware 4.40.0.1006 2010.11.30 -
Symantec 20101.2.0.161 2010.11.29 -
TheHacker 6.7.0.1.093 2010.11.30 -
TrendMicro 9.120.0.1004 2010.11.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.30 -
VBA32 3.12.14.2 2010.11.29 -
VIPRE 7450 2010.11.30 -
ViRobot 2010.11.29.4175 2010.11.29 -
VirusBuster 13.6.66.0 2010.11.29 -
Additional information
Show all
MD5 : 9544f6b5812a7634747020e4a6d4d2a5
SHA1 : be22d5142a0102c29520b7b30dc24f3e2a904779
SHA256: 375d91765e08f981f12e28b254adad0bb32eecc722e767f4795aeca348378972
ssdeep: 3072:ndxZT3IHHLyyXwHDV0Lp1eIIEnE9Fuut9WQd0MlPGMUdjsnWQHS81yBI5M:/+NXwHJ0LWI
IEeHt9WuPpnWgk9
File size : 184320 bytes
First seen: 2010-10-12 17:10:16
Last seen : 2010-11-30 03:03:14
TrID:
Windows OCX File (71.0%)
Win32 Executable MS Visual C++ (generic) (21.6%)
Win32 Executable Generic (4.9%)
Generic Win/DOS Executable (1.1%)
DOS Executable Generic (1.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Windows_ Internet Explorer
description..: Internet Explorer Peer Objects
original name: iepeers.dll
internal name: iepeers.dll
file version.: 8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1589
timedatestamp....: 0x4C89C8ED (Fri Sep 10 05:58:05 2010)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1DC38, 0x1DE00, 6.35, 184789ca29255fe79b117100e3eecc88
.data, 0x1F000, 0xCE0, 0xE00, 1.53, 1c72698ab4fc2415819a5c41d4af08d7
.rsrc, 0x20000, 0xC4D0, 0xC600, 4.71, 2dd7d48a351da7de5bda739400446f86
.reloc, 0x2D000, 0x19D8, 0x1A00, 6.59, 0b28464b56662ee60a1cdcc4fca9ab0f

[[ 13 import(s) ]]
msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, wcstol, wcschr, _wcsicmp, free, malloc, __dllonexit, _wcsnicmp, _ltow, _purecall, _vsnwprintf, __2@YAPAXI@Z, bsearch, wcsncmp, memset, memcpy, memmove, realloc, _unlock, _lock, _onexit, _XcptFilter, _wtoi, __3@YAXPAX@Z
KERNEL32.dll: LocalAlloc, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, InitializeCriticalSectionAndSpinCount, SetLastError, FindResourceExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, SearchPathW, CreateActCtxW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, RtlUnwind, InterlockedCompareExchange, Sleep, InterlockedExchange, GetTimeFormatW, GetDateFormatW, GetLocalTime, GetProcAddress, LoadLibraryW, GetLocaleInfoW, MulDiv, GlobalUnlock, GlobalLock, LocalFree, GetDiskFreeSpaceA, WriteFile, GetSystemTimeAsFileTime, GetLastError, InterlockedDecrement, InterlockedIncrement, FileTimeToSystemTime, SystemTimeToFileTime, CompareStringW, LoadLibraryA, GetModuleFileNameA, GetFullPathNameA, SearchPathA, LoadLibraryExA, GetVersionExW, GetModuleFileNameW, lstrlenW, LoadLibraryExW, FindResourceW, LoadResource, SizeofResource, lstrlenA, FreeLibrary, CreateFileW, CreateFileMappingW, CloseHandle, MapViewOfFile, UnmapViewOfFile, MultiByteToWideChar, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, GetModuleHandleW, InitializeCriticalSection, DeleteCriticalSection, HeapDestroy, DisableThreadLibraryCalls, GetUserDefaultLCID, GlobalAlloc, GlobalFree, CompareFileTime
ADVAPI32.dll: GetUserNameW, RegEnumKeyExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegQueryValueExW, RegSetValueExW, RegQueryInfoKeyW
SHLWAPI.dll: -, StrCmpW, -, PathAddBackslashW, SHRegGetValueW, StrCpyW, -, -, -, StrCmpIW, StrCpyNW, PathFindFileNameW, -, wnsprintfW, PathCombineA, PathAppendA, StrCmpNIW, StrDupW, SHGetValueW
ole32.dll: CreateBindCtx, CoCreateInstance, CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, CLSIDFromProgID, CLSIDFromString, CreateStreamOnHGlobal
OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
GDI32.dll: EndPage, StartDocW, EndDoc, CreateICW, GetDeviceCaps, SetViewportOrgEx, AbortDoc, StartPage, DeleteDC, CreateDCW
USER32.dll: GetDesktopWindow, CharNextW, MessageBoxW, LoadStringW
urlmon.dll: FaultInIEFeature, CoInternetParseUrl, CreateUri, CoInternetCombineUrlEx, RegisterBindStatusCallback, CoInternetCreateSecurityManager
WININET.dll: CreateUrlCacheContainerA, InternetCombineUrlW, InternetQueryOptionW, InternetGetConnectedStateExW, RetrieveUrlCacheEntryStreamW, GetUrlCacheEntryInfoW, FindCloseUrlCache, FindNextUrlCacheEntryW, FindFirstUrlCacheEntryW, InternetCrackUrlW, CommitUrlCacheEntryW, CreateUrlCacheEntryW, UnlockUrlCacheEntryStream, ReadUrlCacheEntryStream, DeleteUrlCacheEntryW
SHELL32.dll: -, SHGetFolderPathA, -, -, SHGetDesktopFolder
WINSPOOL.DRV: OpenPrinterW, GetPrinterW, DocumentPropertiesW, DeviceCapabilitiesW, ClosePrinter
iertutil.dll: -, -, -, -, -

[[ 5 export(s) ]]
DllCanUnloadNow, DllEnumClassObjects, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 122368
CompanyName: Microsoft Corporation
EntryPoint: 0x1589
FileDescription: Internet Explorer Peer Objects
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 180 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 8.00.6001.18968 (longhorn_ie8_gdr.100824-1830)
FileVersionNumber: 8.0.6001.18968
ImageVersion: 6.0
InitializedDataSize: 60928
InternalName: iepeers.dll
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.0
ObjectFileType: Dynamic link library
OleSelfRegister:
OriginalFilename: iepeers.dll
PEType: PE32
ProductName: Windows Internet Explorer
ProductVersion: 8.00.6001.18968
ProductVersionNumber: 8.0.6001.18968
Subsystem: Windows GUI
SubsystemVersion: 5.1
TimeStamp: 2010:09:10 07:58:05+02:00
UninitializedDataSize: 0

VT Community

Jack&Jill

2010-11-30, 07:51

Hello Jack :),

We need to disable Spybot S&D's Teatimer real-time protection temporarily as it will interfere with the fix. Please minimize going online when your security softwares are disabled or not active.

First step:

Right click the Spybot icon that looks like a blue/white calendar with a padlock symbol in the System Tray (lower right corner where the clock is situated).
For version 1.6, the steps are similar to either one of the below.
If you have version 1.5, click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked (unticked). The Spybot icon should now be colorless.
If you have Version 1.4, click on Exit Spybot S&D Resident.
Second step, for either version:

Open Spybot S&D.
Click Mode, choose Advanced Mode.
Go to the bottom of the vertical panel on the left, click Tools.
Then, also in left panel, click on Resident that shows a red/white shield.
If your firewall raises a question, say OK.
In the Resident protection status frame, uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
OK any prompts.
Exit Spybot S&D and reboot your machine for the changes to take effect.
Remember to enable it after the fix.

--------------------

Please download ComboFix© by sUBs from one of the links below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/sUBs/ComboFix.exe)

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Install Recovery Console and run ComboFix

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on ComboFix.exe and follow the prompts.
As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will be asked to install it if it is not present in your computer. Click Yes to proceed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, click on Yes to continue scanning for malware.
When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.

A detailed step by step tutorial to run ComboFix can be found here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) if you need help.

--------------------

Please post back:
1. the ComboFix log

Jack Fischer

2010-12-01, 18:32

Please don't close this thread. I was unable to work on this last night, but I'll dive in tonight.

Cheers,

jack fischer
:D::D:

Jack Fischer

2010-12-02, 06:49

Hi.

I turned off spybot and my Avira software and downloaded and ran Combofix. It installed Microsoft Windows Recovery Console but when it began to scan for malware it again crashed and gave me a blue screen with this:

A problem was detected and windows was shut down to prevent damage.

DRIVER_IRQL_NOT_LESS_OR_EQUAL

Technical info:

stop:0x000000D1 (0x3F3F3F, 0x00000002,0x00000000,0xF77c33ce)
IdeChnDr.Sys-Address F77C33CE base at F77C3000,DateStamp 3bd89c65

Beginning dump of physical memory...

What now?

Thanks very much for all your patience with this. I can't believe what a pain it is.:red:

jack

Jack&Jill

2010-12-02, 15:23

Hello Jack :),

Is there a log produced, C:\ComboFix.txt?

--------------------

The file IdeChnDr.sys is related to Intel's Application Accelerator. Is your hard drive RAID configured?

Check for RAID via Disk Management

Go to Start > Run.... Copy and paste the following text into the white box:

diskmgmt.msc
Click OK. A Disk Management window will open.
At the bottom pane under Disk 0, do you see the word Basic or Dynamic?
At the lowest portion of the window where legend of the disk type is shown, do you observe any of these five words: simple, spanned, striped, mirrored or RAID-5?
Post back the information and close the Disk Management window.

--------------------

Check IdeChnDr.sys with OTL

Double click on OTL.exe to run it.
Make sure all the None options is checked (ticked). There are eight of them.
Copy and paste the following into the white box under Custom Scans/Fixes:

/md5start
IdeChnDr.sys
/md5stop
Click on Run Scan at the top left hand corner. This might take a while.
When done, the OTL.txt file will open. Please post back the contents of this log.

--------------------

Please post back:
1. ComboFix log, if any
2. information about you hard drive and from the Disk Management
3. OTL log

Jack Fischer

2010-12-03, 00:49

Okay:

1) No log generated. It crashed pretty quickly.

2) Disk management returns the following info:

Under Disk 0 it says "basic". Under that it says 37.24Gb, online. To the right of that in a small box it says 31MB FAT. To the right Of that, in a small box it says (C:) and then 37.21GB NTFS.

I don't see any of the five words you were seeking.

3) OTL Log:

OTL logfile created on: 12/2/2010 3:29:44 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 555.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.56 Gb Free Space | 31.06% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: IDECHNDR.SYS >
[2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) MD5=B5E01B50B08B440018F437AEBED0BCCF -- C:\Program Files\Intel\Intel Application Accelerator\Driver\idechndr.sys
[2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) MD5=B5E01B50B08B440018F437AEBED0BCCF -- C:\WINDOWS\system32\drivers\IdeChnDr.sys

< End of report >

Jack

Jack&Jill

2010-12-03, 01:16

Hello Jack :),

Based on the information I see, it should be alright to try uninstalling the Intel Application Accelerator via Control Panel > Add/Remove Programs. However, just to be safe, please backup all your important data to a CD before you do that.

Do a reboot and let me know how it goes, then we will move to the next step.

Jack Fischer

2010-12-03, 07:57

Okay, intell accelerator uninstalled. When it rebooted it repeatedly gave me a message saying " windows has recovered from a serious error. Send report?" About ten times and then it stopped.

What next?

Best,

jack

Jack&Jill

2010-12-03, 11:15

Hello Jack :),

Reset paging file

Go to Start, then right click on My Computer. Select Properties. You can also do the same via the My Computer icon on the desktop.
Click on the Advanced tab, then Settings under the Performance section.
Go to the Advanced tab in this new window. Click Change under the Virtual Memory section.
Take note which is the original setting; Custom size or System managed size. If it is the former, write down the figures in the two white boxes.
Select No paging file and press Set. You will be prompted, click Yes. OK your way out.
You will be requested to restart the computer. Please do.
Once rebooted, go to the Virtual Memory section again and put back the original setting, press Set, and finally OK your way out.

Did this clear off the error message in your next reboot?

--------------------

Please run ComboFix and post back the result.

--------------------

Please post back:
1. any more error message?
2. ComboFix log

Jack Fischer

2010-12-04, 06:38

The error messages were gone when I rebooted after changing the settings as suggested. :thanks:

Combofix ran this time. Here is the log:

ComboFix 10-12-03.01 - Joycellen Floyd 12/03/2010 21:15:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.588 [GMT -8:00]
Running from: c:\documents and settings\Joycellen Floyd\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Joycellen Floyd\Favorites\biointensive gardening supplies, seeds, garden tools, books, Bountiful Gardens, growbiointensive.ur
c:\documents and settings\Joycellen Floyd\Recent\energy.tmp
c:\documents and settings\Joycellen Floyd\Recent\FS.tmp
c:\documents and settings\Joycellen Floyd\Recent\kernel32.tmp
C:\Thumbs.db
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\patch.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-11-27 20:38 . 2010-11-27 20:38 -------- d-----w- c:\documents and settings\Joycellen Floyd\Application Data\Avira
2010-11-20 19:13 . 2010-11-20 19:13 -------- d-----w- c:\program files\7-Zip
2010-11-20 07:38 . 2010-11-20 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-11-06 19:37 . 2010-11-06 19:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 19:37 . 2010-11-06 19:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-06 01:18 . 2010-11-06 01:18 -------- d-----w- c:\program files\Common Files\SWiSHzone.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 02:18 . 2009-06-10 05:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 19:23 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-07-14 05:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2010-07-14 05:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2005-06-18 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-01-08 16:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-01-08 16:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-23 05:28 . 2006-04-29 06:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-13 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"DellTouch"="c:\windows\DELLMMKB.EXE" [2001-09-23 163840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-23 30192]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/9/2009 9:28 PM 135336]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [1/4/2004 10:43 PM 28672]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [1/4/2004 10:43 PM 6942]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [3/4/2010 4:13 PM 31848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 11:24 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/28/2006 10:46 PM 30192]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [3/4/2010 4:13 PM 31848]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 03:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-09 01:48]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 07:24]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} - hxxp://haserv1.liveglobalbid.com/lgbmpr.cab
FF - ProfilePath - c:\documents and settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - plugin: c:\documents and settings\Joycellen Floyd\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Joycellen Floyd\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Joycellen Floyd\Application Data\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1136874479\ee\AOLSoftware.exe
MSConfigStartUp-Kernel and Hardware Abstraction Layer - KHALMNPR.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\docume~1\JOYCEL~1\LOCALS~1\Temp\7zOD7.tmp\MustBeRandomlyNamed\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 21:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ArcSoft\Magic-i 3\uMgiSvr.exe
c:\program files\Netropa\OSD.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Skype\Phone\Skype.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\locator.exe
.
**************************************************************************
.
Completion time: 2010-12-03 21:35:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-04 05:35

Pre-Run: 12,674,293,760 bytes free
Post-Run: 12,791,783,424 bytes free

- - End Of File - - 024818BB221DE4DBB1D08E068E601985

What's next?

Best,

jack

Jack&Jill

2010-12-05, 09:16

Hello Jack :),

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Does the redirect happen when you use both Firefox and Internet Explorer? Or only specific one browser? You missed this question earlier. Is the redirect still happening?

--------------------

Please post back:
1. the ESET online scan result
2. the answer to my question about the redirect

Jack Fischer

2010-12-06, 05:14

Here's the scan results from ESET. It found 13 threats.

C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\18\66ebb892-36f79909 a variant of Java/Rowindal.A trojan
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\2\72e3a02-3b65c4e5 probably a variant of Win32/Agent.FXHNPDJ trojan
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\26\2fe9a31a-6f441726 multiple threats
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\29\218affdd-22b23cb5 a variant of Java/Rowindal.A trojan
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\29\5363d3dd-36bf6409 multiple threats
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\31\f29bcdf-369b161c multiple threats
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\48\6eeafe70-562fa418 probably a variant of Win32/Agent.FXHNPDJ trojan
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\5\232ff0c5-79650f5d multiple threats
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\50\555c00b2-5e2c97cd a variant of Java/Rowindal.A trojan
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\56\64916bb8-60247aaa multiple threats
C:\Documents and Settings\Joycellen Floyd\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application
C:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe Win32/Adware.HiWire application

What now?

Jack&Jill

2010-12-06, 06:49

Hello Jack :),

Does the redirect happen when you use both Firefox and Internet Explorer? Or only specific one browser? You missed this question earlier. Is the redirect still happening? This is the second time you miss my questions. Please read my instructions slowly and carefully. If you do not provide such information, I will not be able to help you. Please provide them. Thanks.

--------------------

You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.

--------------------

Please post back:
1. the answer to my questions
2. old MBAM report

Jack Fischer

2010-12-06, 07:06

The redirect happens with both browsers.

The redirect was still happening earlier today. I have not seen it in the past half hour or so since I ran ESET, but sometimes it takes longer than that to open another window. I can tell you with more certainty in a day or so.

Here's the most recent log from malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5118

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2010 12:05:00 AM
mbam-log-2010-11-15 (00-05-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 219836
Time elapsed: 1 hour(s), 25 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Note that it showed no malicous items even though ESET found several.

What about the results from ESET? It showed 13 threats. :confused:

Best,

jack

Jack&Jill

2010-12-06, 10:03

Hello Jack :),

The redirect happens with both browsers.
The redirect was still happening earlier today. I have not seen it in the past half hour or so since I ran ESET, but sometimes it takes longer than that to open another window. I can tell you with more certainty in a day or so. I need more details and symptoms. Does it happen when you click on a link? What sites does it go to? Please use such method to state the websites: badsite[dot]com.

Note that it showed no malicous items even though ESET found several.
What about the results from ESET? It showed 13 threats. We will deal with them in due course. One of them is a false positive and will be excluded from our fix. Infections nowadays are getting tougher, so sometimes identifying them may need some extra efforts. It would be good to know what we are up against before making any further moves because such enthusiasm may result in an unbootable machine. Hope you will be patient.

--------------------

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.

