Redirect Problems San Jose CA

**Jack&Jill** · 2010-12-11, 17:48

Hello Jack

,

I need you to upload a few suspicious files to VirusTotal (VT) for an online scan. Click here.

Click on the Browse button or the white box beside it. A File Upload prompt will open.
Copy and paste the following file and its path to upload:
Code:
```
C:\Documents and Settings\Joycellen Floyd\Desktop\win32k two
```
Press Open, then Send file. The file will be uploaded for testing.
If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.

Repeat for

Code:

C:\Documents and Settings\Joycellen Floyd\Desktop\win32k.sys
C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe

Post the results in your next response.

Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti or VirScan (VS) with similar steps.

A result from either one of the above scanners would be sufficient.

--------------------

Check some files with OTL

Double click on OTL.exe to run it.
Make sure all the None options is checked (ticked). There are eight of them.

Copy and paste the following into the white box under Custom Scans/Fixes:

Code:

%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\drivers\*.sys /md5
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5

DRIVERS32
NETSVCS

Click on Run Scan at the top left hand corner. This might take a while.
When done, the OTL.txt file will open. Please post back the contents of this log.

--------------------

Increase paging file

Go to Start, then right click on My Computer. Select Properties. You can also do the same via the My Computer icon on the desktop.
Click on the Advanced tab, then Settings under the Performance section.
Go to the Advanced tab in this new window. Click Change under the Virtual Memory section.
Select Custom size, then in the two white boxes, key in 2046 into both and press Set. You will be prompted, click Yes. OK your way out and restart your computer if requested.

--------------------

Now, try RootRepeal again.

--------------------

Please post back:
1. VT / Jotti / VirScan results
2. OTL log
3. RootRepeal log

**Jack Fischer** · 2010-12-11, 18:56

Here are the virus total results for the first file:

Antivirus Version Last Update Result
AhnLab-V3 2010.12.11.00 2010.12.10 -
AntiVir 7.10.14.255 2010.12.10 -
Antiy-AVL 2.0.3.7 2010.12.11 -
Avast 4.8.1351.0 2010.12.11 -
Avast5 5.0.677.0 2010.12.11 -
AVG 9.0.0.851 2010.12.11 -
BitDefender 7.2 2010.12.11 -
CAT-QuickHeal 11.00 2010.12.11 -
ClamAV 0.96.4.0 2010.12.11 -
Command 5.2.11.5 2010.12.11 -
Comodo 7024 2010.12.11 -
DrWeb 5.0.2.03300 2010.12.11 -
Emsisoft 5.1.0.1 2010.12.11 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8034 2010.12.10 -
F-Prot 4.6.2.117 2010.12.11 -
F-Secure 9.0.16160.0 2010.12.11 -
Fortinet 4.2.254.0 2010.12.11 -
GData 21 2010.12.11 -
Ikarus T3.1.1.90.0 2010.12.11 -
Jiangmin 13.0.900 2010.12.11 -
K7AntiVirus 9.72.3219 2010.12.11 -
Kaspersky 7.0.0.125 2010.12.11 -
McAfee 5.400.0.1158 2010.12.11 -
McAfee-GW-Edition 2010.1C 2010.12.11 -
Microsoft 1.6402 2010.12.11 -
NOD32 5694 2010.12.11 -
Norman 6.06.12 2010.12.11 -
nProtect 2010-12-11.01 2010.12.11 -
Panda 10.0.2.7 2010.12.11 -
PCTools 7.0.3.5 2010.12.11 -
Prevx 3.0 2010.12.11 -
Rising 22.77.04.00 2010.12.11 -
Sophos 4.60.0 2010.12.11 -
SUPERAntiSpyware 4.40.0.1006 2010.12.11 -
Symantec 20101.3.0.103 2010.12.11 -
TheHacker 6.7.0.1.098 2010.12.11 -
TrendMicro 9.120.0.1004 2010.12.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.11 -
VBA32 3.12.14.2 2010.12.10 -
VIPRE 7604 2010.12.11 -
ViRobot 2010.12.11.4196 2010.12.11 -
VirusBuster 13.6.87.0 2010.12.11 -
Additional information
Show all
MD5 : a77b5764cd2106d36148cb5e5ddf6bc6
SHA1 : 81970c75177d770d45f71b4ec9b34b5a0241a81c
SHA256: c245aebcc20fb429c8f1a305521eaeadd5c3b31c439984a67053043c43a8124a
ssdeep: 49152:LImTORvyy3/d+Dc/lDTs/PC+IZPwccfh:LImTOYmd+DMDTsC0hJ
File size : 1852800 bytes
First seen: 2010-10-12 22:43:51
Last seen : 2010-12-11 17:52:21
TrID:
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 5.1.2600.6033 (xpsp_sp3_gdr.100831-1644)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1B17FF
timedatestamp....: 0x4C7D06CE (Tue Aug 31 13:42:38 2010)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x380, 0x18DF47, 0x18DF80, 6.69, 44243a92680b42ff45ef5afb01ba27ff
.rdata, 0x18E300, 0xD084, 0xD100, 5.73, 5a5726cd99359db369567680e5ebdc8f
.data, 0x19B400, 0x1288C, 0x12900, 3.94, ffebf30ef46600abf749eafc9a376263
.kbdfall, 0x1ADD00, 0x63C, 0x680, 4.64, 3ba03356e2c3385ed25cd6aba303d5bd
.edata, 0x1AE380, 0x1AE3, 0x1B00, 5.97, 7e381ca9f55e372016eaa11cb35d5256
INIT, 0x1AFE80, 0x5796, 0x5800, 6.68, b8c890761499e7a7e3273093ba472da5
.rsrc, 0x1B5680, 0x2218, 0x2280, 3.51, 4436beb01e46fe54a982e7a7702f6c2b
.reloc, 0x1B7900, 0xCC74, 0xCC80, 6.76, 6aa4fe9da87ae7f682011a02b19ed39f