Run ComboFix script

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Open Notepad. Copy and paste the following text into it:

File::
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\18\66ebb892-36f79909
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\2\72e3a02-3b65c4e5
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\26\2fe9a31a-6f441726
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\29\218affdd-22b23cb5
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\29\5363d3dd-36bf6409
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\31\f29bcdf-369b161c
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\48\6eeafe70-562fa418
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\5\232ff0c5-79650f5d
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\50\555c00b2-5e2c97cd
C:\Documents and Settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\56\64916bb8-60247aaa
C:\Documents and Settings\Joycellen Floyd\My Documents\Downloads\registrybooster.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe

FileLook::
c:\windows\System32\locator.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

Firefox::
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).

http://i582.photobucket.com/albums/ss269/Cat_Byte/images/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update, please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, a log will be produced as C:\ComboFix.txt. Copy and paste the contents of the log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.

--------------------

I want you to update MBAM and run a scan.

Open MBAM and click on the Update tab, then Check for Updates.
When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Some of the previous scans I asked you to run were not successful due BSODs, thus we will need to try running some of them again. This means you will be running a series of tools to post back the logs. Let start with DDS. Please rerun DDS and post back the logs (DDS.txt and Attach.txt).

--------------------

Rerun OTL

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are six of them.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Rerun GMER

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
Uncheck IAT/EAT
Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

--------------------

Please post back:
1. more information about the redirect
2. ComboFix log
3. new MBAM report
4. new DDS logs (DDS.txt and Attach.txt)
5. OTL log (OTL.txt only)
6. GMER result

Jack Fischer

2010-12-07, 08:13

Hi Jack and/or Jill. :D:

It does, indeed happen when I click on a link, but no always and there is no pattern I can see as to when it happens. It usually seems to take me to a site that says the computer is infected with viruses and asking if I want to do something about it. I don't have the URL now, but will save and send one as soon as I get it. The malware also randomly throws open new windows. Sometimes these go to legitimate seeming sites, like Lycos. Other times commercial sites. One I recall that came up repeatedly for a while was for China TV. Still other times the site fails to load.

I will save and send some specific bad sites as soon as I get more.

Here is the new log from combofix:

ComboFix 10-12-04.06 - Joycellen Floyd 12/06/2010 17:50:26.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.573 [GMT -8:00]
Running from: c:\documents and settings\Joycellen Floyd\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Joycellen Floyd\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\18\66ebb892-36f79909"
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\2\72e3a02-3b65c4e5"
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\26\2fe9a31a-6f441726"
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\29\218affdd-22b23cb5"
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\29\5363d3dd-36bf6409"
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\31\f29bcdf-369b161c"
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\48\6eeafe70-562fa418"
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\5\232ff0c5-79650f5d"
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\50\555c00b2-5e2c97cd"
"c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\56\64916bb8-60247aaa"
"c:\documents and settings\Joycellen Floyd\My Documents\Downloads\registrybooster.exe"
"c:\program files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\18\66ebb892-36f79909
c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\2\72e3a02-3b65c4e5
c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\26\2fe9a31a-6f441726
c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\29\218affdd-22b23cb5
c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\29\5363d3dd-36bf6409
c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\31\f29bcdf-369b161c
c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\48\6eeafe70-562fa418
c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\5\232ff0c5-79650f5d
c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\50\555c00b2-5e2c97cd
c:\documents and settings\Joycellen Floyd\Application Data\Sun\Java\Deployment\cache\6.0\56\64916bb8-60247aaa

.
((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
.

2010-12-06 01:05 . 2010-12-06 01:05 -------- d-----w- c:\program files\ESET
2010-11-27 20:38 . 2010-11-27 20:38 -------- d-----w- c:\documents and settings\Joycellen Floyd\Application Data\Avira
2010-11-20 19:13 . 2010-11-20 19:13 -------- d-----w- c:\program files\7-Zip
2010-11-20 07:38 . 2010-11-20 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 02:18 . 2009-06-10 05:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-18 19:23 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-07-14 05:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2010-07-14 05:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2005-06-18 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-01-08 16:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-01-08 16:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-23 05:28 . 2006-04-29 06:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\System32\locator.exe ---
Company: Microsoft Corporation
File Description: Rpc Locator
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: locator.exe
File size: 75264
Created time: 2002-12-04 02:50
Modified time: 2008-04-14 00:12
MD5: AAED593F84AFA419BBAE8572AF87CF6A
SHA1: 7E2CC7D2DA54EE5D36FF5BC95972232983C076BB

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-13 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 68856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"DellTouch"="c:\windows\DELLMMKB.EXE" [2001-09-23 163840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-23 30192]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/9/2009 9:28 PM 135336]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [1/4/2004 10:43 PM 6942]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [3/4/2010 4:13 PM 31848]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/27/2010 11:24 PM 135664]
S2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [1/4/2004 10:43 PM 28672]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/28/2006 10:46 PM 30192]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [3/4/2010 4:13 PM 31848]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WMIAPSRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 03:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-12-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-09 01:48]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 07:24]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} - hxxp://haserv1.liveglobalbid.com/lgbmpr.cab
FF - ProfilePath - c:\documents and settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - plugin: c:\documents and settings\Joycellen Floyd\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Joycellen Floyd\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Joycellen Floyd\Application Data\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-06 18:02:45
ComboFix-quarantined-files.txt 2010-12-07 02:02
ComboFix2.txt 2010-12-04 05:35

Pre-Run: 12,640,014,336 bytes free
Post-Run: 12,621,516,800 bytes free

- - End Of File - - 17827C9C4D02B3770870499D16DB86DB

That was pretty long so I'll open a new reply for the rest.

Jack Fischer

2010-12-07, 08:20

Here's the new log for MBAM:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5259

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/6/2010 8:29:05 PM
mbam-log-2010-12-06 (20-29-05).txt

Scan type: Full scan (C:\|)
Objects scanned: 211902
Time elapsed: 1 hour(s), 15 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here's the new DDS text:

DDS (Ver_10-11-10.01) - NTFSx86
Run by Joycellen Floyd at 20:31:49.78 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.323 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\E_S00RP2.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Netropa\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nytimes.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [DellTouch] c:\windows\DELLMMKB.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} - hxxp://haserv1.liveglobalbid.com/lgbmpr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124349026031
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joycel~1\applic~1\mozilla\firefox\profiles\q8ifr7p2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - plugin: c:\documents and settings\joycellen floyd\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\joycellen floyd\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPUploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-9 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-9 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-9 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-9 61960]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2004-1-4 28672]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2004-1-4 6942]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-3-4 31848]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-4-28 30192]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-3-4 31848]

=============== Created Last 30 ================

2010-12-07 02:17:45 709456 ----a-w- c:\windows\isRS-000.tmp
2010-12-06 01:05:52 -------- d-----w- c:\program files\ESET
2010-12-02 05:33:55 -------- d-sha-r- C:\cmdcons
2010-12-02 05:30:13 98816 ----a-w- c:\windows\sed.exe
2010-12-02 05:30:13 89088 ----a-w- c:\windows\MBR.exe
2010-12-02 05:30:13 256512 ----a-w- c:\windows\PEV.exe
2010-12-02 05:30:13 161792 ----a-w- c:\windows\SWREG.exe
2010-11-27 20:38:06 -------- d-----w- c:\docume~1\joycel~1\applic~1\Avira

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 20:33:47.82 ===============

And the attach text:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/4/2004 10:22:13 PM
System Uptime: 12/6/2010 6:18:39 PM (2 hours ago)

Motherboard: Intel Corporation | | D845PT
Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | J1E1 | 1594/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 11.762 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&268D196D&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&268D196D&0
Service: i8042prt

==== System Restore Points ===================

RP1629: 10/3/2010 12:57:54 PM - System Checkpoint
RP1630: 10/4/2010 6:57:08 PM - System Checkpoint
RP1631: 10/5/2010 7:33:51 PM - System Checkpoint
RP1632: 10/6/2010 7:57:57 PM - System Checkpoint
RP1633: 10/6/2010 11:31:58 PM - Software Distribution Service 3.0
RP1634: 10/8/2010 2:16:36 AM - System Checkpoint
RP1635: 10/8/2010 3:00:20 AM - Software Distribution Service 3.0
RP1636: 10/9/2010 10:23:16 AM - System Checkpoint
RP1637: 10/10/2010 2:00:24 PM - System Checkpoint
RP1638: 10/11/2010 8:03:15 PM - System Checkpoint
RP1639: 10/13/2010 7:24:18 AM - System Checkpoint
RP1640: 10/13/2010 10:15:11 PM - Software Distribution Service 3.0
RP1641: 10/14/2010 7:49:46 AM - Installed Connect Service
RP1642: 10/15/2010 8:41:25 PM - System Checkpoint
RP1643: 10/17/2010 12:00:28 AM - System Checkpoint
RP1644: 10/18/2010 1:44:49 AM - System Checkpoint
RP1645: 10/19/2010 5:44:43 AM - System Checkpoint
RP1646: 10/20/2010 8:33:58 AM - System Checkpoint
RP1647: 10/21/2010 8:23:28 PM - System Checkpoint
RP1648: 10/22/2010 9:28:40 PM - System Checkpoint
RP1649: 10/24/2010 9:08:58 AM - System Checkpoint
RP1650: 10/25/2010 8:05:20 PM - System Checkpoint
RP1651: 10/27/2010 7:14:52 AM - System Checkpoint
RP1652: 10/28/2010 9:14:24 AM - System Checkpoint
RP1653: 10/29/2010 12:05:32 PM - System Checkpoint
RP1654: 10/30/2010 3:00:59 PM - System Checkpoint
RP1655: 10/31/2010 3:01:20 PM - System Checkpoint
RP1656: 11/1/2010 7:18:55 PM - System Checkpoint
RP1657: 11/3/2010 7:13:39 AM - System Checkpoint
RP1658: 11/4/2010 11:11:10 AM - System Checkpoint
RP1659: 11/5/2010 7:11:47 PM - System Checkpoint
RP1660: 11/6/2010 3:49:20 PM - Installed Java(TM) 6 Update 22
RP1661: 11/7/2010 2:49:41 PM - System Checkpoint
RP1662: 11/8/2010 2:57:39 PM - System Checkpoint
RP1663: 11/10/2010 7:51:12 AM - System Checkpoint
RP1664: 11/10/2010 9:40:49 PM - Software Distribution Service 3.0
RP1665: 11/12/2010 1:00:05 PM - System Checkpoint
RP1666: 11/13/2010 1:06:03 PM - System Checkpoint
RP1667: 11/14/2010 6:44:05 PM - System Checkpoint
RP1668: 11/15/2010 10:18:07 PM - System Checkpoint
RP1669: 11/17/2010 8:04:40 AM - System Checkpoint
RP1670: 11/18/2010 9:00:16 PM - System Checkpoint
RP1671: 11/20/2010 1:02:39 AM - System Checkpoint
RP1672: 11/21/2010 10:02:42 AM - System Checkpoint
RP1673: 11/22/2010 6:33:02 PM - System Checkpoint
RP1674: 11/22/2010 9:19:12 PM - Removed Microsoft Office Professional Edition 2003
RP1675: 11/22/2010 9:25:44 PM - Removed Microsoft Office Word Viewer 2003
RP1676: 11/23/2010 6:12:46 PM - Installed Connect Service
RP1677: 11/24/2010 6:47:09 PM - System Checkpoint
RP1678: 11/25/2010 9:19:26 PM - System Checkpoint
RP1679: 11/26/2010 10:02:10 PM - System Checkpoint
RP1680: 11/27/2010 10:47:34 PM - System Checkpoint
RP1681: 11/29/2010 6:48:37 PM - System Checkpoint
RP1682: 11/30/2010 9:30:13 PM - System Checkpoint
RP1683: 12/2/2010 4:08:17 PM - System Checkpoint
RP1684: 12/3/2010 4:10:59 PM - System Checkpoint
RP1685: 12/4/2010 4:59:18 PM - System Checkpoint
RP1686: 12/5/2010 6:35:44 PM - System Checkpoint

==== Installed Programs ======================

3D Groove Playback Engine
7-Zip 9.20
Actiontec Gateway
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Product/Adobe Studio Update 10/2001
Adobe Reader 7.0.7
Adobe Reader 9.4.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i 3
ArcSoft WebCam Companion 2
ATI Display Driver
Avery® Wizard 2.1 for Microsoft® Word 2002
Avira AntiVir Personal - Free Antivirus
Bonjour
Canon iP1800 series
Compatibility Pack for the 2007 Office system
Conexant HSF V92 56K Data Fax PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell ResourceCD
DellTouch
Elf Bowling 3 (remove only)
EPSON CardMonitor
EPSON PictureMate User's Guide
EPSON Printer Software
ERUNT 1.1j
ESET Online Scanner v3
FreshDiagnose
FUJIFILM USB Driver
Google Chrome
Google Desktop
Google Desktop Plugin - eBay Watcher
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 5550 series
ICC Color Profiles
Ink Monitor
iPod for Windows User Guide
iPod System Software Updater 2.0.1
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Lame ACM MP3 Codec
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 4.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Minolta DiMAGE Scan Dual3 ver 1.0
Move Media Player
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (3.1.6)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MUSICMATCH iPod Plug-in
MUSICMATCH® Jukebox
PixiePack Codec Pack
QTRgui
Quicken 2007
QuickTime
Real Estate Transaction Viewer
RealPlayer
REAP LITE
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
Shutterfly Plugin
Sierra On-Line Games (Remove only)
Skype Toolbars
Skype™ 4.2
SoundMAX
Spybot - Search & Destroy
Tunebite
ubi.com
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Driver Vers. 3.2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
WinZip
Works Suite OS Pack
Works Synchronization

==== Event Viewer Messages From Past Week ========

12/6/2010 5:31:34 PM, error: Print [6161] - The document Chiropractic - Wikipedia, t... owned by Joycellen Floyd failed to print on printer Canon iP1800 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\DELL. Win32 error code returned by the print processor: 259 (0x103).
12/3/2010 9:33:19 PM, error: Service Control Manager [7016] - The EPSON V3 Service2(02) service has reported an invalid current state 0.
12/3/2010 9:25:59 PM, error: Print [19] - Sharing printer failed + 1722, Printer hp deskjet 5550 series share name hpdeskje.
12/3/2010 6:17:12 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.5. The machine with the IP address 192.168.1.3 did not allow the name to be claimed by this machine.
12/2/2010 10:56:28 PM, error: System Error [1003] - Error code 100000d1, parameter1 0a050017, parameter2 00000005, parameter3 00000000, parameter4 f77c6e3e.
12/2/2010 10:56:26 PM, error: System Error [1003] - Error code 100000d1, parameter1 021f0017, parameter2 00000005, parameter3 00000000, parameter4 f77c6e3e.
12/2/2010 10:56:22 PM, error: System Error [1003] - Error code 100000d1, parameter1 00030017, parameter2 00000005, parameter3 00000000, parameter4 f77c6e3e.
12/2/2010 10:56:19 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000003, parameter2 00000005, parameter3 00000000, parameter4 f77c6e3e.
12/2/2010 10:56:15 PM, error: System Error [1003] - Error code 100000d1, parameter1 3f3f3f3f, parameter2 00000002, parameter3 00000000, parameter4 f77c33ce.
12/2/2010 10:55:27 PM, error: System Error [1003] - Error code 100000d1, parameter1 0a0a0003, parameter2 00000005, parameter3 00000000, parameter4 f77c6e3e.
12/2/2010 10:55:08 PM, error: System Error [1003] - Error code 100000d1, parameter1 0a140017, parameter2 00000005, parameter3 00000000, parameter4 f77c6e3e.
12/2/2010 10:54:23 PM, error: System Error [1003] - Error code 100000d1, parameter1 0a040017, parameter2 00000005, parameter3 00000000, parameter4 f77c6e3e.
12/1/2010 9:35:58 PM, error: Service Control Manager [7034] - The Netropa NHK Server service terminated unexpectedly. It has done this 1 time(s).
11/29/2010 6:31:39 PM, error: Print [6161] - The document VirusTotal - Free Online Vi... owned by Joycellen Floyd failed to print on printer Canon iP1800 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 1301380. Number of bytes printed: 1030720. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\DELL. Win32 error code returned by the print processor: 13 (0xd).
11/29/2010 6:06:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================

I'll start another new reply.

Jack Fischer

2010-12-07, 08:28

And here's the new OTL text:

OTL logfile created on: 12/6/2010 8:37:04 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 321.00 Mb Available Physical Memory | 31.00% Memory free
926.00 Mb Paging File | 367.00 Mb Available in Paging File | 40.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.76 Gb Free Space | 31.61% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== LOP Check ==========

[2008/12/14 14:33:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/15 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/03/07 17:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/10/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/03/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2006/01/18 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/06/05 14:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/12 21:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/09 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/11 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Acoustica
[2009/09/11 20:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
[2010/08/02 07:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Cisco
[2006/01/18 19:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Digital Photo Slide Show
[2005/04/14 18:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ICAClient
[2004/01/05 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Leadertech
[2004/05/19 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
[2006/01/20 19:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Netscape
[2008/05/01 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Opera
[2009/11/14 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\QuadToneRIP
[2010/10/10 11:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird
[2004/05/30 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
[2006/01/18 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Ulead Systems
[2010/06/05 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Uniblue

========== Purity Check ==========

< End of report >

I can't find the extras file. The machine crashed once during GMER and I hadn't yet saved extras.

It's late here now. I'll rerun OTL and GMER tomorrow and send them to you.

Thanks!

jack

Jack&Jill

2010-12-07, 09:01

Hello Jack :),

The settings for OTL is not correct.

Please read my instructions slowly and carefully.

I have looked through the earlier logs, but I need the proper OTL log and GMER log. No need for Extras.txt.