[[ 4 import(s) ]]
Dxapi.sys: _DxApiGetVersion@0
HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter
ntoskrnl.exe: PsSetProcessWin32Process, PsGetProcessWin32Process, ExAcquireFastMutexUnsafe, KeEnterCriticalRegion, PsGetCurrentProcessId, PsSetThreadWin32Thread, KeTickCount, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, ObfDereferenceObject, ObfReferenceObject, RtlNtStatusToDosError, strchr, strncpy, KeAreApcsDisabled, ExAllocatePoolWithTagPriority, RtlRandom, MmIsVerifierEnabled, PsGetCurrentThread, KeBugCheckEx, PsGetCurrentProcess, ProbeForWrite, _except_handler3, ExRaiseAccessViolation, SeReleaseSecurityDescriptor, SeCaptureSecurityDescriptor, RtlInitUnicodeString, swprintf, _wcsicmp, ExRaiseDatatypeMisalignment, ObReferenceObjectByHandle, ExAcquireResourceExclusiveLite, PsGetProcessSessionId, PsProcessType, ExReleaseResourceLite, ObCloseHandle, ExRaiseStatus, InterlockedExchange, RtlAreAnyAccessesGranted, memmove, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, wcsncpy, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, wcslen, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, KeInitializeEvent, ExFreePoolWithTag, ExInitializeResourceLite, ExAllocatePoolWithTag, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, wcschr, wcsstr, MmMapViewOfSection, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, PsGetThreadProcess, PsIsSystemThread, PsGetProcessJob, wcscpy, RtlGetNtGlobalFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetCurrentProcessSessionId, PsGetProcessWin32WindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessPeb, InterlockedPopEntrySList, InterlockedPushEntrySList, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, RtlFreeHeap, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, _allmul, KeSetEvent, PsIsThreadTerminating, ZwClose, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlInitializeBitMap, PsGetProcessId, PsGetProcessExitStatus, PsGetProcessExitProcessCalled, ZwQueryInformationProcess, KeSetKernelStackSwapEnable, SeTokenIsWriteRestricted, PsGetProcessSectionBaseAddress, ZwTerminateProcess, ExRaiseHardError, RtlWalkFrameChain, ExAllocatePoolWithQuotaTag, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, ZwQueryValueKey, ZwOpenKey, RtlDestroyHeap, _wcsnicmp, wcscat, KeDelayExecutionThread, InterlockedDecrement, NtQueryInformationProcess, RtlDestroyAtomTable, ExDeleteResourceLite, KeCancelTimer, KeRemoveSystemServiceTable, KeQueryInterruptTime, MmPageEntireDriver, MmUserProbeAddress, PsEstablishWin32Callouts, KeAddSystemServiceTable, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExIsResourceAcquiredSharedLite, ExAcquireResourceSharedLite, RtlQueryRegistryValues, ZwPowerInformation, KeResetEvent, ZwDeviceIoControlFile, IoGetRelatedDeviceObject, KeInitializeTimerEx, PsGetCurrentThreadId, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwQueryInformationToken, RtlEqualUnicodeString, ZwSetInformationObject, ZwQueryObject, ObCreateObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwDuplicateObject, ObFindHandleForObject, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, MmUnmapViewOfSection, ObOpenObjectByName, PsGetThreadTeb, KeDetachProcess, KeAttachProcess, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, KePulseEvent, ObQueryNameString, ZwOpenEvent, ZwSetInformationThread, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, LpcRequestWaitReplyPort, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, PsReferenceImpersonationToken, SeQueryInformationToken, SeTokenIsRestricted, PsCreateSystemThread, ObSetHandleAttributes, PsGetProcessDebugPort, ZwYieldExecution, RtlIntegerToChar, RtlUnicodeStringToAnsiString, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, KeSetPriorityThread, RtlUnicodeToMultiByteN, SeImpersonateClientEx, MmAdjustWorkingSetSize, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwQueryKey, ZwEnumerateValueKey, ZwSetValueKey, RtlMultiByteToUnicodeN, RtlFindMessage, wcsrchr, RtlEqualString, strrchr, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, IoQueryDeviceDescription, ExRundownCompleted, ExWaitForRundownProtectionRelease, ZwSetEvent, PoSetSystemState, PoRequestShutdownEvent, KeInitializeTimer, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, PsGetThreadFreezeCount, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, MmSystemRangeStart, IoFileObjectType, ZwOpenFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetStackLimits, MmCommitSessionMappedView, RtlCreateHeap, IoUnregisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, ZwCreateFile, ZwCancelIoFile, wcsncmp, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, ZwReadFile, ObReferenceObjectByName, IoDriverObjectType, IoCreateDriver, IoPnPDeliverServicePowerNotification, IoInvalidateDeviceRelations, LpcRequestPort, KeIsAttachedProcess, RtlEmptyAtomTable, RtlZeroHeap, _alldiv, _allshr, vsprintf, MmSecureVirtualMemory, KeRestoreFloatingPointState, KeSaveFloatingPointState, ZwQuerySystemInformation, ExSystemTimeToLocalTime, InterlockedCompareExchange, MmUnsecureVirtualMemory, RtlInsertElementGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, MmGrowKernelStack, PsGetCurrentThreadStackBase, ExSystemExceptionFilter, KeReadStateEvent, ZwQueryInformationFile, LdrAccessResource, LdrFindResource_U, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, RtlGetDefaultCodePage, ZwDeleteFile, LdrFindResourceDirectory_U, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageNtHeader, RtlImageDirectoryEntryToData, _strnicmp, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, strncmp, toupper, RtlWriteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, wcscmp, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, _alldvrm, _aulldiv, PsGetCurrentThreadPreviousMode, RtlCompareMemory, RtlCreateRegistryKey, MmQuerySystemSize, RtlEnumerateGenericTableAvl, RtlInitializeGenericTableAvl, PsTerminateSystemThread, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, _aulldvrm, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, MmAddVerifierThunks, PsGetThreadWin32Thread
watchdog.sys: WdDdiWatchdogDpcCallback, WdResumeDeferredWatch, WdSuspendDeferredWatch, WdAllocateDeferredWatchdog, WdStartDeferredWatch, WdStopDeferredWatch, WdFreeDeferredWatchdog, WdExitMonitoredSection, WdEnterMonitoredSection