Jack Fischer

2010-12-08, 06:04

Here is one of the URLs that I am sent to when it redirects:

premium_.s3.amazonaws[dot]com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1291779241&Signature=vLPGkMfKzTkNLyHz4Is%2BMjiWAHQ%3D

And here's the right OTL text:

OTL logfile created on: 12/7/2010 8:30:51 PM - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 453.00 Mb Available Physical Memory | 44.00% Memory free
926.00 Mb Paging File | 483.00 Mb Available in Paging File | 52.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.74 Gb Free Space | 31.55% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
PRC - [2010/10/28 08:40:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 08:39:57 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 15:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/07/12 04:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/10 09:39:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/13 01:39:09 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2001/09/23 07:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
PRC - [2001/09/22 14:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP2.EXE

========== Modules (SafeList) ==========

MOD - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/22 21:28:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)
SRV - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOYCEL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/22 18:18:34 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/02 15:10:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/06/17 14:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)
DRV - [2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(r)
DRV - [2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 10:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/22 21:19:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/08 20:09:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/22 21:19:36 | 000,000,000 | ---D | M]

[2010/10/10 11:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions
[2010/10/10 11:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions
[2009/08/09 07:07:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/13 21:34:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/23 18:36:34 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\askcom.xml
[2010/02/23 18:38:45 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\bing.xml
[2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 21:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 21:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 14:50:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/12/22 08:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2010/12/06 17:58:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab (FilePlanet Download Control Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab (Windows Live Safety Center Base Module)
O16 - DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} http://haserv1.liveglobalbid.com/lgbmpr.cab (LgbMediaPlayer Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124349026031 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/04 22:19:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 23:23:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/05 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/01 21:33:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/01 21:30:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/01 21:30:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/01 21:30:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/01 21:30:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/01 21:28:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/27 12:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Avira
[2010/11/23 21:18:05 | 001,852,800 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\win32k two
[2010/11/23 21:16:37 | 001,852,800 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\win32k.sys
[2010/11/20 11:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/19 23:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/11/19 23:37:44 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\MGADiag.exe
[2010/11/18 20:34:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 19:52:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/07 19:03:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 19:03:37 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2010/12/07 19:03:36 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2010/12/07 19:02:35 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/12/07 19:01:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/07 19:01:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 19:01:19 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/06 21:42:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/06 17:58:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/06 17:45:54 | 003,985,074 | R--- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\ComboFix.exe
[2010/12/05 20:17:10 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\esetsmartinstaller_enu(2).exe
[2010/12/05 17:05:40 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\esetsmartinstaller_enu.exe
[2010/12/03 17:54:03 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/01 21:34:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/29 18:22:16 | 000,017,352 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\OT Final Exam Study Guide.docx
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 13:02:47 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\ResetTeaTimer.exe
[2010/11/26 18:07:27 | 000,221,888 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Report most recent
[2010/11/26 14:51:04 | 000,033,344 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Report root
[2010/11/23 21:18:06 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\win32k two
[2010/11/23 21:16:38 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\win32k.sys
[2010/11/23 18:09:52 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/22 18:18:34 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/20 11:18:44 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\RkU.lnk
[2010/11/20 11:15:21 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\7-Zip File Manager.lnk
[2010/11/20 11:12:54 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe
[2010/11/19 23:41:39 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\CKScanner.exe
[2010/11/19 23:37:49 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\MGADiag.exe
[2010/11/18 21:09:34 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\58bs8qew.exe
[2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
[2010/11/18 20:21:10 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/17 20:14:07 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/05 20:17:10 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\esetsmartinstaller_enu(2).exe
[2010/12/05 17:04:47 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\esetsmartinstaller_enu.exe
[2010/12/01 21:34:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/01 21:33:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/01 21:30:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/01 21:30:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/01 21:30:13 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/01 21:30:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/01 21:30:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/30 22:15:39 | 003,985,074 | R--- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\ComboFix.exe
[2010/11/29 18:22:16 | 000,017,352 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\OT Final Exam Study Guide.docx
[2010/11/27 13:11:31 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/27 13:02:46 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\ResetTeaTimer.exe
[2010/11/26 18:07:27 | 000,221,888 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Report most recent
[2010/11/26 14:51:04 | 000,033,344 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Report root
[2010/11/26 13:37:55 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\RkU.lnk
[2010/11/20 11:16:58 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\7-Zip File Manager.lnk
[2010/11/20 11:12:52 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe
[2010/11/19 23:41:35 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\CKScanner.exe
[2010/11/18 21:09:34 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\58bs8qew.exe
[2010/11/17 20:14:05 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/22 07:32:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/07/12 19:47:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
[2007/07/12 19:47:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PICTURM8.ini
[2007/02/26 22:56:21 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2006/09/13 19:52:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\sview.ini
[2006/09/13 19:44:36 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\svfiles.log
[2006/01/18 18:58:06 | 000,000,681 | ---- | C] () -- C:\WINDOWS\arp.INI
[2006/01/18 17:21:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\dpss.ini
[2006/01/16 22:13:27 | 000,000,395 | ---- | C] () -- C:\WINDOWS\DSSCC.INI
[2005/05/29 23:56:24 | 000,015,409 | ---- | C] () -- C:\WINDOWS\System32\lqmsaaaa.dll
[2005/05/29 13:40:58 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/29 13:40:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/29 13:40:07 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/25 20:24:58 | 000,002,640 | ---- | C] () -- C:\WINDOWS\System32\lqkaaaaa.dll
[2005/05/25 20:23:56 | 000,011,304 | ---- | C] () -- C:\WINDOWS\System32\haghkdf.dll
[2005/05/25 19:26:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/25 19:26:06 | 000,108,301 | ---- | C] () -- C:\WINDOWS\System32\comprsvp.dll
[2004/12/16 19:33:46 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/11/29 22:28:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/06 21:23:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MFSBaseLib2889.dll
[2004/10/06 21:23:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\MFSIFLib2889.dll
[2004/09/25 22:08:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS1280.ini
[2004/09/12 10:25:40 | 000,000,621 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/08/16 17:30:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 17:30:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/30 15:18:38 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/04/14 15:13:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/04/09 06:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL
[2004/03/22 20:44:47 | 000,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/03/22 20:44:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ICE.INI
[2004/03/08 19:59:17 | 000,000,590 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/02/09 19:36:21 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/01/27 07:45:49 | 000,108,273 | ---- | C] () -- C:\WINDOWS\System32\autokdll.dll
[2004/01/27 07:45:49 | 000,103,575 | ---- | C] () -- C:\WINDOWS\System32\read87em.dll
[2004/01/27 07:45:47 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\plusideo.dll
[2004/01/10 19:42:03 | 000,050,012 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/01/08 09:05:51 | 000,110,708 | ---- | C] () -- C:\WINDOWS\System32\mtxo0081.dll
[2004/01/08 09:04:32 | 000,111,252 | ---- | C] () -- C:\WINDOWS\System32\hostgwiz.dll
[2004/01/08 09:01:42 | 000,102,687 | ---- | C] () -- C:\WINDOWS\System32\1252sutb.dll
[2004/01/08 08:57:36 | 000,110,292 | ---- | C] () -- C:\WINDOWS\System32\ltwvodex.dll
[2004/01/08 08:57:23 | 000,103,708 | ---- | C] () -- C:\WINDOWS\System32\vbamgnt5.dll
[2004/01/05 21:18:58 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2004/01/05 19:34:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/01/05 19:07:42 | 000,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/05 17:31:34 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/05 00:39:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPC60.ini
[2004/01/04 22:43:20 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2004/01/04 22:43:20 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2004/01/04 22:43:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2004/01/04 22:43:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/01/04 22:32:37 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\lsasqdv.dll
[2004/01/04 22:18:14 | 000,103,103 | ---- | C] () -- C:\WINDOWS\System32\esenonui.dll
[2004/01/04 14:00:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/04 13:59:55 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\noisshrm.dll
[2004/01/04 13:59:51 | 000,103,475 | ---- | C] () -- C:\WINDOWS\System32\freebteg.dll
[2003/11/03 15:38:02 | 000,007,731 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/08/18 04:00:00 | 000,110,736 | ---- | C] () -- C:\WINDOWS\System32\msv1arp.dll
[2001/08/18 04:00:00 | 000,109,089 | ---- | C] () -- C:\WINDOWS\System32\kbdcela3.dll
[2001/08/18 04:00:00 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\ntshpi32.dll
[2001/08/18 04:00:00 | 000,105,666 | ---- | C] () -- C:\WINDOWS\System32\msexjsel.dll
[2001/08/18 04:00:00 | 000,105,321 | ---- | C] () -- C:\WINDOWS\System32\msh2pgrd.dll
[2001/08/18 04:00:00 | 000,104,363 | ---- | C] () -- C:\WINDOWS\System32\wshoepad.dll
[2001/08/17 14:36:34 | 000,111,008 | ---- | C] () -- C:\WINDOWS\System32\javax11n.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1995/09/15 16:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== LOP Check ==========

[2008/12/14 14:33:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/15 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/03/07 17:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/10/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/03/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2006/01/18 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/06/05 14:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/12 21:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/09 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/11 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Acoustica
[2009/09/11 20:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
[2010/08/02 07:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Cisco
[2006/01/18 19:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Digital Photo Slide Show
[2005/04/14 18:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ICAClient
[2004/01/05 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Leadertech
[2004/05/19 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
[2006/01/20 19:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Netscape
[2008/05/01 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Opera
[2009/11/14 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\QuadToneRIP
[2010/10/10 11:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird
[2004/05/30 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
[2006/01/18 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Ulead Systems
[2010/06/05 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Uniblue

========== Purity Check ==========

< End of report >

I'll try the GMER now.

Jack Fischer

2010-12-08, 06:52

I set the GMER as you advised and diabled my antivirus software but, has happened every time I've tried to run it, it crashed part way through and did not generate a file that could be saved. Advice?

Thanks!

jack

Jack&Jill

2010-12-08, 07:42

Hello Jack :),

Please retry GMER with Devices unchecked as well. If you are still encountering difficulties, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.

Jack Fischer

2010-12-09, 07:59

Tried to run Gmer with devices also unchecked. It stopped running and the main window, under "Type" said ".text and under "Name" said ntoskrnl.exe!_abnormal_termination+120.

When I twice tried to run it in safe mode it just stopped without scanning or generating any text. I did NOT try to do anything else on the machine while it was running Gmer. Is there something else to try?

Thanks much,

jack :thanks:

Jack&Jill

2010-12-09, 12:51

Hello Jack :),

How long did you wait before you come to a conclusion that it stopped? Sometimes it can take hours to produce a log. We will try something else if this does not work.

Rerun GMER with initial scan only

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
After the initial scan, click the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

--------------------

Please post back:
1. the GMER log

Jack Fischer

2010-12-10, 16:38

Well, I tried to run Gmer repeatedly without success. I turned off Avira and running it in safe mode. It will start to run the initial scan and then freeze on one of the files being scanned. I've let it sit for hours. There doesn't seem to be much to it, but hire is a log from one of the initial scans when it didn't crash immediately:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-09 19:24:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75CAA0 rev.16.06V16
Running: 99hjeu7t.exe; Driver: C:\DOCUME~1\JOYCEL~1\LOCALS~1\Temp\pxtdapod.sys

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

What next?

Jack&Jill

2010-12-10, 17:41

Hello Jack :),

It seems so difficult to get a rootkit scan running on your computer. We will try a different approach.

Please run ERUNT to backup the registry. This is important before you proceed to the next step.

--------------------

Fix with OTL

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on OTL.exe to run it.
Copy and paste ALL the following text into the white box below Custom Scans/Fixes:

:otl
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
[2010/02/23 18:36:34 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\askcom.xml
[2010/07/13 21:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 21:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Ranges: GD ([http] in Local intranet)
[2005/05/29 23:56:24 | 000,015,409 | ---- | C] () -- C:\WINDOWS\System32\lqmsaaaa.dll
[2005/05/25 20:24:58 | 000,002,640 | ---- | C] () -- C:\WINDOWS\System32\lqkaaaaa.dll
[2005/05/25 20:23:56 | 000,011,304 | ---- | C] () -- C:\WINDOWS\System32\haghkdf.dll
[2005/05/25 19:26:06 | 000,108,301 | ---- | C] () -- C:\WINDOWS\System32\comprsvp.dll
[2004/12/16 19:33:46 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/01/27 07:45:49 | 000,108,273 | ---- | C] () -- C:\WINDOWS\System32\autokdll.dll
[2004/01/27 07:45:49 | 000,103,575 | ---- | C] () -- C:\WINDOWS\System32\read87em.dll
[2004/01/27 07:45:47 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\plusideo.dll
[2004/01/08 09:05:51 | 000,110,708 | ---- | C] () -- C:\WINDOWS\System32\mtxo0081.dll
[2004/01/08 09:04:32 | 000,111,252 | ---- | C] () -- C:\WINDOWS\System32\hostgwiz.dll
[2004/01/08 09:01:42 | 000,102,687 | ---- | C] () -- C:\WINDOWS\System32\1252sutb.dll
[2004/01/08 08:57:36 | 000,110,292 | ---- | C] () -- C:\WINDOWS\System32\ltwvodex.dll
[2004/01/08 08:57:23 | 000,103,708 | ---- | C] () -- C:\WINDOWS\System32\vbamgnt5.dll
[2004/01/04 22:32:37 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\lsasqdv.dll
[2004/01/04 22:18:14 | 000,103,103 | ---- | C] () -- C:\WINDOWS\System32\esenonui.dll
[2004/01/04 13:59:55 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\noisshrm.dll
[2004/01/04 13:59:51 | 000,103,475 | ---- | C] () -- C:\WINDOWS\System32\freebteg.dll
[2001/08/18 04:00:00 | 000,110,736 | ---- | C] () -- C:\WINDOWS\System32\msv1arp.dll
[2001/08/18 04:00:00 | 000,109,089 | ---- | C] () -- C:\WINDOWS\System32\kbdcela3.dll
[2001/08/18 04:00:00 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\ntshpi32.dll
[2001/08/18 04:00:00 | 000,105,666 | ---- | C] () -- C:\WINDOWS\System32\msexjsel.dll
[2001/08/18 04:00:00 | 000,105,321 | ---- | C] () -- C:\WINDOWS\System32\msh2pgrd.dll
[2001/08/18 04:00:00 | 000,104,363 | ---- | C] () -- C:\WINDOWS\System32\wshoepad.dll
[2001/08/17 14:36:34 | 000,111,008 | ---- | C] () -- C:\WINDOWS\System32\javax11n.dll

:files
ipconfig /all /c

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe"=-
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"=-
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"=-
"C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe"=-

:commands
[CREATERESTOREPOINT]
[emptytemp]
Click Run Fix.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.

--------------------

C:\Documents and Settings\Joycellen Floyd\Desktop\win32k two
C:\Documents and Settings\Joycellen Floyd\Desktop\win32k.sys
C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe
C:\Documents and Settings\Joycellen Floyd\Desktop\58bs8qew.exe These files, do you have any idea about them, especially the first two?

--------------------

Please download RootRepeal from one of the links below and save it to your desktop.

Link 1 (http://rootrepeal.googlepages.com/RootRepeal.zip)
Link 2 (http://ad13.geekstogo.com/RootRepeal.zip)
Link 3 (http://rootrepeal.psikotick.com/RootRepeal.zip)

Scan with RootRepeal

Extract RootRepeal.exe from the zip file to your desktop.
Double click on RootRepeal.exe to run it.
Click on the Report tab at the bottom right of the program window and then press the Scan button.
In the Select Scan dialog, check (tick) all the options available and click OK.
Select the main system drive, usually C:\, and click OK to start the scan. Please wait for it to finish.
Once done, a log in Notepad will open. Please post the contents of the log, also saved as C:\RootRepeal report mm-dd-yy (hh-mm-ss).txt.

--------------------

Please post back:
1. the OTL fix log
2. the answer to my question about the files
3. the RootRepeal log

Jack Fischer

2010-12-11, 05:45

Here is the first step, the OTL log:

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\askcom.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\WINDOWS\system32\lqmsaaaa.dll moved successfully.
C:\WINDOWS\system32\lqkaaaaa.dll moved successfully.
C:\WINDOWS\system32\haghkdf.dll moved successfully.
C:\WINDOWS\system32\comprsvp.dll moved successfully.
C:\WINDOWS\system32\Zlib.dll moved successfully.
C:\WINDOWS\system32\autokdll.dll moved successfully.
C:\WINDOWS\system32\read87em.dll moved successfully.
C:\WINDOWS\system32\plusideo.dll moved successfully.
C:\WINDOWS\system32\mtxo0081.dll moved successfully.
C:\WINDOWS\system32\hostgwiz.dll moved successfully.
C:\WINDOWS\system32\1252sutb.dll moved successfully.
C:\WINDOWS\system32\ltwvodex.dll moved successfully.
C:\WINDOWS\system32\vbamgnt5.dll moved successfully.
C:\WINDOWS\system32\lsasqdv.dll moved successfully.
C:\WINDOWS\system32\esenonui.dll moved successfully.
C:\WINDOWS\system32\noisshrm.dll moved successfully.
C:\WINDOWS\system32\freebteg.dll moved successfully.
C:\WINDOWS\system32\msv1arp.dll moved successfully.
C:\WINDOWS\system32\kbdcela3.dll moved successfully.
C:\WINDOWS\system32\ntshpi32.dll moved successfully.
C:\WINDOWS\system32\msexjsel.dll moved successfully.
C:\WINDOWS\system32\msh2pgrd.dll moved successfully.
C:\WINDOWS\system32\wshoepad.dll moved successfully.
C:\WINDOWS\system32\javax11n.dll moved successfully.
========== FILES ==========
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : dell
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
Physical Address. . . . . . . . . :
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Friday, December 10, 2010 7:18:18 PM
Lease Expires . . . . . . . . . . : Saturday, December 11, 2010 7:18:18 PM
C:\Documents and Settings\Joycellen Floyd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Joycellen Floyd\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: BB443B11-7D12-450c-9F85-2D32804655F9

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Joycellen Floyd
->Temp folder emptied: 15807182 bytes
->Temporary Internet Files folder emptied: 428326 bytes
->Java cache emptied: 431525 bytes
->FireFox cache emptied: 77544583 bytes
->Google Chrome cache emptied: 8632561 bytes
->Apple Safari cache emptied: 10851328 bytes
->Flash cache emptied: 75811 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 571956 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131736 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5297776 bytes

Total Files Cleaned = 114.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 12102010_203333

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Jack Fischer

2010-12-11, 07:17

In answer to your question, I have no idea about those files or what they are for. Are they suspicious looking?

Regarding RootRepeal, I extracted it but when I tried to run it I received a message saying the machine was low in virtual memory and then hanging while that software attempts to initialize. I tried running it with nothing else open and the virus software disabled.

Thanks for your patience,

jack

Jack&Jill

2010-12-11, 17:48

Hello Jack :),

I need you to upload a few suspicious files to VirusTotal (VT) for an online scan. Click here. (http://www.virustotal.com)

Click on the Browse button or the white box beside it. A File Upload prompt will open.
Copy and paste the following file and its path to upload:

C:\Documents and Settings\Joycellen Floyd\Desktop\win32k two
Press Open, then Send file. The file will be uploaded for testing.
If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.
Repeat for

C:\Documents and Settings\Joycellen Floyd\Desktop\win32k.sys
C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe
Post the results in your next response.

Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti (http://virusscan.jotti.org/) or VirScan (http://virscan.org/) (VS) with similar steps.

A result from either one of the above scanners would be sufficient.

--------------------

Check some files with OTL

Double click on OTL.exe to run it.
Make sure all the None options is checked (ticked). There are eight of them.
Copy and paste the following into the white box under Custom Scans/Fixes:

%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /md5
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5

DRIVERS32
NETSVCS
Click on Run Scan at the top left hand corner. This might take a while.
When done, the OTL.txt file will open. Please post back the contents of this log.

--------------------

Increase paging file

Go to Start, then right click on My Computer. Select Properties. You can also do the same via the My Computer icon on the desktop.
Click on the Advanced tab, then Settings under the Performance section.
Go to the Advanced tab in this new window. Click Change under the Virtual Memory section.
Select Custom size, then in the two white boxes, key in 2046 into both and press Set. You will be prompted, click Yes. OK your way out and restart your computer if requested.

--------------------

Now, try RootRepeal again.

--------------------

Please post back:
1. VT / Jotti / VirScan results
2. OTL log
3. RootRepeal log

Jack Fischer

2010-12-11, 18:56

Here are the virus total results for the first file:

Antivirus Version Last Update Result
AhnLab-V3 2010.12.11.00 2010.12.10 -
AntiVir 7.10.14.255 2010.12.10 -
Antiy-AVL 2.0.3.7 2010.12.11 -
Avast 4.8.1351.0 2010.12.11 -
Avast5 5.0.677.0 2010.12.11 -
AVG 9.0.0.851 2010.12.11 -
BitDefender 7.2 2010.12.11 -
CAT-QuickHeal 11.00 2010.12.11 -
ClamAV 0.96.4.0 2010.12.11 -
Command 5.2.11.5 2010.12.11 -
Comodo 7024 2010.12.11 -
DrWeb 5.0.2.03300 2010.12.11 -
Emsisoft 5.1.0.1 2010.12.11 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8034 2010.12.10 -
F-Prot 4.6.2.117 2010.12.11 -
F-Secure 9.0.16160.0 2010.12.11 -
Fortinet 4.2.254.0 2010.12.11 -
GData 21 2010.12.11 -
Ikarus T3.1.1.90.0 2010.12.11 -
Jiangmin 13.0.900 2010.12.11 -
K7AntiVirus 9.72.3219 2010.12.11 -
Kaspersky 7.0.0.125 2010.12.11 -
McAfee 5.400.0.1158 2010.12.11 -
McAfee-GW-Edition 2010.1C 2010.12.11 -
Microsoft 1.6402 2010.12.11 -
NOD32 5694 2010.12.11 -
Norman 6.06.12 2010.12.11 -
nProtect 2010-12-11.01 2010.12.11 -
Panda 10.0.2.7 2010.12.11 -
PCTools 7.0.3.5 2010.12.11 -
Prevx 3.0 2010.12.11 -
Rising 22.77.04.00 2010.12.11 -
Sophos 4.60.0 2010.12.11 -
SUPERAntiSpyware 4.40.0.1006 2010.12.11 -
Symantec 20101.3.0.103 2010.12.11 -
TheHacker 6.7.0.1.098 2010.12.11 -
TrendMicro 9.120.0.1004 2010.12.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.11 -
VBA32 3.12.14.2 2010.12.10 -
VIPRE 7604 2010.12.11 -
ViRobot 2010.12.11.4196 2010.12.11 -
VirusBuster 13.6.87.0 2010.12.11 -
Additional information
Show all
MD5 : a77b5764cd2106d36148cb5e5ddf6bc6
SHA1 : 81970c75177d770d45f71b4ec9b34b5a0241a81c
SHA256: c245aebcc20fb429c8f1a305521eaeadd5c3b31c439984a67053043c43a8124a
ssdeep: 49152:LImTORvyy3/d+Dc/lDTs/PC+IZPwccfh:LImTOYmd+DMDTsC0hJ
File size : 1852800 bytes
First seen: 2010-10-12 22:43:51
Last seen : 2010-12-11 17:52:21
TrID:
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 5.1.2600.6033 (xpsp_sp3_gdr.100831-1644)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1B17FF
timedatestamp....: 0x4C7D06CE (Tue Aug 31 13:42:38 2010)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x380, 0x18DF47, 0x18DF80, 6.69, 44243a92680b42ff45ef5afb01ba27ff
.rdata, 0x18E300, 0xD084, 0xD100, 5.73, 5a5726cd99359db369567680e5ebdc8f
.data, 0x19B400, 0x1288C, 0x12900, 3.94, ffebf30ef46600abf749eafc9a376263
.kbdfall, 0x1ADD00, 0x63C, 0x680, 4.64, 3ba03356e2c3385ed25cd6aba303d5bd
.edata, 0x1AE380, 0x1AE3, 0x1B00, 5.97, 7e381ca9f55e372016eaa11cb35d5256
INIT, 0x1AFE80, 0x5796, 0x5800, 6.68, b8c890761499e7a7e3273093ba472da5
.rsrc, 0x1B5680, 0x2218, 0x2280, 3.51, 4436beb01e46fe54a982e7a7702f6c2b
.reloc, 0x1B7900, 0xCC74, 0xCC80, 6.76, 6aa4fe9da87ae7f682011a02b19ed39f

[[ 4 import(s) ]]
Dxapi.sys: _DxApiGetVersion@0
HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter
ntoskrnl.exe: PsSetProcessWin32Process, PsGetProcessWin32Process, ExAcquireFastMutexUnsafe, KeEnterCriticalRegion, PsGetCurrentProcessId, PsSetThreadWin32Thread, KeTickCount, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, ObfDereferenceObject, ObfReferenceObject, RtlNtStatusToDosError, strchr, strncpy, KeAreApcsDisabled, ExAllocatePoolWithTagPriority, RtlRandom, MmIsVerifierEnabled, PsGetCurrentThread, KeBugCheckEx, PsGetCurrentProcess, ProbeForWrite, _except_handler3, ExRaiseAccessViolation, SeReleaseSecurityDescriptor, SeCaptureSecurityDescriptor, RtlInitUnicodeString, swprintf, _wcsicmp, ExRaiseDatatypeMisalignment, ObReferenceObjectByHandle, ExAcquireResourceExclusiveLite, PsGetProcessSessionId, PsProcessType, ExReleaseResourceLite, ObCloseHandle, ExRaiseStatus, InterlockedExchange, RtlAreAnyAccessesGranted, memmove, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, wcsncpy, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, wcslen, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, KeInitializeEvent, ExFreePoolWithTag, ExInitializeResourceLite, ExAllocatePoolWithTag, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, wcschr, wcsstr, MmMapViewOfSection, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, PsGetThreadProcess, PsIsSystemThread, PsGetProcessJob, wcscpy, RtlGetNtGlobalFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetCurrentProcessSessionId, PsGetProcessWin32WindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessPeb, InterlockedPopEntrySList, InterlockedPushEntrySList, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, RtlFreeHeap, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, _allmul, KeSetEvent, PsIsThreadTerminating, ZwClose, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlInitializeBitMap, PsGetProcessId, PsGetProcessExitStatus, PsGetProcessExitProcessCalled, ZwQueryInformationProcess, KeSetKernelStackSwapEnable, SeTokenIsWriteRestricted, PsGetProcessSectionBaseAddress, ZwTerminateProcess, ExRaiseHardError, RtlWalkFrameChain, ExAllocatePoolWithQuotaTag, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, ZwQueryValueKey, ZwOpenKey, RtlDestroyHeap, _wcsnicmp, wcscat, KeDelayExecutionThread, InterlockedDecrement, NtQueryInformationProcess, RtlDestroyAtomTable, ExDeleteResourceLite, KeCancelTimer, KeRemoveSystemServiceTable, KeQueryInterruptTime, MmPageEntireDriver, MmUserProbeAddress, PsEstablishWin32Callouts, KeAddSystemServiceTable, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExIsResourceAcquiredSharedLite, ExAcquireResourceSharedLite, RtlQueryRegistryValues, ZwPowerInformation, KeResetEvent, ZwDeviceIoControlFile, IoGetRelatedDeviceObject, KeInitializeTimerEx, PsGetCurrentThreadId, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwQueryInformationToken, RtlEqualUnicodeString, ZwSetInformationObject, ZwQueryObject, ObCreateObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwDuplicateObject, ObFindHandleForObject, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, MmUnmapViewOfSection, ObOpenObjectByName, PsGetThreadTeb, KeDetachProcess, KeAttachProcess, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, KePulseEvent, ObQueryNameString, ZwOpenEvent, ZwSetInformationThread, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, LpcRequestWaitReplyPort, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, PsReferenceImpersonationToken, SeQueryInformationToken, SeTokenIsRestricted, PsCreateSystemThread, ObSetHandleAttributes, PsGetProcessDebugPort, ZwYieldExecution, RtlIntegerToChar, RtlUnicodeStringToAnsiString, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, KeSetPriorityThread, RtlUnicodeToMultiByteN, SeImpersonateClientEx, MmAdjustWorkingSetSize, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwQueryKey, ZwEnumerateValueKey, ZwSetValueKey, RtlMultiByteToUnicodeN, RtlFindMessage, wcsrchr, RtlEqualString, strrchr, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, IoQueryDeviceDescription, ExRundownCompleted, ExWaitForRundownProtectionRelease, ZwSetEvent, PoSetSystemState, PoRequestShutdownEvent, KeInitializeTimer, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, PsGetThreadFreezeCount, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, MmSystemRangeStart, IoFileObjectType, ZwOpenFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetStackLimits, MmCommitSessionMappedView, RtlCreateHeap, IoUnregisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, ZwCreateFile, ZwCancelIoFile, wcsncmp, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, ZwReadFile, ObReferenceObjectByName, IoDriverObjectType, IoCreateDriver, IoPnPDeliverServicePowerNotification, IoInvalidateDeviceRelations, LpcRequestPort, KeIsAttachedProcess, RtlEmptyAtomTable, RtlZeroHeap, _alldiv, _allshr, vsprintf, MmSecureVirtualMemory, KeRestoreFloatingPointState, KeSaveFloatingPointState, ZwQuerySystemInformation, ExSystemTimeToLocalTime, InterlockedCompareExchange, MmUnsecureVirtualMemory, RtlInsertElementGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, MmGrowKernelStack, PsGetCurrentThreadStackBase, ExSystemExceptionFilter, KeReadStateEvent, ZwQueryInformationFile, LdrAccessResource, LdrFindResource_U, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, RtlGetDefaultCodePage, ZwDeleteFile, LdrFindResourceDirectory_U, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageNtHeader, RtlImageDirectoryEntryToData, _strnicmp, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, strncmp, toupper, RtlWriteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, wcscmp, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, _alldvrm, _aulldiv, PsGetCurrentThreadPreviousMode, RtlCompareMemory, RtlCreateRegistryKey, MmQuerySystemSize, RtlEnumerateGenericTableAvl, RtlInitializeGenericTableAvl, PsTerminateSystemThread, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, _aulldvrm, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, MmAddVerifierThunks, PsGetThreadWin32Thread
watchdog.sys: WdDdiWatchdogDpcCallback, WdResumeDeferredWatch, WdSuspendDeferredWatch, WdAllocateDeferredWatchdog, WdStartDeferredWatch, WdStopDeferredWatch, WdFreeDeferredWatchdog, WdExitMonitoredSection, WdEnterMonitoredSection

[[ 225 export(s) ]]
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngReadStateEvent, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2

VT Community

Jack Fischer

2010-12-11, 19:15

Second Virus Total result:

File name:
win32k.sys
Submission date:
2010-12-11 17:58:44 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.12.11.00 2010.12.10 -
AntiVir 7.10.14.255 2010.12.10 -
Antiy-AVL 2.0.3.7 2010.12.11 -
Avast 4.8.1351.0 2010.12.11 -
Avast5 5.0.677.0 2010.12.11 -
AVG 9.0.0.851 2010.12.11 -
BitDefender 7.2 2010.12.11 -
CAT-QuickHeal 11.00 2010.12.11 -
ClamAV 0.96.4.0 2010.12.11 -
Command 5.2.11.5 2010.12.11 -
Comodo 7024 2010.12.11 -
DrWeb 5.0.2.03300 2010.12.11 -
Emsisoft 5.1.0.1 2010.12.11 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8034 2010.12.10 -
F-Prot 4.6.2.117 2010.12.11 -
F-Secure 9.0.16160.0 2010.12.11 -
Fortinet 4.2.254.0 2010.12.11 -
GData 21 2010.12.11 -
Ikarus T3.1.1.90.0 2010.12.11 -
Jiangmin 13.0.900 2010.12.11 -
K7AntiVirus 9.72.3219 2010.12.11 -
Kaspersky 7.0.0.125 2010.12.11 -
McAfee 5.400.0.1158 2010.12.11 -
McAfee-GW-Edition 2010.1C 2010.12.11 -
Microsoft 1.6402 2010.12.11 -
NOD32 5694 2010.12.11 -
Norman 6.06.12 2010.12.11 -
nProtect 2010-12-11.01 2010.12.11 -
Panda 10.0.2.7 2010.12.11 -
PCTools 7.0.3.5 2010.12.11 -
Prevx 3.0 2010.12.11 -
Rising 22.77.04.00 2010.12.11 -
Sophos 4.60.0 2010.12.11 -
SUPERAntiSpyware 4.40.0.1006 2010.12.11 -
Symantec 20101.3.0.103 2010.12.11 -
TheHacker 6.7.0.1.098 2010.12.11 -
TrendMicro 9.120.0.1004 2010.12.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.11 -
VBA32 3.12.14.2 2010.12.10 -
VIPRE 7604 2010.12.11 -
ViRobot 2010.12.11.4196 2010.12.11 -
VirusBuster 13.6.87.0 2010.12.11 -
Additional information
Show all
MD5 : a77b5764cd2106d36148cb5e5ddf6bc6
SHA1 : 81970c75177d770d45f71b4ec9b34b5a0241a81c
SHA256: c245aebcc20fb429c8f1a305521eaeadd5c3b31c439984a67053043c43a8124a
ssdeep: 49152:LImTORvyy3/d+Dc/lDTs/PC+IZPwccfh:LImTOYmd+DMDTsC0hJ
File size : 1852800 bytes
First seen: 2010-10-12 22:43:51
Last seen : 2010-12-11 17:58:44
TrID:
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 5.1.2600.6033 (xpsp_sp3_gdr.100831-1644)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1B17FF
timedatestamp....: 0x4C7D06CE (Tue Aug 31 13:42:38 2010)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x380, 0x18DF47, 0x18DF80, 6.69, 44243a92680b42ff45ef5afb01ba27ff
.rdata, 0x18E300, 0xD084, 0xD100, 5.73, 5a5726cd99359db369567680e5ebdc8f
.data, 0x19B400, 0x1288C, 0x12900, 3.94, ffebf30ef46600abf749eafc9a376263
.kbdfall, 0x1ADD00, 0x63C, 0x680, 4.64, 3ba03356e2c3385ed25cd6aba303d5bd
.edata, 0x1AE380, 0x1AE3, 0x1B00, 5.97, 7e381ca9f55e372016eaa11cb35d5256
INIT, 0x1AFE80, 0x5796, 0x5800, 6.68, b8c890761499e7a7e3273093ba472da5
.rsrc, 0x1B5680, 0x2218, 0x2280, 3.51, 4436beb01e46fe54a982e7a7702f6c2b
.reloc, 0x1B7900, 0xCC74, 0xCC80, 6.76, 6aa4fe9da87ae7f682011a02b19ed39f