[[ 225 export(s) ]]
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngReadStateEvent, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2

VT Community

**Jack Fischer** · 2010-12-11, 19:15

Second Virus Total result:

File name:
win32k.sys
Submission date:
2010-12-11 17:58:44 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.12.11.00 2010.12.10 -
AntiVir 7.10.14.255 2010.12.10 -
Antiy-AVL 2.0.3.7 2010.12.11 -
Avast 4.8.1351.0 2010.12.11 -
Avast5 5.0.677.0 2010.12.11 -
AVG 9.0.0.851 2010.12.11 -
BitDefender 7.2 2010.12.11 -
CAT-QuickHeal 11.00 2010.12.11 -
ClamAV 0.96.4.0 2010.12.11 -
Command 5.2.11.5 2010.12.11 -
Comodo 7024 2010.12.11 -
DrWeb 5.0.2.03300 2010.12.11 -
Emsisoft 5.1.0.1 2010.12.11 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8034 2010.12.10 -
F-Prot 4.6.2.117 2010.12.11 -
F-Secure 9.0.16160.0 2010.12.11 -
Fortinet 4.2.254.0 2010.12.11 -
GData 21 2010.12.11 -
Ikarus T3.1.1.90.0 2010.12.11 -
Jiangmin 13.0.900 2010.12.11 -
K7AntiVirus 9.72.3219 2010.12.11 -
Kaspersky 7.0.0.125 2010.12.11 -
McAfee 5.400.0.1158 2010.12.11 -
McAfee-GW-Edition 2010.1C 2010.12.11 -
Microsoft 1.6402 2010.12.11 -
NOD32 5694 2010.12.11 -
Norman 6.06.12 2010.12.11 -
nProtect 2010-12-11.01 2010.12.11 -
Panda 10.0.2.7 2010.12.11 -
PCTools 7.0.3.5 2010.12.11 -
Prevx 3.0 2010.12.11 -
Rising 22.77.04.00 2010.12.11 -
Sophos 4.60.0 2010.12.11 -
SUPERAntiSpyware 4.40.0.1006 2010.12.11 -
Symantec 20101.3.0.103 2010.12.11 -
TheHacker 6.7.0.1.098 2010.12.11 -
TrendMicro 9.120.0.1004 2010.12.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.11 -
VBA32 3.12.14.2 2010.12.10 -
VIPRE 7604 2010.12.11 -
ViRobot 2010.12.11.4196 2010.12.11 -
VirusBuster 13.6.87.0 2010.12.11 -
Additional information
Show all
MD5 : a77b5764cd2106d36148cb5e5ddf6bc6
SHA1 : 81970c75177d770d45f71b4ec9b34b5a0241a81c
SHA256: c245aebcc20fb429c8f1a305521eaeadd5c3b31c439984a67053043c43a8124a
ssdeep: 49152:LImTORvyy3/d+Dc/lDTs/PC+IZPwccfh:LImTOYmd+DMDTsC0hJ
File size : 1852800 bytes
First seen: 2010-10-12 22:43:51
Last seen : 2010-12-11 17:58:44
TrID:
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 5.1.2600.6033 (xpsp_sp3_gdr.100831-1644)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1B17FF
timedatestamp....: 0x4C7D06CE (Tue Aug 31 13:42:38 2010)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x380, 0x18DF47, 0x18DF80, 6.69, 44243a92680b42ff45ef5afb01ba27ff
.rdata, 0x18E300, 0xD084, 0xD100, 5.73, 5a5726cd99359db369567680e5ebdc8f
.data, 0x19B400, 0x1288C, 0x12900, 3.94, ffebf30ef46600abf749eafc9a376263
.kbdfall, 0x1ADD00, 0x63C, 0x680, 4.64, 3ba03356e2c3385ed25cd6aba303d5bd
.edata, 0x1AE380, 0x1AE3, 0x1B00, 5.97, 7e381ca9f55e372016eaa11cb35d5256
INIT, 0x1AFE80, 0x5796, 0x5800, 6.68, b8c890761499e7a7e3273093ba472da5
.rsrc, 0x1B5680, 0x2218, 0x2280, 3.51, 4436beb01e46fe54a982e7a7702f6c2b
.reloc, 0x1B7900, 0xCC74, 0xCC80, 6.76, 6aa4fe9da87ae7f682011a02b19ed39f