[[ 4 import(s) ]]
Dxapi.sys: _DxApiGetVersion@0
HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter
ntoskrnl.exe: PsSetProcessWin32Process, PsGetProcessWin32Process, ExAcquireFastMutexUnsafe, KeEnterCriticalRegion, PsGetCurrentProcessId, PsSetThreadWin32Thread, KeTickCount, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, ObfDereferenceObject, ObfReferenceObject, RtlNtStatusToDosError, strchr, strncpy, KeAreApcsDisabled, ExAllocatePoolWithTagPriority, RtlRandom, MmIsVerifierEnabled, PsGetCurrentThread, KeBugCheckEx, PsGetCurrentProcess, ProbeForWrite, _except_handler3, ExRaiseAccessViolation, SeReleaseSecurityDescriptor, SeCaptureSecurityDescriptor, RtlInitUnicodeString, swprintf, _wcsicmp, ExRaiseDatatypeMisalignment, ObReferenceObjectByHandle, ExAcquireResourceExclusiveLite, PsGetProcessSessionId, PsProcessType, ExReleaseResourceLite, ObCloseHandle, ExRaiseStatus, InterlockedExchange, RtlAreAnyAccessesGranted, memmove, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, wcsncpy, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, wcslen, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, KeInitializeEvent, ExFreePoolWithTag, ExInitializeResourceLite, ExAllocatePoolWithTag, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, wcschr, wcsstr, MmMapViewOfSection, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, PsGetThreadProcess, PsIsSystemThread, PsGetProcessJob, wcscpy, RtlGetNtGlobalFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetCurrentProcessSessionId, PsGetProcessWin32WindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessPeb, InterlockedPopEntrySList, InterlockedPushEntrySList, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, RtlFreeHeap, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, _allmul, KeSetEvent, PsIsThreadTerminating, ZwClose, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlInitializeBitMap, PsGetProcessId, PsGetProcessExitStatus, PsGetProcessExitProcessCalled, ZwQueryInformationProcess, KeSetKernelStackSwapEnable, SeTokenIsWriteRestricted, PsGetProcessSectionBaseAddress, ZwTerminateProcess, ExRaiseHardError, RtlWalkFrameChain, ExAllocatePoolWithQuotaTag, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, ZwQueryValueKey, ZwOpenKey, RtlDestroyHeap, _wcsnicmp, wcscat, KeDelayExecutionThread, InterlockedDecrement, NtQueryInformationProcess, RtlDestroyAtomTable, ExDeleteResourceLite, KeCancelTimer, KeRemoveSystemServiceTable, KeQueryInterruptTime, MmPageEntireDriver, MmUserProbeAddress, PsEstablishWin32Callouts, KeAddSystemServiceTable, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExIsResourceAcquiredSharedLite, ExAcquireResourceSharedLite, RtlQueryRegistryValues, ZwPowerInformation, KeResetEvent, ZwDeviceIoControlFile, IoGetRelatedDeviceObject, KeInitializeTimerEx, PsGetCurrentThreadId, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwQueryInformationToken, RtlEqualUnicodeString, ZwSetInformationObject, ZwQueryObject, ObCreateObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwDuplicateObject, ObFindHandleForObject, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, MmUnmapViewOfSection, ObOpenObjectByName, PsGetThreadTeb, KeDetachProcess, KeAttachProcess, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, KePulseEvent, ObQueryNameString, ZwOpenEvent, ZwSetInformationThread, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, LpcRequestWaitReplyPort, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, PsReferenceImpersonationToken, SeQueryInformationToken, SeTokenIsRestricted, PsCreateSystemThread, ObSetHandleAttributes, PsGetProcessDebugPort, ZwYieldExecution, RtlIntegerToChar, RtlUnicodeStringToAnsiString, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, KeSetPriorityThread, RtlUnicodeToMultiByteN, SeImpersonateClientEx, MmAdjustWorkingSetSize, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwQueryKey, ZwEnumerateValueKey, ZwSetValueKey, RtlMultiByteToUnicodeN, RtlFindMessage, wcsrchr, RtlEqualString, strrchr, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, IoQueryDeviceDescription, ExRundownCompleted, ExWaitForRundownProtectionRelease, ZwSetEvent, PoSetSystemState, PoRequestShutdownEvent, KeInitializeTimer, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, PsGetThreadFreezeCount, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, MmSystemRangeStart, IoFileObjectType, ZwOpenFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetStackLimits, MmCommitSessionMappedView, RtlCreateHeap, IoUnregisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, ZwCreateFile, ZwCancelIoFile, wcsncmp, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, ZwReadFile, ObReferenceObjectByName, IoDriverObjectType, IoCreateDriver, IoPnPDeliverServicePowerNotification, IoInvalidateDeviceRelations, LpcRequestPort, KeIsAttachedProcess, RtlEmptyAtomTable, RtlZeroHeap, _alldiv, _allshr, vsprintf, MmSecureVirtualMemory, KeRestoreFloatingPointState, KeSaveFloatingPointState, ZwQuerySystemInformation, ExSystemTimeToLocalTime, InterlockedCompareExchange, MmUnsecureVirtualMemory, RtlInsertElementGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, MmGrowKernelStack, PsGetCurrentThreadStackBase, ExSystemExceptionFilter, KeReadStateEvent, ZwQueryInformationFile, LdrAccessResource, LdrFindResource_U, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, RtlGetDefaultCodePage, ZwDeleteFile, LdrFindResourceDirectory_U, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageNtHeader, RtlImageDirectoryEntryToData, _strnicmp, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, strncmp, toupper, RtlWriteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, wcscmp, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, _alldvrm, _aulldiv, PsGetCurrentThreadPreviousMode, RtlCompareMemory, RtlCreateRegistryKey, MmQuerySystemSize, RtlEnumerateGenericTableAvl, RtlInitializeGenericTableAvl, PsTerminateSystemThread, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, _aulldvrm, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, MmAddVerifierThunks, PsGetThreadWin32Thread
watchdog.sys: WdDdiWatchdogDpcCallback, WdResumeDeferredWatch, WdSuspendDeferredWatch, WdAllocateDeferredWatchdog, WdStartDeferredWatch, WdStopDeferredWatch, WdFreeDeferredWatchdog, WdExitMonitoredSection, WdEnterMonitoredSection

[[ 225 export(s) ]]
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngReadStateEvent, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Jack Fischer

2010-12-11, 19:19

Third file from virus total. This one appears to have one hit.

Antivirus Version Last Update Result
AhnLab-V3 2010.12.11.00 2010.12.10 -
AntiVir 7.10.14.255 2010.12.10 -
Antiy-AVL 2.0.3.7 2010.12.11 -
Avast 4.8.1351.0 2010.12.11 -
Avast5 5.0.677.0 2010.12.11 -
AVG 9.0.0.851 2010.12.11 -
BitDefender 7.2 2010.12.11 -
CAT-QuickHeal 11.00 2010.12.11 -
ClamAV 0.96.4.0 2010.12.11 -
Command 5.2.11.5 2010.12.11 -
Comodo 7024 2010.12.11 -
DrWeb 5.0.2.03300 2010.12.11 -
Emsisoft 5.1.0.1 2010.12.11 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8034 2010.12.10 -
F-Prot 4.6.2.117 2010.12.11 -
F-Secure 9.0.16160.0 2010.12.11 -
Fortinet 4.2.254.0 2010.12.11 -
GData 21 2010.12.11 -
Ikarus T3.1.1.90.0 2010.12.11 -
Jiangmin 13.0.900 2010.12.11 -
K7AntiVirus 9.72.3219 2010.12.11 -
Kaspersky 7.0.0.125 2010.12.11 -
McAfee 5.400.0.1158 2010.12.11 -
McAfee-GW-Edition 2010.1C 2010.12.11 -
Microsoft 1.6402 2010.12.11 -
NOD32 5694 2010.12.11 -
Norman 6.06.12 2010.12.11 -
nProtect 2010-12-11.01 2010.12.11 -
Panda 10.0.2.7 2010.12.11 -
PCTools 7.0.3.5 2010.12.11 -
Prevx 3.0 2010.12.11 -
Rising 22.77.04.00 2010.12.11 -
Sophos 4.60.0 2010.12.11 -
SUPERAntiSpyware 4.40.0.1006 2010.12.11 -
Symantec 20101.3.0.103 2010.12.11 -
TheHacker 6.7.0.1.098 2010.12.11 Trojan/Downloader.Zlob.bpbl
TrendMicro 9.120.0.1004 2010.12.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.11 -
VBA32 3.12.14.2 2010.12.10 -
VIPRE 7604 2010.12.11 -
ViRobot 2010.12.11.4196 2010.12.11 -
VirusBuster 13.6.87.0 2010.12.11 -
Additional information
Show all
MD5 : b3fdf6e7b0aecd48ca7e4921773fb606
SHA1 : 55283ad59439134673fc32fc097bdd9ae920fbc6
SHA256: 1e2f2a8fb52d3972b9b65b8ad1bebb66965c47a2994f89b3d652c31e6f6e4c3c
ssdeep: 24576:c7Rz+6GVlkicMgH6I7kuF7Xc+qaM9oXDEmHbGrXjk5rOTm:E+6cY75ZLqaMsDp6ro6m
File size : 1110476 bytes
First seen: 2010-11-18 20:01:31
Last seen : 2010-12-11 18:17:07
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): NSIS, Unicode, UTF-8
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x323C
timedatestamp....: 0x4B1AE3C6 (Sat Dec 05 22:50:46 2009)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5A5A, 0x5C00, 6.42, 0bc2ffd32265a08d72b795b18265828d
.rdata, 0x7000, 0x1190, 0x1200, 5.18, f179218a059068529bdb4637ef5fa28e
.data, 0x9000, 0x1AF98, 0x400, 4.71, 975304d6dd6c4a4f076b15511e2bbbc0
.ndata, 0x24000, 0x9000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0x2D000, 0x4118, 0x4200, 5.85, 77483af972a8e757d8ba96b88dc0c038

[[ 8 import(s) ]]
KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
ExifTool:
file metadata
CodeSize: 23552
EntryPoint: 0x323c
FileSize: 1084 kB
FileType: Win32 EXE
ImageVersion: 6.0
InitializedDataSize: 119808
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2009:12:05 23:50:46+01:00
UninitializedDataSize: 1024

VT Community

Jack Fischer

2010-12-11, 19:33

And, finally, here is the OTL log:

OTL logfile created on: 12/11/2010 10:22:47 AM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 414.00 Mb Available Physical Memory | 40.00% Memory free
926.00 Mb Paging File | 469.00 Mb Available in Paging File | 51.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.60 Gb Free Space | 31.18% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/29 17:27:57 | 000,006,148 | -H-- | M] () -- C:\.DS_Store
[2010/05/29 12:33:36 | 000,058,684 | ---- | M] () -- C:\aaw7boot.log
[2006/07/25 21:27:32 | 000,003,143 | ---- | M] () -- C:\acttmp.dat
[2005/12/15 21:58:19 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/15 21:58:19 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2004/01/04 22:19:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/24 20:39:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/01 21:34:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/06 18:02:47 | 000,013,833 | ---- | M] () -- C:\ComboFix.txt
[2004/01/05 19:34:24 | 000,000,000 | ---- | M] () -- C:\COMLOG.txt
[2004/01/04 22:19:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/23 21:14:21 | 000,016,922 | ---- | M] () -- C:\drwtsn32.log
[2005/01/23 22:54:51 | 000,024,576 | ---- | M] () -- C:\Experimental Matrix.doc
[2008/02/18 18:21:28 | 000,084,526 | ---- | M] () -- C:\fort_sdc-1.jpg
[2004/09/02 22:08:52 | 000,022,016 | ---- | M] () -- C:\Gary Garrels.doc
[2010/12/11 08:47:21 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/13 17:15:23 | 001,427,740 | ---- | M] () -- C:\hpfr5550.log
[2008/12/13 17:15:23 | 000,000,550 | ---- | M] () -- C:\hpfr5550.xml
[2004/01/04 22:19:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/06/25 21:47:18 | 000,033,436 | ---- | M] () -- C:\iTrip.xml
[2007/01/28 14:28:03 | 000,024,064 | ---- | M] () -- C:\Joe Science Project.doc
[2004/09/02 10:37:28 | 000,028,672 | ---- | M] () -- C:\Madeleine Grynsztejn.doc
[2007/01/28 18:34:11 | 000,031,744 | ---- | M] () -- C:\Media paper.doc
[2004/01/04 22:19:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/01/15 15:19:36 | 000,000,389 | ---- | M] () -- C:\My Documents.lnk
[2005/08/23 07:25:49 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/16 10:37:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/01/21 15:47:40 | 000,020,480 | ---- | M] () -- C:\parking permit ticket review.doc
[2004/09/02 22:08:34 | 000,031,744 | ---- | M] () -- C:\Philippe de Montebello kimmelman profile.doc
[2006/01/20 19:26:30 | 000,001,754 | ---- | M] () -- C:\photodex-presenter-install.log
[2006/06/23 13:24:19 | 000,184,320 | ---- | M] () -- C:\PlayerHost.dll
[2006/01/01 22:07:42 | 000,001,419 | ---- | M] () -- C:\smitfiles.txt
[2007/10/27 11:59:06 | 000,005,092 | ---- | M] () -- C:\st leo lion_alumni gif.gif
[2007/10/27 19:18:11 | 000,035,560 | ---- | M] () -- C:\st leo logo edited.jpg
[2007/10/27 13:08:41 | 000,030,861 | ---- | M] () -- C:\st leo logo.jpg
[2010/07/09 22:26:19 | 000,066,048 | ---- | M] () -- C:\Zinsser Tips.doc
[2007/01/27 16:25:22 | 000,000,162 | -H-- | M] () -- C:\~$e Science Project.doc

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/01/04 13:58:17 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/01/04 13:58:17 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/01/04 13:58:17 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /md5 >
[2008/04/13 10:46:18 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=C1536905AD2067812A238BCE998F4BFF -- C:\WINDOWS\system32\drivers\1394bus.sys
[2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) MD5=0F2D66D5F08EBE2F77BB904288DCF6F0 -- C:\WINDOWS\system32\drivers\ac97intc.sys
[2008/04/13 10:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\system32\drivers\acpi.sys
[2001/08/18 04:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) MD5=9859C0F6936E723E4892D7141B1327D5 -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008/04/13 08:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 02:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 10:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) MD5=03A7E0922ACFE1B07D5DB2EEB0773063 -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008/04/13 10:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) MD5=CB08AED0DE2DD889A8A820CD8082D83C -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) MD5=95B4FB835E28AA1336CEEB07FD5B9398 -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 10:31:32 | 000,037,376 | ---- | M] (Microsoft Corporation) MD5=D7701D7E72243286CC88C9973D891057 -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 10:31:33 | 000,037,760 | ---- | M] (Microsoft Corporation) MD5=8FCE268CDBDD83B23419D1F35F42C7B1 -- C:\WINDOWS\system32\drivers\amdk7.sys
[2001/07/25 17:56:48 | 000,167,309 | ---- | M] (Conexant Systems) MD5=76C432D458995DCBF17F7AED9766F9E6 -- C:\WINDOWS\system32\drivers\amosnt.sys
[2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) MD5=DB3241F2573E1FB9837AE561FA4622DF -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys
[2008/04/13 10:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=B5B8A80875C1DEDEDA8B02765642C32F -- C:\WINDOWS\system32\drivers\arp1394.sys
[2004/01/04 23:46:43 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) MD5=D880831279ED91F9A4190A2DB9539EA9 -- C:\WINDOWS\system32\drivers\asctrm.sys
[2008/04/13 10:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:29:29 | 000,056,623 | ---- | M] (ATI Technologies Inc.) MD5=D649C57DA6FA762C64013747E5D7D2D6 -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 21:29:29 | 000,011,615 | ---- | M] (ATI Technologies Inc.) MD5=60B6AA2DC1521DA343F781B70EB7895A -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 21:29:29 | 000,012,047 | ---- | M] (ATI Technologies Inc.) MD5=6FDC61E8E8E17F6ECC2D9A10FA8DF347 -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 21:29:30 | 000,030,671 | ---- | M] (ATI Technologies Inc.) MD5=9D318099BF3876A4AF4BC75966D27603 -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 21:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 21:29:31 | 000,026,367 | ---- | M] (ATI Technologies Inc.) MD5=DAC7D785CF62F5BD41441E9D6F5A6EFE -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 21:29:31 | 000,021,343 | ---- | M] (ATI Technologies Inc.) MD5=F7706DAE7D101F1B19CE552D772EBFCE -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 21:29:31 | 000,036,463 | ---- | M] (ATI Technologies Inc.) MD5=6F714B4720DD80FFA9F8D2731594EA4C -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 21:29:31 | 000,029,455 | ---- | M] (ATI Technologies Inc.) MD5=67FFBC158DD4D27BA3FC92C6ACD87F73 -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 21:29:31 | 000,034,735 | ---- | M] (ATI Technologies Inc.) MD5=0D8CAB1F08F7D3C4DE228B49E12E596A -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) MD5=9027AE586EF5F0E6A40175E92917B44C -- C:\WINDOWS\system32\drivers\ati2mpaa.sys
[2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) MD5=075E091EEBB450EEDAE9DA74F5B46494 -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 21:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) MD5=8759322FFC1A50569C1E5528EE8026B7 -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 21:29:27 | 000,057,856 | ---- | M] (ATI Technologies Inc.) MD5=993E7BD6438FE989E328C6B4BCA246A9 -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 21:29:28 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=ED4C2BF8403F4437987C0BA09CF48716 -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 21:29:29 | 000,014,336 | ---- | M] (ATI Technologies Inc.) MD5=E90AC2B14E98F1A4372E5891B4278784 -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 21:29:29 | 000,052,224 | ---- | M] (ATI Technologies Inc.) MD5=DA36687D701C833430605A298731410B -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 21:29:30 | 000,104,960 | ---- | M] (ATI Technologies Inc.) MD5=A7A01B907DB63898D40B0A14248FF9A2 -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 21:29:30 | 000,028,672 | ---- | M] (ATI Technologies Inc.) MD5=CEDDEE2E0591894D19654D458FD3B9BE -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 21:29:30 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=D80A8F6C0A717446496C3A06D33B0D9C -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 21:29:31 | 000,073,216 | ---- | M] (ATI Technologies Inc.) MD5=EDD66332608D27F4FD5069BCD0BC5164 -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 21:29:31 | 000,031,744 | ---- | M] (ATI Technologies Inc.) MD5=3E7D485CBD0B0D9F6EA2AD9442411831 -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 21:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 10:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) MD5=9916C1225104BA14794209CFA8012159 -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2001/08/18 04:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) MD5=39A0A59180F19946374275745B21AEBA -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 10:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=AE76348A2605FB197FA8FF1D6F547836 -- C:\WINDOWS\system32\drivers\atmlane.sys
[2001/08/18 04:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) MD5=E7EF69B38D17BA01F914AE8F66216A38 -- C:\WINDOWS\system32\drivers\atmuni.sys
[2007/04/13 09:30:39 | 000,025,136 | ---- | M] (America Online) MD5=0D74D0AA2ECCB5E2019B5E10C38AFD19 -- C:\WINDOWS\system32\drivers\atwpkt2.sys
[2007/04/13 09:30:43 | 000,033,592 | ---- | M] (America Online) MD5=D63802C63DCAC9D2450333105C81E91E -- C:\WINDOWS\system32\drivers\atwpkt264.sys
[2001/08/17 05:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=D9F724AA26C010A217C97606B160ED68 -- C:\WINDOWS\system32\drivers\audstub.sys
[2009/02/13 11:17:49 | 000,045,416 | ---- | M] (Avira GmbH) MD5=5B44C214F9CD9F590BE9125347610380 -- C:\WINDOWS\system32\drivers\avgntdd.sys
[2010/11/22 18:18:34 | 000,061,960 | ---- | M] (Avira GmbH) MD5=47B879406246FFDCED59E18D331A0E7D -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2010/06/17 14:27:26 | 000,022,360 | ---- | M] (Avira GmbH) MD5=87451AA7CC6B6A590EBCEA05E755075A -- C:\WINDOWS\system32\drivers\avgntmgr.sys
[2010/08/02 15:10:10 | 000,126,856 | ---- | M] (Avira GmbH) MD5=F8C56231ED5ECF7D1B46B0330880CCEF -- C:\WINDOWS\system32\drivers\avipbb.sys
[2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) MD5=9372CC48814A17E67C28945EB4ACC189 -- C:\WINDOWS\system32\drivers\basic2.sys
[2008/04/13 10:46:21 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=56B7F78228CC41FFA1F5BDF3AF799D19 -- C:\WINDOWS\system32\drivers\bdasup.sys
[2001/08/18 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 10:53:23 | 000,071,552 | ---- | M] (Microsoft Corporation) MD5=F934D1B230F84E1D19DD00AC5A7A83ED -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 10:46:33 | 000,017,024 | ---- | M] (Microsoft Corporation) MD5=B279426E3C0C344893ED78A613A73BDE -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 10:46:33 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=FCA6F069597B62D42495191ACE3FC6C1 -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 10:51:34 | 000,101,120 | ---- | M] (Microsoft Corporation) MD5=80602B8746D3738F5886CE3D67EF06B6 -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 03:05:51 | 000,272,128 | ---- | M] (Microsoft Corporation) MD5=662BFD909447DD9CC15B1A1C366583B4 -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 10:46:31 | 000,036,480 | ---- | M] (Microsoft Corporation) MD5=BB68CEBFFD181E18A26112D1B9F90F3D -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 10:46:29 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=61364CD71EF63B0F038B7E9DF00F1EFA -- C:\WINDOWS\system32\drivers\bthusb.sys
[2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) MD5=248DFA5762DDE38DFDDBBD44149E9D7A -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
[2001/08/18 04:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) MD5=90A673FC8E12A79AFBED2576F6A7AAF9 -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008/04/13 10:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) MD5=0BE5AEF125BE881C4F854C554F2B025C -- C:\WINDOWS\system32\drivers\ccdecode.sys
[2001/08/18 04:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) MD5=C1B486A7658353D33A10CC15211A873B -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 11:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008/04/13 10:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2001/08/18 04:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) MD5=B562592B7F5759C99E179CA467ECFB4C -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 11:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\system32\drivers\classpnp.sys
[2001/08/18 04:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) MD5=9624293E55AD405415862B504CA95B73 -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 10:31:32 | 000,036,736 | ---- | M] (Microsoft Corporation) MD5=F50D9BDBB25CCE075E514DC07472A22F -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 10:40:44 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=E65E2353A5D74EA89971CB918EEEB2F6 -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 10:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) MD5=D992FE1274BDE0F84AD826ACAE022A41 -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 10:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) MD5=7C824CF7BBDE77D95C08005717A95F6F -- C:\WINDOWS\system32\drivers\dmio.sys
[2001/08/18 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) MD5=E9317282A63CA4D188C0DF5E09C6AC5F -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 10:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) MD5=8A208DFCF89792A484E76C40E5F50B45 -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008/04/13 10:45:14 | 000,060,160 | ---- | M] (Microsoft Corporation) MD5=6CB08593487F5701D2D2254E693EAFCE -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 10:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=8F5FCFF8E8848AFAC920905FBD9D33C8 -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2001/08/23 05:00:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=FE97D0343ACFDEBDD578FC67CC91FA87 -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 10:38:29 | 000,071,168 | ---- | M] (Microsoft Corporation) MD5=AC7280566A7BB85CB3291F04DDC1198E -- C:\WINDOWS\system32\drivers\dxg.sys
[2001/08/18 04:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=80D1B490B60E74E002DC116EC5D41748 -- C:\WINDOWS\system32\drivers\enum1394.sys
[2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) MD5=F9472131367D39435D750F5FA3D23582 -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS
[2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) MD5=9EA76A7F28CD968F8ADC709E479F23B2 -- C:\WINDOWS\system32\drivers\fallback.sys
[2008/04/13 11:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
[2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) MD5=413CFA795CAD19A010889DF0EC060408 -- C:\WINDOWS\system32\drivers\faxnt.sys
[2008/04/13 10:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) MD5=92CDD60B6730B9F50F6A1A0C1F8CDC81 -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 10:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=D45926117EB9FA946A6AF572FBE1CAA3 -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 10:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=9D27E7B80BFCDF1CDD9B555862D5E7F0 -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 10:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) MD5=B7B262D0431374F3AFD1349E35B368D9 -- C:\WINDOWS\system32\drivers\fsksnt.sys
[2001/08/18 04:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=455F778EE14368468560BD7CB8C854D0 -- C:\WINDOWS\system32\drivers\fsvga.sys
[2001/08/18 04:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=3E1E2BD4F39B0E2B7DC4F4D2BCC2779A -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2001/08/18 04:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) MD5=6AC26732762483366C3969C9E4D2259D -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 10:36:40 | 000,046,464 | ---- | M] (Microsoft Corporation) MD5=3A74C423CF6BCCA6982715878F450A3B -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) MD5=8182FF89C65E4D38B2DE4BB0FB18564E -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) MD5=573C7D0A32852B48F3058CFD8026F511 -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2008/04/13 10:46:30 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=7BD2DE4C85EB4241EED57672B16A7D8D -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 10:45:26 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=1AF592532532A402ED7C060F6954004F -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 10:45:26 | 000,019,200 | ---- | M] (Microsoft Corporation) MD5=BB1A6FB7D35A91E599973FA74A619056 -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 10:45:22 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=96ECCF28FDBF1B2CC12725818A63628D -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 10:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) MD5=CCF82C5EC8A7326C3066DE870C06DAF1 -- C:\WINDOWS\system32\drivers\hidusb.sys
[2004/08/03 21:41:46 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) MD5=970178E8E003EB1481293830069624B9 -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 21:41:48 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) MD5=1225EBEA76AAC3C84DF6C54FE5E5D8BE -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 21:41:54 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) MD5=EBB354438A4C5A3327FB97306260714A -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2001/08/17 05:28:04 | 000,150,239 | ---- | M] (Conexant) MD5=93EC3CB49592633B0D0E159A20BB3604 -- C:\WINDOWS\system32\drivers\HSF_AMOS.sys
[2001/08/17 05:28:04 | 000,067,167 | ---- | M] (Conexant) MD5=1B9C81AB9A456EABD9F8335F04B5F495 -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys
[2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) MD5=A941AA38E3951058E584C4BBDDD56ED9 -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys
[2001/08/17 05:28:06 | 000,289,887 | ---- | M] (Conexant) MD5=C823DEBE2548656549F84A875D65237B -- C:\WINDOWS\system32\drivers\HSF_FALL.sys
[2001/08/17 05:28:06 | 000,199,711 | ---- | M] (Conexant) MD5=D9E8E0CE154A2F6430D9EFABDF730867 -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys
[2001/08/17 05:28:06 | 000,115,807 | ---- | M] (Conexant) MD5=6483414841D4CAB6C3B4DB2AC6EDD70B -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys
[2001/08/17 05:28:08 | 000,391,199 | ---- | M] (Conexant) MD5=9C5E3FDBFCC30CF71A49CA178B9AD442 -- C:\WINDOWS\system32\drivers\HSF_K56K.sys
[2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) MD5=74E379857D4C0DFB56DE2D19B8F4C434 -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys
[2001/08/17 05:28:10 | 000,057,471 | ---- | M] (Conexant) MD5=BB7549BD94D1AAC3599C7606C50C48A0 -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys
[2001/08/17 05:28:10 | 000,044,863 | ---- | M] (Conexant) MD5=724BD3830863E2774EB17311414A865E -- C:\WINDOWS\system32\drivers\HSF_SOAR.sys
[2001/08/17 05:28:10 | 000,073,279 | ---- | M] (Conexant) MD5=6C843C43FD7F0B42CFE477CE88D0F9B3 -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys
[2001/08/17 05:28:12 | 000,050,751 | ---- | M] (Conexant) MD5=8021A499DB46B2961C285168671CB9AF -- C:\WINDOWS\system32\drivers\HSF_TONE.sys
[2001/08/17 05:28:12 | 000,488,383 | ---- | M] (Conexant) MD5=269C0ADE94B90029B12497747BE408CB -- C:\WINDOWS\system32\drivers\HSF_V124.sys
[2009/10/20 08:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) MD5=F80A415EF82CD06FFAF0D971528EAD38 -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 10:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) MD5=4755DB407CECCD6B91F4B683C3197187 -- C:\WINDOWS\system32\drivers\IdeBusDr.sys
[2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) MD5=B5E01B50B08B440018F437AEBED0BCCF -- C:\WINDOWS\system32\drivers\IdeChnDr.sys
[2008/04/13 10:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 10:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=B5466A9250342A7AA0CD1FBA13420678 -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 10:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=8C953733D8F36EB2133F5BB58808B66B -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 10:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) MD5=3BB22519A194418D5FEC05D800A19AD0 -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) MD5=D0B3DEE109AF605885C46A59BFC24CD2 -- C:\WINDOWS\system32\drivers\ipfilter.sys
[2001/08/18 04:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) MD5=731F22BA402EE4B62748ADAF6363C182 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 10:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) MD5=B87AB476DCF76E72010632B5550955F5 -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 10:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) MD5=CC748EA12C6EFFDE940EE98098BF96BB -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 11:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 10:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=C93C9FF7B04D772627A3646D89F7BF89 -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 10:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) MD5=A4E3277398C8ABA999483D4C658C9696 -- C:\WINDOWS\system32\drivers\k56nt.sys
[2008/04/13 09:39:48 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 10:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) MD5=692BCF44383D056AED41B045A323D378 -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 10:16:36 | 000,141,056 | ---- | M] (Microsoft Corporation) MD5=0753515F78DF7F271A5E61C20BCD36A1 -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 03:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) MD5=B467646C54CC746128904E1654C750C1 -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) MD5=973F78482AA2F2760323900B3A501C40 -- C:\WINDOWS\system32\drivers\L8042mou.Sys
[2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) MD5=C91206CA84684057118265E8377C77B6 -- C:\WINDOWS\system32\drivers\LHidFilt.Sys
[2006/03/28 16:56:06 | 000,027,008 | ---- | M] (Logitech, Inc.) MD5=6A255DCBB15D429A545D0F8FC1427970 -- C:\WINDOWS\system32\drivers\LHidKE.Sys
[2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) MD5=60FCF7D9E2378D92C97BC2D6A21066B1 -- C:\WINDOWS\system32\drivers\LHidUsbK.sys
[2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) MD5=9F03720FA5E6D14CD4DFEA610F2C1A7C -- C:\WINDOWS\system32\drivers\LMouFilt.Sys
[2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) MD5=2A3E4DB78B20B2CD2C548A48A8E6B1B7 -- C:\WINDOWS\system32\drivers\LMouKE.Sys
[2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) MD5=9BC5A8F08CC4770C95F9C55D992DE929 -- C:\WINDOWS\system32\drivers\LUsbFilt.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) MD5=9B5CC6C481BDD00A963829B892623247 -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) MD5=E74DC2F3F9675A6025A4AA020EDD4341 -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2001/08/18 04:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D1F8BE91ED4DDB671D42E473E3FE71AB -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/08/03 21:41:55 | 000,011,868 | ---- | M] (Conexant) MD5=195741AEE20369980796B557358CD774 -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 10:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\system32\drivers\mf.sys
[2001/08/18 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4AE068242760A1FB6E1A44BF4E16AFA6 -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 11:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) MD5=DFCBAD3CEC1C5F964962AE10E0BCC8E1 -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 09:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=35C9E97194C8CFB8430125F8DBC34D04 -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 12:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=B1C303E17FB9D46E87A98E4BA6769685 -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 10:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 10:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) MD5=C0F8E0C2C3C0437CF37C6781896DC3EC -- C:\WINDOWS\system32\drivers\mpe.sys
[2008/04/13 10:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) MD5=11D42BB6206F33FBB3BA0288D3EF81BD -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2010/02/24 05:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 10:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=1477849772712BAC69C144DCF2C9CE81 -- C:\WINDOWS\system32\drivers\msdv.sys
[2008/04/13 10:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=C941EA2454BA8350021D774DAF0F1027 -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 10:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) MD5=0A02C63C8B144BD8C86B103DEE7C86A2 -- C:\WINDOWS\system32\drivers\msgpc.sys
[2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) MD5=877FFD0FB093B80F5ED6BA64D7921881 -- C:\WINDOWS\system32\drivers\Msikbd2k.sys
[2008/04/13 10:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) MD5=D1575E71568F4D9E14CA56B7B0453BF1 -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 10:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) MD5=325BB26842FC7CCC1FCCE2C457317F3E -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 10:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) MD5=BAD59648BA099DA4A17680B39730CB3D -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 10:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) MD5=AF5F4F3F14A8EA2C26DE30F7A1E17136 -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008/04/13 10:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=E53736A9E30C45FA9E7B5EAC55056D1D -- C:\WINDOWS\system32\drivers\mstee.sys
[2004/08/03 21:41:38 | 000,126,686 | ---- | M] (Smart Link) MD5=C53775780148884AC87C455489A0C070 -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 21:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 21:29:36 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) MD5=6DDA78A0BE692B61B668FAB860F276CF -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 11:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=2F625D11385B1A94360BFC70AAEFDEE1 -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 10:43:55 | 000,012,672 | ---- | M] (Microsoft Corporation) MD5=B538DCD9816EA35FA4F637CFC261AAA8 -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) MD5=A1520761F42DBB06DB7929D6FA9753EA -- C:\WINDOWS\system32\drivers\MxlW2k.sys
[2008/04/13 10:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) MD5=5B50F1B2A2ED47D560577B221DA734DB -- C:\WINDOWS\system32\drivers\nabtsfec.sys
[2008/04/13 11:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 10:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) MD5=7FF1F1FD8609C149AA432F95A8163D97 -- C:\WINDOWS\system32\drivers\ndisip.sys
[2008/04/13 10:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) MD5=1AB3D00C991AB086E69DB84B6C0ED78F -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 10:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=F927A4434C5028758A842943EF1A3849 -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 11:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) MD5=EDC1531A49C80614B2CFDA43CA8659AB -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 10:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) MD5=6215023940CFD3702B46ABC304E1D45A -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 10:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) MD5=5D81CF9A2F1A3A756B66CF684911CDF0 -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 11:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 10:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\system32\drivers\nic1394.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=BE984D604D91C217355CDD3737AAD25D -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) MD5=1E421A6BCF2203CC61B821ADA9DE878B -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 10:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) MD5=3182D64AE053D6FB034F44B6DEF8034A -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 11:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 21:41:39 | 000,180,360 | ---- | M] (Smart Link) MD5=576B34CEAE5B7E5D9FD2775E93B3DB53 -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2001/08/18 04:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=73C1E1F395918BC2C6DD67AF7591A3AD -- C:\WINDOWS\system32\drivers\null.sys
[2004/08/03 21:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2001/08/18 04:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) MD5=B305F3FAD35083837EF46A0BBCE2FC57 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2001/08/18 04:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) MD5=C99B3415198D1AAB7227F2C88FD664B9 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) MD5=8B8B1BE2DBA4025DA6786C645F77F123 -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2001/08/18 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2001/08/18 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) MD5=C0BB7D1615E1ACBDC99757F6CEAF8CF0 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 10:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) MD5=CA33832DF41AFB202EE7AEB05145922F -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) MD5=CEC7E2C6C1FA00C7AB2F5434F848AE51 -- C:\WINDOWS\system32\drivers\omci.sys
[2001/08/18 04:00:00 | 000,003,456 | ---- | M] (Microsoft Corporation) MD5=4BB30DDC53EBC76895E38694580CDFE9 -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 10:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) MD5=C90018BAFDC7098619A4A95B046B30F3 -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 10:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) MD5=5575FAF8F97CE5E713D108C2A58D7C7C -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 10:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) MD5=BEB3BA25197665D82EC7065B724171C6 -- C:\WINDOWS\system32\drivers\partmgr.sys
[2001/08/18 04:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) MD5=70E98B3FD8E963A6A46A2E6247E0BEA1 -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 10:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=A219903CCF74233761D92BEF471A07B1 -- C:\WINDOWS\system32\drivers\pci.sys
[2008/04/13 10:40:29 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=52E60F29221D0D1AC16737E8DBF7C3E9 -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 10:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) MD5=9E89EF60E9EE05E3F2EEF2DA7397F1C1 -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008/04/13 11:19:42 | 000,146,048 | ---- | M] (Microsoft Corporation) MD5=E82A496C3961EFC6828B508C310CE98F -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 10:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=A32BEBAF723557681BFC6BD93E98BD26 -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 10:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=09298EC810B07E5D582CB3A3F9255424 -- C:\WINDOWS\system32\drivers\psched.sys
[2001/08/18 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) MD5=80D317BD1C3DBC5D4FE7B1678C60CADD -- C:\WINDOWS\system32\drivers\ptilink.sys
[2006/05/23 13:44:32 | 000,011,520 | ---- | M] (Prevx Limited, http://www.prevx1.com/) MD5=30E4AC7ED64596BAED2C4A809E8D8104 -- C:\WINDOWS\system32\drivers\pxscrmbl.sys
[2001/08/18 04:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 11:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) MD5=11B4A627BC9614B885C4969BFA5FF8A6 -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 10:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) MD5=5BC962F2654137C9909C3D4603587DEE -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 11:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) MD5=EFEEC01B1D3CF84F16DDD24D9D9D8F99 -- C:\WINDOWS\system32\drivers\raspptp.sys
[2001/08/18 04:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) MD5=FDBB1D60066FCFBB7452FD8F9829B242 -- C:\WINDOWS\system32\drivers\raspti.sys
[2001/08/18 04:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) MD5=01524CD237223B18ADBB48F70083F101 -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 11:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) MD5=7AD224AD1A1437FE28D89CF22B17780A -- C:\WINDOWS\system32\drivers\rdbss.sys
[2001/08/18 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 10:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) MD5=15CABD0F7C00C47C70124907916AF3F1 -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 16:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 21:41:39 | 000,013,776 | ---- | M] (Smart Link) MD5=E9AAA0092D74A9D371659C4C38882E12 -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 10:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 10:46:32 | 000,059,136 | ---- | M] (Microsoft Corporation) MD5=851C30DF2807FCFA21E4C681A7D6440E -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=A56FE08EC7473E8580A390BB1081CDD7 -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=0A854DF84C77A0BE205BFEAB2AE4F0EC -- C:\WINDOWS\system32\drivers\riodrv.sys
[2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) MD5=4C35E57300A2DC5932A8E29EFA527C32 -- C:\WINDOWS\system32\drivers\rksample.sys
[2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) MD5=96F7A9A7BF0C9C0440A967440065D33C -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 10:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=601844CBCF617FF8C868130CA5B2039D -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 10:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=726548542AFECA56257FF01EB13BB6D7 -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2001/08/18 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=D8B0B4ADE32574B2D9C5CC34DC0DBBE7 -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) MD5=43110C2A2C5ED32EAD96C440718E4452 -- C:\WINDOWS\system32\drivers\rrnetcap.sys
[2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) MD5=D507C1400284176573224903819FFDA3 -- C:\WINDOWS\system32\drivers\rtl8139.sys
[2004/08/03 21:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) MD5=0DBCC071A268E0340A2BA6BDD98BACE4 -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 10:40:48 | 000,043,904 | ---- | M] (Microsoft Corporation) MD5=B244960E5A1DB8E9D5D17086DE37C1E4 -- C:\WINDOWS\system32\drivers\sbp2port.sys
[2008/04/13 10:40:30 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=76C465F570E90C28942D52CCB2580A10 -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 10:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) MD5=8D04819A3CE51B9EB47E5689B44D43C4 -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 02:25:53 | 000,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=90A3935D05B494A5A39D37E71F09A677 -- C:\WINDOWS\system32\drivers\secdrv.sys
[2001/07/25 15:36:28 | 000,002,619 | ---- | M] (Sensaura Ltd) MD5=BBD0545D7BFB62165815FBD0CB75E28C -- C:\WINDOWS\system32\drivers\sensupgd.sys
[2008/04/13 10:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) MD5=0F29512CCD6BEAD730039FB4BD2C85CE -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 11:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 10:40:47 | 000,011,904 | ---- | M] (Microsoft Corporation) MD5=0FA803C64DF0914B41F807EA276BF2A6 -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 10:40:48 | 000,010,240 | ---- | M] (Microsoft Corporation) MD5=D66D22D76878BF3483A6BE30183FB648 -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 10:40:47 | 000,011,008 | ---- | M] (Microsoft Corporation) MD5=C17C331E435ED8737525C86A7557B3AC -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 10:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) MD5=6B33D0EBD30DB32E27D1D78FE946A754 -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008/04/13 10:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) MD5=866D538EBE33709A5C9F5C62B73B7D14 -- C:\WINDOWS\system32\drivers\slip.sys
[2004/08/03 21:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 21:41:42 | 000,404,990 | ---- | M] (Smart Link) MD5=2C1779C0FEB1F4A6033600305EBA623A -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 21:41:44 | 000,095,424 | ---- | M] (Smart Link) MD5=F9B8E30E82EE95CF3E1D3E495599B99C -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 21:41:45 | 000,013,240 | ---- | M] (Smart Link) MD5=DB56BB2C55723815CF549D7FC50CFCEB -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 10:36:34 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=895BE38A993B9BD5ABBE570D63D88A2E -- C:\WINDOWS\system32\drivers\smbali.sys
[2001/08/18 04:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=017DAECF0ED3AA731313433601EC40FA -- C:\WINDOWS\system32\drivers\smclib.sys
[2001/07/25 15:40:30 | 000,438,200 | ---- | M] (Analog Devices, Inc.) MD5=BD3E236281547C681DFC7C947531B726 -- C:\WINDOWS\system32\drivers\smwdm.sys
[2001/07/18 18:58:10 | 000,048,494 | ---- | M] (Conexant Systems) MD5=F270A6CEEEBBAAF8D5633BDA2CA01A60 -- C:\WINDOWS\system32\drivers\soar.sys
[2008/04/13 10:46:07 | 000,025,344 | ---- | M] (Microsoft Corporation) MD5=489703624DAC94ED943C2ABDA022A1CD -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008/04/13 10:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 10:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2010/08/26 05:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) MD5=0F6AEFAD3641A657E18081F52D0C15AF -- C:\WINDOWS\system32\drivers\srv.sys
[2010/06/17 14:27:24 | 000,028,520 | ---- | M] (Avira GmbH) MD5=A36EE93698802CD899F98BFD553D8185 -- C:\WINDOWS\system32\drivers\ssmdrv.sys
[2004/12/18 19:32:32 | 000,038,229 | ---- | M] (Generic) MD5=1C9EE2C640B6F899CC3D84BCD1EA526F -- C:\WINDOWS\system32\drivers\StMp3Rec.sys
[2008/04/13 09:45:16 | 000,049,408 | ---- | M] (Microsoft Corporation) MD5=3E5D89099DED9E86E5639F411693218F -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 10:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) MD5=77813007BA6265C4B6098187E6ED79D2 -- C:\WINDOWS\system32\drivers\streamip.sys
[2008/04/13 10:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=3941D127AEF12E93ADDF6FE6EE027E0F -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 10:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008/04/13 11:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=8B83F3ED0F1688B4958F77CD6D2BF290 -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 10:40:50 | 000,014,976 | ---- | M] (Microsoft Corporation) MD5=FD6093E3DECD925F1CFFC8A0DD539D72 -- C:\WINDOWS\system32\drivers\tape.sys
[2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) MD5=4D46F63F7DDC2442941D63327C360B90 -- C:\WINDOWS\system32\drivers\tbhsd.sys
[2008/06/20 03:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) MD5=4E53BBCC4BE37D7A4BD6EF1098C89FF7 -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 11:00:05 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=0539D5E53587F82D1B4FD74C5BE205CF -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 16:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 16:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 16:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) MD5=E0F10A379239B4FAB319C55A9CD6BC96 -- C:\WINDOWS\system32\drivers\tonesnt.sys
[2001/08/18 04:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=699450901C5CCFD82357CBC531CEDD23 -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2001/08/18 04:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) MD5=D74A8EC75305F1D3CFDE7C7FC1BD62A9 -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 10:56:01 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=8F861EDA21C05857EB8197300A92501C -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 10:36:40 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=D85938F272D1BCF3DB3A31FC0A048928 -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 10:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=5787B80C2E3C5E2F56C2A233D91FA2C9 -- C:\WINDOWS\system32\drivers\udfs.sys
[2008/04/13 10:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) MD5=402DDC88356B1BAC0EE3DD1580C76A31 -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=BEE793D4A059CAEA55D6AC20E19B3A8F -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=B6CC50279D6CD28E090A5D33244ADC9A -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2009/03/05 22:59:00 | 000,036,864 | ---- | M] (Apple, Inc.) MD5=026F7F224F088EE11E383BCA448FFF81 -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) MD5=E919708DB44ED8543A7C017953148330 -- C:\WINDOWS\system32\drivers\USBAUDIO.sys
[2008/04/13 10:45:40 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=1C1A47B40C23358245AA8D0443B6935E -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 10:45:41 | 000,025,728 | ---- | M] (Microsoft Corporation) MD5=CE97845D2E3F0D274B8BAC1ED07C6149 -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 10:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) MD5=173F317CE0DB8E21322E71B7E60A27E8 -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2001/08/17 14:03:02 | 000,004,736 | ---- | M] (Microsoft Corporation) MD5=596EB39B50D6EBD9B734DC4AE0544693 -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 10:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=65DCF09D0E37D4C6B11B5B0B76D470A7 -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 10:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) MD5=1AB3CDDE553B6E064D2E754EFE20285C -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 10:45:43 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=290913DC4F1125E5A82DE52579A44C43 -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 10:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) MD5=0DAECCE65366EA32B162F85F07C6753B -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008/04/13 10:45:36 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=791912E524CC2CC6F50B5F2B52D1EB71 -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 10:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 10:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 10:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) MD5=26496F9DEE2D787FC3E61AD54821FFE6 -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 10:46:20 | 000,121,984 | ---- | M] (Microsoft Corporation) MD5=63BBFCA7F390F4C49ED4B96BFB1633E0 -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) MD5=177B65899D418F8C8F037B20567A99D6 -- C:\WINDOWS\system32\drivers\v124nt.sys
[2001/11/21 17:09:00 | 000,081,796 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=ACC6028A7C251080C98C39C180355D37 -- C:\WINDOWS\system32\drivers\V4CB0109.SYS
[2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\V4CB010B.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB010F.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB0111.SYS
[2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\V4CB0113.SYS
[2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\V4CB0115.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB0117.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB0119.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB011B.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB011D.SYS
[2001/11/24 13:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\VC4CB104.SYS
[2001/08/18 04:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) MD5=55E01061C74A8CEFFF58DC36114A8D3F -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 10:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=0D3A8FAFCEACD8B7625CD549757A7DF1 -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 10:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=754292CE5848B3738281B4F3607EAEF4 -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 10:44:40 | 000,081,664 | ---- | M] (Microsoft Corporation) MD5=E28726B72C46821A28830E077D39A55B -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 10:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 10:43:55 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=ACED8C149B30F8496C237BCBA3727B48 -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 21:29:38 | 000,011,807 | ---- | M] (Intel(R) Corporation) MD5=0308AEF61941E4AF478FA1A0F83812F5 -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 21:29:39 | 000,011,295 | ---- | M] (Intel(R) Corporation) MD5=714038A8AA5DE08E12062202CD7EAEB5 -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 21:29:40 | 000,011,871 | ---- | M] (Intel(R) Corporation) MD5=7BB3AA595E4507A788DE1CDC63F4C8C4 -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 21:29:40 | 000,011,935 | ---- | M] (Intel(R) Corporation) MD5=36E6C405B6143D09687F4056FD9A0D10 -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 10:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) MD5=E20B95BAEDB550F32DD489265C1DA1F6 -- C:\WINDOWS\system32\drivers\wanarp.sys
[2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) MD5=0A716C08CB13C3A8F4F51E882DBF7416 -- C:\WINDOWS\system32\drivers\wanatw4.sys
[2004/08/03 21:29:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) MD5=352FA0E98BC461CE1CE5D41F64DB558D -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 21:29:45 | 000,025,471 | ---- | M] (Intel(R) Corporation) MD5=791CC45DE6E50445BE72E8AD6401FF45 -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2006/11/02 06:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) MD5=FD47474BD21794508AF449D9D91AF6E6 -- C:\WINDOWS\system32\drivers\wdf01000.sys
[2006/11/02 06:22:52 | 000,032,224 | ---- | M] (Microsoft Corporation) MD5=DED98A3E466251CCAB93D579144B048C -- C:\WINDOWS\system32\drivers\wdfldr.sys
[2008/04/13 11:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) MD5=6768ACF64B18196494413695F0C3A00F -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2001/08/18 04:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=2F31B7F954BED437F2C75026C65CAF7B -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) MD5=CF4DEF1BF66F06964DC0D91844239104 -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2008/04/13 10:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) MD5=C98B39829C2BBD34E454150633C62C78 -- C:\WINDOWS\system32\drivers\wstcodec.sys
[2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) MD5=F15FEAFFFBB3644CCC80C5DA584E6311 -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=28B524262BCE6DE1F7EF9F510BA3985B -- C:\WINDOWS\system32\drivers\WudfRd.sys