[[ 4 import(s) ]]
Dxapi.sys: _DxApiGetVersion@0
HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter
ntoskrnl.exe: PsSetProcessWin32Process, PsGetProcessWin32Process, ExAcquireFastMutexUnsafe, KeEnterCriticalRegion, PsGetCurrentProcessId, PsSetThreadWin32Thread, KeTickCount, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, ObfDereferenceObject, ObfReferenceObject, RtlNtStatusToDosError, strchr, strncpy, KeAreApcsDisabled, ExAllocatePoolWithTagPriority, RtlRandom, MmIsVerifierEnabled, PsGetCurrentThread, KeBugCheckEx, PsGetCurrentProcess, ProbeForWrite, _except_handler3, ExRaiseAccessViolation, SeReleaseSecurityDescriptor, SeCaptureSecurityDescriptor, RtlInitUnicodeString, swprintf, _wcsicmp, ExRaiseDatatypeMisalignment, ObReferenceObjectByHandle, ExAcquireResourceExclusiveLite, PsGetProcessSessionId, PsProcessType, ExReleaseResourceLite, ObCloseHandle, ExRaiseStatus, InterlockedExchange, RtlAreAnyAccessesGranted, memmove, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, wcsncpy, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, wcslen, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, KeInitializeEvent, ExFreePoolWithTag, ExInitializeResourceLite, ExAllocatePoolWithTag, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, wcschr, wcsstr, MmMapViewOfSection, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, PsGetThreadProcess, PsIsSystemThread, PsGetProcessJob, wcscpy, RtlGetNtGlobalFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetCurrentProcessSessionId, PsGetProcessWin32WindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessPeb, InterlockedPopEntrySList, InterlockedPushEntrySList, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, RtlFreeHeap, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, _allmul, KeSetEvent, PsIsThreadTerminating, ZwClose, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlInitializeBitMap, PsGetProcessId, PsGetProcessExitStatus, PsGetProcessExitProcessCalled, ZwQueryInformationProcess, KeSetKernelStackSwapEnable, SeTokenIsWriteRestricted, PsGetProcessSectionBaseAddress, ZwTerminateProcess, ExRaiseHardError, RtlWalkFrameChain, ExAllocatePoolWithQuotaTag, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, ZwQueryValueKey, ZwOpenKey, RtlDestroyHeap, _wcsnicmp, wcscat, KeDelayExecutionThread, InterlockedDecrement, NtQueryInformationProcess, RtlDestroyAtomTable, ExDeleteResourceLite, KeCancelTimer, KeRemoveSystemServiceTable, KeQueryInterruptTime, MmPageEntireDriver, MmUserProbeAddress, PsEstablishWin32Callouts, KeAddSystemServiceTable, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExIsResourceAcquiredSharedLite, ExAcquireResourceSharedLite, RtlQueryRegistryValues, ZwPowerInformation, KeResetEvent, ZwDeviceIoControlFile, IoGetRelatedDeviceObject, KeInitializeTimerEx, PsGetCurrentThreadId, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwQueryInformationToken, RtlEqualUnicodeString, ZwSetInformationObject, ZwQueryObject, ObCreateObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwDuplicateObject, ObFindHandleForObject, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, MmUnmapViewOfSection, ObOpenObjectByName, PsGetThreadTeb, KeDetachProcess, KeAttachProcess, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, KePulseEvent, ObQueryNameString, ZwOpenEvent, ZwSetInformationThread, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, LpcRequestWaitReplyPort, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, PsReferenceImpersonationToken, SeQueryInformationToken, SeTokenIsRestricted, PsCreateSystemThread, ObSetHandleAttributes, PsGetProcessDebugPort, ZwYieldExecution, RtlIntegerToChar, RtlUnicodeStringToAnsiString, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, KeSetPriorityThread, RtlUnicodeToMultiByteN, SeImpersonateClientEx, MmAdjustWorkingSetSize, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwQueryKey, ZwEnumerateValueKey, ZwSetValueKey, RtlMultiByteToUnicodeN, RtlFindMessage, wcsrchr, RtlEqualString, strrchr, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, IoQueryDeviceDescription, ExRundownCompleted, ExWaitForRundownProtectionRelease, ZwSetEvent, PoSetSystemState, PoRequestShutdownEvent, KeInitializeTimer, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, PsGetThreadFreezeCount, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, MmSystemRangeStart, IoFileObjectType, ZwOpenFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetStackLimits, MmCommitSessionMappedView, RtlCreateHeap, IoUnregisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, ZwCreateFile, ZwCancelIoFile, wcsncmp, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, ZwReadFile, ObReferenceObjectByName, IoDriverObjectType, IoCreateDriver, IoPnPDeliverServicePowerNotification, IoInvalidateDeviceRelations, LpcRequestPort, KeIsAttachedProcess, RtlEmptyAtomTable, RtlZeroHeap, _alldiv, _allshr, vsprintf, MmSecureVirtualMemory, KeRestoreFloatingPointState, KeSaveFloatingPointState, ZwQuerySystemInformation, ExSystemTimeToLocalTime, InterlockedCompareExchange, MmUnsecureVirtualMemory, RtlInsertElementGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, MmGrowKernelStack, PsGetCurrentThreadStackBase, ExSystemExceptionFilter, KeReadStateEvent, ZwQueryInformationFile, LdrAccessResource, LdrFindResource_U, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, RtlGetDefaultCodePage, ZwDeleteFile, LdrFindResourceDirectory_U, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageNtHeader, RtlImageDirectoryEntryToData, _strnicmp, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, strncmp, toupper, RtlWriteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, wcscmp, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, _alldvrm, _aulldiv, PsGetCurrentThreadPreviousMode, RtlCompareMemory, RtlCreateRegistryKey, MmQuerySystemSize, RtlEnumerateGenericTableAvl, RtlInitializeGenericTableAvl, PsTerminateSystemThread, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, _aulldvrm, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, MmAddVerifierThunks, PsGetThreadWin32Thread
watchdog.sys: WdDdiWatchdogDpcCallback, WdResumeDeferredWatch, WdSuspendDeferredWatch, WdAllocateDeferredWatchdog, WdStartDeferredWatch, WdStopDeferredWatch, WdFreeDeferredWatchdog, WdExitMonitoredSection, WdEnterMonitoredSection

[[ 225 export(s) ]]
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngReadStateEvent, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

**Jack Fischer** · 2010-12-11, 19:19

Third file from virus total. This one appears to have one hit.