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 16:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 16:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 16:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< >

< End of report >

Jack Fischer

2010-12-12, 03:27

I increased the paging file as instructed and RootRepeal still hung while initializing. I let it sit more than an hour and finally got another message saying low on virtual memory. I increased each value by 1000 and tried again and it still hung. Can I make it bigger still?

Thanks!

jack

Jack&Jill

2010-12-13, 17:30

Hello Jack :),

Please hang in there. I would like to seek some second opinions and get back to you soon. Thanks.

For the paging file, please keep to the figures I provided.

Jack Fischer

2010-12-13, 18:27

I'm hanging! :D:

Amazing what mischief malware can cause.

Thanks again for all the help.

Best,

jack

Jack&Jill

2010-12-14, 17:38

Hello Jack :),

How are you connecting to the Internet? By router? May I know the brand and model?

Jack Fischer

2010-12-15, 07:44

Hi Jack and/or Jill.

An easy one. I have a DSL connection and use an Actiontec DSL Gateway modem and a Netgear Range Max wireless modem for the rest of the house. The machine we're working on is connected by wire directly to the modem.

Best,

jack

Jack&Jill

2010-12-15, 10:26

Hello Jack :),

We need to try few things to clarify the source of the redirects your are experiencing.

My understanding of your reply regarding your computer we are working on now is that it uses Actiontec DSL Gateway modem, correct?

Do the other computers experience any redirects through the wireless connection? If not, can you try to connect to the Internet using the wireless modem with this computer?

Another question is do you know how to configure the modems in case we need to reset them to factory default settings?

Jack Fischer

2010-12-15, 19:56

That's correct, an Actiontec DSL Gateway modem.

And this is so interesting. Both my lap top and my son's Mac mini are experiencing redirect problems and they both connect through the wireless modem.

I don't think I can connect the desktop machine we've been working on wirelessly. I think's too old to have a wireless card.

I don't know how to configure the modem, but I bet we can find instructions online. One problem, my wife is a physician who often works on charts from home, so I can't have the Internet access down for long.

Next steps?

jack

Jack&Jill

2010-12-16, 10:58

Hello Jack :),

I think's too old to have a wireless card. An ancient one, no wonder the rootkit scan programs are havings problems running.

One problem, my wife is a physician who often works on charts from home, so I can't have the Internet access down for long. We will work with desktop first. At least you will have the others as backup in case anything happens.

Check router / modem

Open Notepad. Copy and paste the following text into it:

@echo off
>router.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start router.txt
del %0
Save it as router.bat on the desktop. Make sure the Save as type: is All Files (*.*).
Double click on router.bat to run it. Allow if prompted by any security software.
Post the contents of router.txt. It is found on your desktop.

--------------------

Please post back:
1. router.txt

Jack Fischer

2010-12-17, 06:19

Here you go:

Windows IP Configuration

Host Name . . . . . . . . . . . . : dell

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-05-5D-37-13-77

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, December 16, 2010 2:02:08 PM

Lease Expires . . . . . . . . . . : Friday, December 17, 2010 2:02:08 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.159.104, 74.125.159.99, 74.125.159.147, 74.125.159.106
74.125.159.105, 74.125.159.103

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56, 67.195.160.76, 72.30.2.43, 209.191.122.70
69.147.125.65

Pinging google.com [74.125.45.99] with 32 bytes of data:

Reply from 74.125.45.99: bytes=32 time=118ms TTL=48

Reply from 74.125.45.99: bytes=32 time=118ms TTL=48

Ping statistics for 74.125.45.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 118ms, Maximum = 118ms, Average = 118ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=46ms TTL=53

Reply from 98.137.149.56: bytes=32 time=47ms TTL=53

Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 47ms, Average = 46ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 05 5d 37 13 77 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
63.241.108.124 255.255.255.255 192.168.1.1 192.168.1.5 20
64.208.138.214 255.255.255.255 192.168.1.1 192.168.1.5 20
64.208.176.122 255.255.255.255 192.168.1.1 192.168.1.5 20
64.208.176.144 255.255.255.255 192.168.1.1 192.168.1.5 20
66.119.34.43 255.255.255.255 192.168.1.1 192.168.1.5 20
66.150.117.24 255.255.255.255 192.168.1.1 192.168.1.5 20
76.13.219.190 255.255.255.255 192.168.1.1 192.168.1.5 20
94.245.121.179 255.255.255.255 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
174.129.224.140 255.255.255.255 192.168.1.1 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
198.63.194.10 255.255.255.255 192.168.1.1 192.168.1.5 20
198.173.21.18 255.255.255.255 192.168.1.1 192.168.1.5 20
204.12.208.131 255.255.255.255 192.168.1.1 192.168.1.5 20
209.234.225.89 255.255.255.255 192.168.1.1 192.168.1.5 20
216.115.110.119 255.255.255.255 192.168.1.1 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

Jack&Jill

2010-12-18, 17:33

Hello Jack :),

Gather information

Before we reset the modem, you will need to get the DNS (http://www.webopedia.com/TERM/D/DNS.html) server numbers from your Internet Service Provider (ISP).
Alternatively, you can use OpenDNS (https://www.opendns.com/).
They will be used in the configuring the modem after we make a reset.
Please access your modem and browse through the layout and contents.
You may do so by typing 192.168.1.1 into the browser address bar and pressing Enter.
If you do not have access, use the default username and password from here (http://www.routerpasswords.com/index.asp) to access the modem or you can consult the source from which you got the modem from.
Find the DNS settings and take note of the DNS numbers so that we will know if the reset is successful.
The DNS may or may not be bad. Unless they are the same as what your ISP has provided, they should be omitted later.
Please also note that if you have configured the security settings of the modem before, you will need to redo it after the reset.
Exit the configuration interface of the modem.

Reset modem

Please reset the modem by using a pen or paper clip to push a small recessed button at the back of the modem.
Hold it pressed down until the lights of your modem blinks, usually about 10 seconds.
Enter the modem configuration again and go to the DNS settings. Are they the same as previous?
Key in the DNS servers that you acquired from either your ISP or OpenDNS. You will need to save or confirm the change for it to take effect.
Also, please change the password of the modem from the default, and if possible set a new username.
This is to prevent unauthorized access of the modem and hijacking after the reset.

Flush DNS

Go to Start > Run.... Copy and paste the following text into the white box:

cmd /c ipconfig /flushdns
Click OK.

Let me know how it goes.

Jack Fischer

2010-12-19, 08:46

Jack and/or Jill,

Please do not close this thread. I can't work on resetting the modem until Monday.

Thanks!

jack

Jack&Jill

2010-12-20, 09:59

Hello Jack :),

Thanks for informing. I will wait a bit. Understand that sometimes we have other priorities.

Jack Fischer

2010-12-21, 03:01

Okay, I did as requested. I think my ISP dynamically assigns my DNS each time I log on. I did set a new password. I ran the code in the run window. It seemed to execute the command but it did not give back any results.

Next?

Thanks!

jack

Jack&Jill

2010-12-21, 04:45

Hello Jack :),

Good. Please run router.bat again and post back the result.

Check router / modem

Open Notepad. Copy and paste the following text into it:

@echo off
>router.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start router.txt
del %0
Save it as router.bat on the desktop. Make sure the Save as type: is All Files (*.*).
Double click on router.bat to run it. Allow if prompted by any security software.
Post the contents of router.txt. It is found on your desktop.

--------------------

Please work the computer and your connection a bit to see if the redirect still occurs, and if yes, where do you get redirected to?

--------------------

Please post back:
1. router.txt
2. any more redirects?

Jack Fischer

2010-12-21, 21:31

Here's the new text from running the router.bat file:

Windows IP Configuration

Host Name . . . . . . . . . . . . : dell

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-05-5D-37-13-77

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Tuesday, December 21, 2010 12:07:38 PM

Lease Expires . . . . . . . . . . : Wednesday, December 22, 2010 12:07:38 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.19.147, 74.125.19.103, 74.125.19.99, 74.125.19.104

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76

Pinging google.com [74.125.224.18] with 32 bytes of data:

Reply from 74.125.224.18: bytes=32 time=51ms TTL=54

Reply from 74.125.224.18: bytes=32 time=48ms TTL=54

Ping statistics for 74.125.224.18:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 51ms, Average = 49ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=49ms TTL=53

Reply from 98.137.149.56: bytes=32 time=47ms TTL=53

Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 49ms, Average = 48ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 05 5d 37 13 77 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
12.129.210.71 255.255.255.255 192.168.1.1 192.168.1.5 20
64.94.126.65 255.255.255.255 192.168.1.1 192.168.1.5 20
64.210.61.213 255.255.255.255 192.168.1.1 192.168.1.5 20
65.49.92.123 255.255.255.255 192.168.1.1 192.168.1.5 20
65.49.92.145 255.255.255.255 192.168.1.1 192.168.1.5 20
65.49.92.235 255.255.255.255 192.168.1.1 192.168.1.5 20
65.55.116.181 255.255.255.255 192.168.1.1 192.168.1.5 20
66.94.245.1 255.255.255.255 192.168.1.1 192.168.1.5 20
66.94.245.254 255.255.255.255 192.168.1.1 192.168.1.5 20
66.114.48.14 255.255.255.255 192.168.1.1 192.168.1.5 20
66.114.48.16 255.255.255.255 192.168.1.1 192.168.1.5 20
66.220.149.11 255.255.255.255 192.168.1.1 192.168.1.5 20
67.195.141.200 255.255.255.255 192.168.1.1 192.168.1.5 20
67.195.141.201 255.255.255.255 192.168.1.1 192.168.1.5 20
68.142.199.25 255.255.255.255 192.168.1.1 192.168.1.5 20
98.137.49.1 255.255.255.255 192.168.1.1 192.168.1.5 20
98.137.51.1 255.255.255.255 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
128.241.217.186 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.9 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.32 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.35 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.40 255.255.255.255 192.168.1.1 192.168.1.5 20
128.241.218.83 255.255.255.255 192.168.1.1 192.168.1.5 20
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
173.192.198.179 255.255.255.255 192.168.1.1 192.168.1.5 20
174.129.128.117 255.255.255.255 192.168.1.1 192.168.1.5 20
174.129.139.142 255.255.255.255 192.168.1.1 192.168.1.5 20
174.129.214.149 255.255.255.255 192.168.1.1 192.168.1.5 20
184.72.90.115 255.255.255.255 192.168.1.1 192.168.1.5 20
184.72.146.145 255.255.255.255 192.168.1.1 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
204.2.136.114 255.255.255.255 192.168.1.1 192.168.1.5 20
208.92.238.24 255.255.255.255 192.168.1.1 192.168.1.5 20
208.96.4.68 255.255.255.255 192.168.1.1 192.168.1.5 20
216.223.0.211 255.255.255.255 192.168.1.1 192.168.1.5 20
216.252.120.245 255.255.255.255 192.168.1.1 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

Jack Fischer

2010-12-21, 21:33

Oh and no re-directs yet today, but I haven't been on yet. I had some yesterday after the work with the router. I'll copy the url and let you know as soon at it happens.

Thanks,

jack

Jack&Jill

2010-12-23, 17:46

Hello Jack :),

Please try to use your computer for a few more days and let me know how it goes.

Jack Fischer

2010-12-27, 09:12

No redirects or extra windows opening so far, but the machine hasn't been used much because of he holidays. Let's give it another couple days. Meanwhile, do we need to go back and do something about some of the threats one of the utilities found, or you think that flushing the router fixed them?

Best,

jack

Jack&Jill

2010-12-27, 17:23

Hello Jack :),

Hope you are enjoying the holidays.

do something about some of the threats one of the utilities found You are referring to? Only those files that I asked you to scan at VT are left and will be dealt with later.

Let's give it another couple days. Agreed.

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 7.0.7

Go to the Adobe download page. Click here. (http://get.adobe.com/reader/)
If your OS is not the same as stated, click on Different language or operating system? link.
Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
Change the language if you want by clicking on English below the Select a language title.
Press Continue.
Uncheck (untick) Free McAfee Security Scan (optional).
Click the Download now button after selecting the latest version.
Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.

--------------------

Do an online scan with Kaspersky Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1262157100549) to go to Kaspersky Online Scanner page.
Read through the requirements and privacy statement and click on the Accept button.
Download and installation of the scanner and virus definitions will begin. If prompted to install from Kaspersky, please proceed.
When the downloads have finished, click on Settings on the lower left of the window.
Make sure all these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
Click on My Computer under Scan tab to start scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place as KasperskyScan.txt. Change the Files of type to Text file (.txt) before clicking on the Save button.
Post the contents of that report in your reply.

--------------------

Please post back:
1. any more redirects?
2. Kaspersky online scan result

Jack Fischer

2011-01-02, 08:29

jack/jill

Well, I don't think we've seen any redirect problems or unwanted windows openin on any of the machines. Great job! I never would have guessed the router. What now?

Happy new year.

Best,

jack

Jack&Jill

2011-01-02, 08:56

Hello Jack :),

Happy New Year to you too.

Have you updated Adobe Reader and did a Kaspersky online scan according to my previous instructions? Please post the result from the online scan.

Jack&Jill

2011-01-05, 00:53

Hello Jack :),

I usually close the topic after 3 days without any reply, and it has already been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

We have a few more things to do before we are done.

If I do not get any response within the next 24 hours, this topic will be closed.

Jack Fischer

2011-01-06, 04:02

VERYsorry.:oops::oops: I did not see this email becuse iI wasn't checking regularly over the holidays. I'll run Kaspersky right now and post.

I would like to finish up.

Cheers,

jack

Jack Fischer

2011-01-06, 10:18

Well, not my best report. :red: I installed the new Adobe Reader before reading all of your instructions and did not first uninstall the earlier version. I tried to uninstall it afterward and received an error note and could not uninstall it. The new version DID say is was uninstalling all earlier versions as part of its install, but I found the 7.07 version in the program install/uninstall part of of control panel. Shall I uninstall the new version and start over?

When I tried to run Kaspersky, it spent a long time installing the database and then gave me an error message that said:

"Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]"

Please advise.

Thanks, cheers and Happy New Year,

Jack

Jack&Jill

2011-01-06, 10:43

Hello Jack :),

Shall I uninstall the new version and start over? Yes, please give it a shot. Having the old version means your computer will be vulnerable.

--------------------

We will do the ESET scan.

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Rerun OTL

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are six of them.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post back OTL.txt.

--------------------

Please post back:
1. ESET online scan result
2. OTL.txt
3. any more problems?

Jack Fischer

2011-01-07, 03:08

After I posted my last message I downloaded a fully functional trial version of Kaspersky and ran it on my machine. I needed to uninstall my Avira virus protection to do it, but then it ran fine. Here's the report:

Disinfected (6)
1/6/2011 2:09:48 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.fl c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\26\2fe9a31a-6f441726.vir High
1/6/2011 2:09:43 PM Disinfected Trojan program Exploit.Java.Agent.du c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\2\72e3a02-3b65c4e5.vir High
1/6/2011 2:09:46 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.ft c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\29\5363d3dd-36bf6409.vir High
1/6/2011 2:09:43 PM Disinfected Trojan program Exploit.Java.Agent.du c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\48\6eeafe70-562fa418.vir High
1/6/2011 2:09:39 PM Disinfected Trojan program Exploit.Java.Agent.dx c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\5\232ff0c5-79650f5d.vir High
1/6/2011 2:09:42 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.gi c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\56\64916bb8-60247aaa.vir High
Deleted (13)
1/6/2011 2:09:48 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fl c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\26\2fe9a31a-6f441726.vir//dev/s/AdgredY.class High
1/6/2011 2:09:43 PM Deleted Trojan program Exploit.Java.Agent.du c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\2\72e3a02-3b65c4e5.vir//vmain.class High
1/6/2011 2:09:46 PM Deleted Trojan program Trojan-Downloader.Java.Agent.ft c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\29\5363d3dd-36bf6409.vir//dev/s/AdgredY.class High
1/6/2011 2:09:45 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fu c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\29\5363d3dd-36bf6409.vir//dev/s/DyesyasZ.class High
1/6/2011 2:09:47 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fk c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\26\2fe9a31a-6f441726.vir//dev/s/DyesyasZ.class High
1/6/2011 2:09:43 PM Deleted Trojan program Exploit.Java.Agent.du c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\48\6eeafe70-562fa418.vir//vmain.class High
1/6/2011 2:09:45 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fv c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\29\5363d3dd-36bf6409.vir//dev/s/LoaderX.class High
1/6/2011 2:09:47 PM Deleted Trojan program Trojan-Downloader.Java.Agent.fj c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\26\2fe9a31a-6f441726.vir//dev/s/LoaderX.class High
1/6/2011 2:09:39 PM Deleted Trojan program Exploit.Java.Agent.dx c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\5\232ff0c5-79650f5d.vir//JavaUpdateApplication.class High
1/6/2011 2:09:42 PM Deleted Trojan program Trojan-Downloader.Java.Agent.gi c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\56\64916bb8-60247aaa.vir//dev/s/AdgredY.class High
1/6/2011 2:09:41 PM Deleted Trojan program Trojan-Downloader.Java.Agent.gj c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\56\64916bb8-60247aaa.vir//dev/s/DyesyasZ.class High
1/6/2011 2:09:38 PM Deleted Trojan program Exploit.Java.Agent.dy c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\5\232ff0c5-79650f5d.vir//JavaUpdateManager.class High
1/6/2011 2:09:40 PM Deleted Trojan program Trojan-Downloader.Java.Agent.gk c:\qoobox\quarantine\c\documents and settings\joycellen floyd\application data\sun\java\deployment\cache\6.0\56\64916bb8-60247aaa.vir//dev/s/LoaderX.class High

Can I now uninstall kaspersky and reinstall Avira?

I'll try to uninstall the new Adobe reader now and then see if I can uninstall Adobe reader 7.07. And run OTL.

I'll post again in a bit.

jack

Jack Fischer

2011-01-07, 03:41

Here's the OTL text:

OTL logfile created on: 1/6/2011 6:21:54 PM - Run 7
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 637.00 Mb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 3046 3046 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 8.26 Gb Free Space | 22.21% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/10 09:39:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/13 01:39:09 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2001/09/23 07:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
PRC - [2001/09/22 14:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP2.EXE

========== Modules (SafeList) ==========

MOD - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/08/22 21:28:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)
SRV - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOYCEL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/01/06 06:44:26 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)
DRV - [2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(r)
DRV - [2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 13:34:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/06 18:11:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/08 20:09:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/01/06 18:11:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt_2_x [2011/01/06 06:47:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt_3_1_x [2011/01/06 06:47:40 | 000,000,000 | ---D | M]

[2010/10/10 11:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions
[2010/10/10 11:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/05 22:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions
[2009/08/09 07:07:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/13 21:34:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/23 18:38:45 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\bing.xml
[2011/01/06 18:01:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 14:50:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 22:41:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/06 06:49:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/06 06:49:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/12/22 08:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2010/12/06 17:58:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab (FilePlanet Download Control Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab (Windows Live Safety Center Base Module)
O16 - DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} http://haserv1.liveglobalbid.com/lgbmpr.cab (LgbMediaPlayer Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124349026031 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/04 22:19:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/06 06:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/01/06 06:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/01/06 06:44:26 | 000,475,736 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/01/06 01:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011/01/06 01:24:49 | 115,652,856 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Joycellen Floyd\Desktop\kis2011_11.0.2.556-1781EN-US.exe
[2011/01/05 22:41:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/05 22:41:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/05 22:41:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/05 22:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/01/05 22:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/01/05 22:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/01/05 22:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/12/21 13:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joycellen Floyd\Application Data\enchant
[2010/12/21 13:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joycellen Floyd\AbiSuite
[2010/12/21 13:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\AbiWord
[2010/12/21 13:17:53 | 008,335,349 | ---- | C] (AbiSource Developers) -- C:\Documents and Settings\Joycellen Floyd\Desktop\abiword-setup-2.8.6.exe
[2010/12/15 15:21:13 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 15:20:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/14 22:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/12/10 20:33:33 | 000,000,000 | ---D | C] -- C:\_OTL
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/06 18:18:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/06 18:18:18 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2011/01/06 18:18:14 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2011/01/06 18:16:53 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/06 18:16:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/06 18:15:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/06 18:15:58 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/06 17:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/06 09:16:42 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/01/06 09:16:41 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/01/06 07:09:46 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/06 07:09:18 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/01/06 06:44:26 | 000,475,736 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/01/06 01:31:00 | 115,652,856 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Joycellen Floyd\Desktop\kis2011_11.0.2.556-1781EN-US.exe
[2011/01/05 22:20:09 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/01/05 22:20:09 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/01/03 21:42:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/28 10:42:36 | 000,010,599 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Extreme Makeover for SJ Art Shift.abw
[2010/12/21 16:17:35 | 000,026,719 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\IMG.jpeg
[2010/12/21 13:18:31 | 008,335,349 | ---- | M] (AbiSource Developers) -- C:\Documents and Settings\Joycellen Floyd\Desktop\abiword-setup-2.8.6.exe
[2010/12/20 17:27:41 | 000,065,560 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\NETGEAR_WNR3500.cfg
[2010/12/16 14:01:51 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 22:31:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/14 22:38:39 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/10 20:46:24 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\RootRepeal.zip
[2010/12/09 12:19:22 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\99hjeu7t.exe
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/06 06:48:56 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/01/06 06:48:56 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/01/05 22:20:09 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/01/05 22:20:09 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/28 10:42:36 | 000,010,599 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Extreme Makeover for SJ Art Shift.abw
[2010/12/21 16:17:33 | 000,026,719 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\IMG.jpeg
[2010/12/20 17:27:41 | 000,065,560 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\NETGEAR_WNR3500.cfg
[2010/12/11 14:04:02 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/10 20:46:22 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\RootRepeal.zip
[2010/12/09 12:19:21 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\99hjeu7t.exe
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/22 07:32:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/07/12 19:47:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
[2007/07/12 19:47:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PICTURM8.ini
[2007/02/26 22:56:21 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2006/09/13 19:52:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\sview.ini
[2006/09/13 19:44:36 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\svfiles.log
[2006/01/18 18:58:06 | 000,000,681 | ---- | C] () -- C:\WINDOWS\arp.INI
[2006/01/18 17:21:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\dpss.ini
[2006/01/16 22:13:27 | 000,000,395 | ---- | C] () -- C:\WINDOWS\DSSCC.INI
[2005/05/29 13:40:58 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/29 13:40:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/29 13:40:07 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/25 19:26:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/29 22:28:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/06 21:23:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MFSBaseLib2889.dll
[2004/10/06 21:23:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\MFSIFLib2889.dll
[2004/09/25 22:08:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS1280.ini
[2004/09/12 10:25:40 | 000,000,621 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/08/16 17:30:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 17:30:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/30 15:18:38 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/04/14 15:13:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/04/09 06:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL
[2004/03/22 20:44:47 | 000,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/03/22 20:44:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ICE.INI
[2004/03/08 19:59:17 | 000,000,590 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/02/09 19:36:21 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/01/10 19:42:03 | 000,050,012 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/01/05 21:18:58 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2004/01/05 19:34:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/01/05 19:07:42 | 000,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/05 17:31:34 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/05 00:39:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPC60.ini
[2004/01/04 22:43:20 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2004/01/04 22:43:20 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2004/01/04 22:43:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2004/01/04 22:43:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/01/04 14:00:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/11/03 15:38:02 | 000,007,731 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1995/09/15 16:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== LOP Check ==========

[2008/12/14 14:33:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/15 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/03/07 17:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/10/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/03/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2006/01/18 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/06/05 14:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/12 21:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/09 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/11 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Acoustica
[2009/09/11 20:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
[2010/08/02 07:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Cisco
[2006/01/18 19:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Digital Photo Slide Show
[2010/12/21 13:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\enchant
[2005/04/14 18:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ICAClient
[2004/01/05 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Leadertech
[2004/05/19 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
[2006/01/20 19:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Netscape
[2008/05/01 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Opera
[2009/11/14 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\QuadToneRIP
[2010/10/10 11:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird
[2004/05/30 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
[2006/01/18 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Ulead Systems
[2010/06/05 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Uniblue

========== Purity Check ==========

< End of report >

Do you still want to run ESET?

jack