Antivirus Version Last Update Result
AhnLab-V3 2010.12.11.00 2010.12.10 -
AntiVir 7.10.14.255 2010.12.10 -
Antiy-AVL 2.0.3.7 2010.12.11 -
Avast 4.8.1351.0 2010.12.11 -
Avast5 5.0.677.0 2010.12.11 -
AVG 9.0.0.851 2010.12.11 -
BitDefender 7.2 2010.12.11 -
CAT-QuickHeal 11.00 2010.12.11 -
ClamAV 0.96.4.0 2010.12.11 -
Command 5.2.11.5 2010.12.11 -
Comodo 7024 2010.12.11 -
DrWeb 5.0.2.03300 2010.12.11 -
Emsisoft 5.1.0.1 2010.12.11 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8034 2010.12.10 -
F-Prot 4.6.2.117 2010.12.11 -
F-Secure 9.0.16160.0 2010.12.11 -
Fortinet 4.2.254.0 2010.12.11 -
GData 21 2010.12.11 -
Ikarus T3.1.1.90.0 2010.12.11 -
Jiangmin 13.0.900 2010.12.11 -
K7AntiVirus 9.72.3219 2010.12.11 -
Kaspersky 7.0.0.125 2010.12.11 -
McAfee 5.400.0.1158 2010.12.11 -
McAfee-GW-Edition 2010.1C 2010.12.11 -
Microsoft 1.6402 2010.12.11 -
NOD32 5694 2010.12.11 -
Norman 6.06.12 2010.12.11 -
nProtect 2010-12-11.01 2010.12.11 -
Panda 10.0.2.7 2010.12.11 -
PCTools 7.0.3.5 2010.12.11 -
Prevx 3.0 2010.12.11 -
Rising 22.77.04.00 2010.12.11 -
Sophos 4.60.0 2010.12.11 -
SUPERAntiSpyware 4.40.0.1006 2010.12.11 -
Symantec 20101.3.0.103 2010.12.11 -
TheHacker 6.7.0.1.098 2010.12.11 Trojan/Downloader.Zlob.bpbl
TrendMicro 9.120.0.1004 2010.12.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.11 -
VBA32 3.12.14.2 2010.12.10 -
VIPRE 7604 2010.12.11 -
ViRobot 2010.12.11.4196 2010.12.11 -
VirusBuster 13.6.87.0 2010.12.11 -
Additional information
Show all
MD5 : b3fdf6e7b0aecd48ca7e4921773fb606
SHA1 : 55283ad59439134673fc32fc097bdd9ae920fbc6
SHA256: 1e2f2a8fb52d3972b9b65b8ad1bebb66965c47a2994f89b3d652c31e6f6e4c3c
ssdeep: 24576:c7Rz+6GVlkicMgH6I7kuF7Xc+qaM9oXDEmHbGrXjk5rOTm:E+6cY75ZLqaMsDp6ro6m
File size : 1110476 bytes
First seen: 2010-11-18 20:01:31
Last seen : 2010-12-11 18:17:07
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): NSIS, Unicode, UTF-8
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x323C
timedatestamp....: 0x4B1AE3C6 (Sat Dec 05 22:50:46 2009)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5A5A, 0x5C00, 6.42, 0bc2ffd32265a08d72b795b18265828d
.rdata, 0x7000, 0x1190, 0x1200, 5.18, f179218a059068529bdb4637ef5fa28e
.data, 0x9000, 0x1AF98, 0x400, 4.71, 975304d6dd6c4a4f076b15511e2bbbc0
.ndata, 0x24000, 0x9000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0x2D000, 0x4118, 0x4200, 5.85, 77483af972a8e757d8ba96b88dc0c038

[[ 8 import(s) ]]
KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
ExifTool:
file metadata
CodeSize: 23552
EntryPoint: 0x323c
FileSize: 1084 kB
FileType: Win32 EXE
ImageVersion: 6.0
InitializedDataSize: 119808
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2009:12:05 23:50:46+01:00
UninitializedDataSize: 1024

VT Community

**Jack Fischer** · 2010-12-11, 19:33

And, finally, here is the OTL log:

OTL logfile created on: 12/11/2010 10:22:47 AM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 414.00 Mb Available Physical Memory | 40.00% Memory free
926.00 Mb Paging File | 469.00 Mb Available in Paging File | 51.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.60 Gb Free Space | 31.18% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/29 17:27:57 | 000,006,148 | -H-- | M] () -- C:\.DS_Store
[2010/05/29 12:33:36 | 000,058,684 | ---- | M] () -- C:\aaw7boot.log
[2006/07/25 21:27:32 | 000,003,143 | ---- | M] () -- C:\acttmp.dat
[2005/12/15 21:58:19 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/15 21:58:19 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2004/01/04 22:19:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/24 20:39:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/01 21:34:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/06 18:02:47 | 000,013,833 | ---- | M] () -- C:\ComboFix.txt
[2004/01/05 19:34:24 | 000,000,000 | ---- | M] () -- C:\COMLOG.txt
[2004/01/04 22:19:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/23 21:14:21 | 000,016,922 | ---- | M] () -- C:\drwtsn32.log
[2005/01/23 22:54:51 | 000,024,576 | ---- | M] () -- C:\Experimental Matrix.doc
[2008/02/18 18:21:28 | 000,084,526 | ---- | M] () -- C:\fort_sdc-1.jpg
[2004/09/02 22:08:52 | 000,022,016 | ---- | M] () -- C:\Gary Garrels.doc
[2010/12/11 08:47:21 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/13 17:15:23 | 001,427,740 | ---- | M] () -- C:\hpfr5550.log
[2008/12/13 17:15:23 | 000,000,550 | ---- | M] () -- C:\hpfr5550.xml
[2004/01/04 22:19:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/06/25 21:47:18 | 000,033,436 | ---- | M] () -- C:\iTrip.xml
[2007/01/28 14:28:03 | 000,024,064 | ---- | M] () -- C:\Joe Science Project.doc
[2004/09/02 10:37:28 | 000,028,672 | ---- | M] () -- C:\Madeleine Grynsztejn.doc
[2007/01/28 18:34:11 | 000,031,744 | ---- | M] () -- C:\Media paper.doc
[2004/01/04 22:19:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/01/15 15:19:36 | 000,000,389 | ---- | M] () -- C:\My Documents.lnk
[2005/08/23 07:25:49 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/16 10:37:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/01/21 15:47:40 | 000,020,480 | ---- | M] () -- C:\parking permit ticket review.doc
[2004/09/02 22:08:34 | 000,031,744 | ---- | M] () -- C:\Philippe de Montebello kimmelman profile.doc
[2006/01/20 19:26:30 | 000,001,754 | ---- | M] () -- C:\photodex-presenter-install.log
[2006/06/23 13:24:19 | 000,184,320 | ---- | M] () -- C:\PlayerHost.dll
[2006/01/01 22:07:42 | 000,001,419 | ---- | M] () -- C:\smitfiles.txt
[2007/10/27 11:59:06 | 000,005,092 | ---- | M] () -- C:\st leo lion_alumni gif.gif
[2007/10/27 19:18:11 | 000,035,560 | ---- | M] () -- C:\st leo logo edited.jpg
[2007/10/27 13:08:41 | 000,030,861 | ---- | M] () -- C:\st leo logo.jpg
[2010/07/09 22:26:19 | 000,066,048 | ---- | M] () -- C:\Zinsser Tips.doc
[2007/01/27 16:25:22 | 000,000,162 | -H-- | M] () -- C:\~$e Science Project.doc

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/01/04 13:58:17 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/01/04 13:58:17 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/01/04 13:58:17 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /md5 >
[2008/04/13 10:46:18 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=C1536905AD2067812A238BCE998F4BFF -- C:\WINDOWS\system32\drivers\1394bus.sys
[2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) MD5=0F2D66D5F08EBE2F77BB904288DCF6F0 -- C:\WINDOWS\system32\drivers\ac97intc.sys
[2008/04/13 10:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\system32\drivers\acpi.sys
[2001/08/18 04:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) MD5=9859C0F6936E723E4892D7141B1327D5 -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008/04/13 08:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 02:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 10:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) MD5=03A7E0922ACFE1B07D5DB2EEB0773063 -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008/04/13 10:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) MD5=CB08AED0DE2DD889A8A820CD8082D83C -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) MD5=95B4FB835E28AA1336CEEB07FD5B9398 -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 10:31:32 | 000,037,376 | ---- | M] (Microsoft Corporation) MD5=D7701D7E72243286CC88C9973D891057 -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 10:31:33 | 000,037,760 | ---- | M] (Microsoft Corporation) MD5=8FCE268CDBDD83B23419D1F35F42C7B1 -- C:\WINDOWS\system32\drivers\amdk7.sys
[2001/07/25 17:56:48 | 000,167,309 | ---- | M] (Conexant Systems) MD5=76C432D458995DCBF17F7AED9766F9E6 -- C:\WINDOWS\system32\drivers\amosnt.sys
[2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) MD5=DB3241F2573E1FB9837AE561FA4622DF -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys
[2008/04/13 10:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=B5B8A80875C1DEDEDA8B02765642C32F -- C:\WINDOWS\system32\drivers\arp1394.sys
[2004/01/04 23:46:43 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) MD5=D880831279ED91F9A4190A2DB9539EA9 -- C:\WINDOWS\system32\drivers\asctrm.sys
[2008/04/13 10:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:29:29 | 000,056,623 | ---- | M] (ATI Technologies Inc.) MD5=D649C57DA6FA762C64013747E5D7D2D6 -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 21:29:29 | 000,011,615 | ---- | M] (ATI Technologies Inc.) MD5=60B6AA2DC1521DA343F781B70EB7895A -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 21:29:29 | 000,012,047 | ---- | M] (ATI Technologies Inc.) MD5=6FDC61E8E8E17F6ECC2D9A10FA8DF347 -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 21:29:30 | 000,030,671 | ---- | M] (ATI Technologies Inc.) MD5=9D318099BF3876A4AF4BC75966D27603 -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 21:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 21:29:31 | 000,026,367 | ---- | M] (ATI Technologies Inc.) MD5=DAC7D785CF62F5BD41441E9D6F5A6EFE -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 21:29:31 | 000,021,343 | ---- | M] (ATI Technologies Inc.) MD5=F7706DAE7D101F1B19CE552D772EBFCE -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 21:29:31 | 000,036,463 | ---- | M] (ATI Technologies Inc.) MD5=6F714B4720DD80FFA9F8D2731594EA4C -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 21:29:31 | 000,029,455 | ---- | M] (ATI Technologies Inc.) MD5=67FFBC158DD4D27BA3FC92C6ACD87F73 -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 21:29:31 | 000,034,735 | ---- | M] (ATI Technologies Inc.) MD5=0D8CAB1F08F7D3C4DE228B49E12E596A -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) MD5=9027AE586EF5F0E6A40175E92917B44C -- C:\WINDOWS\system32\drivers\ati2mpaa.sys
[2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) MD5=075E091EEBB450EEDAE9DA74F5B46494 -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 21:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) MD5=8759322FFC1A50569C1E5528EE8026B7 -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 21:29:27 | 000,057,856 | ---- | M] (ATI Technologies Inc.) MD5=993E7BD6438FE989E328C6B4BCA246A9 -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 21:29:28 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=ED4C2BF8403F4437987C0BA09CF48716 -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 21:29:29 | 000,014,336 | ---- | M] (ATI Technologies Inc.) MD5=E90AC2B14E98F1A4372E5891B4278784 -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 21:29:29 | 000,052,224 | ---- | M] (ATI Technologies Inc.) MD5=DA36687D701C833430605A298731410B -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 21:29:30 | 000,104,960 | ---- | M] (ATI Technologies Inc.) MD5=A7A01B907DB63898D40B0A14248FF9A2 -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 21:29:30 | 000,028,672 | ---- | M] (ATI Technologies Inc.) MD5=CEDDEE2E0591894D19654D458FD3B9BE -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 21:29:30 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=D80A8F6C0A717446496C3A06D33B0D9C -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 21:29:31 | 000,073,216 | ---- | M] (ATI Technologies Inc.) MD5=EDD66332608D27F4FD5069BCD0BC5164 -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 21:29:31 | 000,031,744 | ---- | M] (ATI Technologies Inc.) MD5=3E7D485CBD0B0D9F6EA2AD9442411831 -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 21:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 10:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) MD5=9916C1225104BA14794209CFA8012159 -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2001/08/18 04:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) MD5=39A0A59180F19946374275745B21AEBA -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 10:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=AE76348A2605FB197FA8FF1D6F547836 -- C:\WINDOWS\system32\drivers\atmlane.sys
[2001/08/18 04:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) MD5=E7EF69B38D17BA01F914AE8F66216A38 -- C:\WINDOWS\system32\drivers\atmuni.sys
[2007/04/13 09:30:39 | 000,025,136 | ---- | M] (America Online) MD5=0D74D0AA2ECCB5E2019B5E10C38AFD19 -- C:\WINDOWS\system32\drivers\atwpkt2.sys
[2007/04/13 09:30:43 | 000,033,592 | ---- | M] (America Online) MD5=D63802C63DCAC9D2450333105C81E91E -- C:\WINDOWS\system32\drivers\atwpkt264.sys
[2001/08/17 05:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=D9F724AA26C010A217C97606B160ED68 -- C:\WINDOWS\system32\drivers\audstub.sys
[2009/02/13 11:17:49 | 000,045,416 | ---- | M] (Avira GmbH) MD5=5B44C214F9CD9F590BE9125347610380 -- C:\WINDOWS\system32\drivers\avgntdd.sys
[2010/11/22 18:18:34 | 000,061,960 | ---- | M] (Avira GmbH) MD5=47B879406246FFDCED59E18D331A0E7D -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2010/06/17 14:27:26 | 000,022,360 | ---- | M] (Avira GmbH) MD5=87451AA7CC6B6A590EBCEA05E755075A -- C:\WINDOWS\system32\drivers\avgntmgr.sys
[2010/08/02 15:10:10 | 000,126,856 | ---- | M] (Avira GmbH) MD5=F8C56231ED5ECF7D1B46B0330880CCEF -- C:\WINDOWS\system32\drivers\avipbb.sys
[2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) MD5=9372CC48814A17E67C28945EB4ACC189 -- C:\WINDOWS\system32\drivers\basic2.sys
[2008/04/13 10:46:21 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=56B7F78228CC41FFA1F5BDF3AF799D19 -- C:\WINDOWS\system32\drivers\bdasup.sys
[2001/08/18 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 10:53:23 | 000,071,552 | ---- | M] (Microsoft Corporation) MD5=F934D1B230F84E1D19DD00AC5A7A83ED -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 10:46:33 | 000,017,024 | ---- | M] (Microsoft Corporation) MD5=B279426E3C0C344893ED78A613A73BDE -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 10:46:33 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=FCA6F069597B62D42495191ACE3FC6C1 -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 10:51:34 | 000,101,120 | ---- | M] (Microsoft Corporation) MD5=80602B8746D3738F5886CE3D67EF06B6 -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 03:05:51 | 000,272,128 | ---- | M] (Microsoft Corporation) MD5=662BFD909447DD9CC15B1A1C366583B4 -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 10:46:31 | 000,036,480 | ---- | M] (Microsoft Corporation) MD5=BB68CEBFFD181E18A26112D1B9F90F3D -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 10:46:29 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=61364CD71EF63B0F038B7E9DF00F1EFA -- C:\WINDOWS\system32\drivers\bthusb.sys
[2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) MD5=248DFA5762DDE38DFDDBBD44149E9D7A -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
[2001/08/18 04:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) MD5=90A673FC8E12A79AFBED2576F6A7AAF9 -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008/04/13 10:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) MD5=0BE5AEF125BE881C4F854C554F2B025C -- C:\WINDOWS\system32\drivers\ccdecode.sys
[2001/08/18 04:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) MD5=C1B486A7658353D33A10CC15211A873B -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 11:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008/04/13 10:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2001/08/18 04:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) MD5=B562592B7F5759C99E179CA467ECFB4C -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 11:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\system32\drivers\classpnp.sys
[2001/08/18 04:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) MD5=9624293E55AD405415862B504CA95B73 -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 10:31:32 | 000,036,736 | ---- | M] (Microsoft Corporation) MD5=F50D9BDBB25CCE075E514DC07472A22F -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 10:40:44 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=E65E2353A5D74EA89971CB918EEEB2F6 -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 10:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) MD5=D992FE1274BDE0F84AD826ACAE022A41 -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 10:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) MD5=7C824CF7BBDE77D95C08005717A95F6F -- C:\WINDOWS\system32\drivers\dmio.sys
[2001/08/18 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) MD5=E9317282A63CA4D188C0DF5E09C6AC5F -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 10:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) MD5=8A208DFCF89792A484E76C40E5F50B45 -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008/04/13 10:45:14 | 000,060,160 | ---- | M] (Microsoft Corporation) MD5=6CB08593487F5701D2D2254E693EAFCE -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 10:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=8F5FCFF8E8848AFAC920905FBD9D33C8 -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2001/08/23 05:00:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=FE97D0343ACFDEBDD578FC67CC91FA87 -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 10:38:29 | 000,071,168 | ---- | M] (Microsoft Corporation) MD5=AC7280566A7BB85CB3291F04DDC1198E -- C:\WINDOWS\system32\drivers\dxg.sys
[2001/08/18 04:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=80D1B490B60E74E002DC116EC5D41748 -- C:\WINDOWS\system32\drivers\enum1394.sys
[2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) MD5=F9472131367D39435D750F5FA3D23582 -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS
[2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) MD5=9EA76A7F28CD968F8ADC709E479F23B2 -- C:\WINDOWS\system32\drivers\fallback.sys
[2008/04/13 11:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
[2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) MD5=413CFA795CAD19A010889DF0EC060408 -- C:\WINDOWS\system32\drivers\faxnt.sys
[2008/04/13 10:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) MD5=92CDD60B6730B9F50F6A1A0C1F8CDC81 -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 10:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=D45926117EB9FA946A6AF572FBE1CAA3 -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 10:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=9D27E7B80BFCDF1CDD9B555862D5E7F0 -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 10:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) MD5=B7B262D0431374F3AFD1349E35B368D9 -- C:\WINDOWS\system32\drivers\fsksnt.sys
[2001/08/18 04:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=455F778EE14368468560BD7CB8C854D0 -- C:\WINDOWS\system32\drivers\fsvga.sys
[2001/08/18 04:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=3E1E2BD4F39B0E2B7DC4F4D2BCC2779A -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2001/08/18 04:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) MD5=6AC26732762483366C3969C9E4D2259D -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 10:36:40 | 000,046,464 | ---- | M] (Microsoft Corporation) MD5=3A74C423CF6BCCA6982715878F450A3B -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) MD5=8182FF89C65E4D38B2DE4BB0FB18564E -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) MD5=573C7D0A32852B48F3058CFD8026F511 -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2008/04/13 10:46:30 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=7BD2DE4C85EB4241EED57672B16A7D8D -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 10:45:26 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=1AF592532532A402ED7C060F6954004F -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 10:45:26 | 000,019,200 | ---- | M] (Microsoft Corporation) MD5=BB1A6FB7D35A91E599973FA74A619056 -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 10:45:22 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=96ECCF28FDBF1B2CC12725818A63628D -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 10:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) MD5=CCF82C5EC8A7326C3066DE870C06DAF1 -- C:\WINDOWS\system32\drivers\hidusb.sys
[2004/08/03 21:41:46 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) MD5=970178E8E003EB1481293830069624B9 -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 21:41:48 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) MD5=1225EBEA76AAC3C84DF6C54FE5E5D8BE -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 21:41:54 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) MD5=EBB354438A4C5A3327FB97306260714A -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2001/08/17 05:28:04 | 000,150,239 | ---- | M] (Conexant) MD5=93EC3CB49592633B0D0E159A20BB3604 -- C:\WINDOWS\system32\drivers\HSF_AMOS.sys
[2001/08/17 05:28:04 | 000,067,167 | ---- | M] (Conexant) MD5=1B9C81AB9A456EABD9F8335F04B5F495 -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys
[2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) MD5=A941AA38E3951058E584C4BBDDD56ED9 -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys
[2001/08/17 05:28:06 | 000,289,887 | ---- | M] (Conexant) MD5=C823DEBE2548656549F84A875D65237B -- C:\WINDOWS\system32\drivers\HSF_FALL.sys
[2001/08/17 05:28:06 | 000,199,711 | ---- | M] (Conexant) MD5=D9E8E0CE154A2F6430D9EFABDF730867 -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys
[2001/08/17 05:28:06 | 000,115,807 | ---- | M] (Conexant) MD5=6483414841D4CAB6C3B4DB2AC6EDD70B -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys
[2001/08/17 05:28:08 | 000,391,199 | ---- | M] (Conexant) MD5=9C5E3FDBFCC30CF71A49CA178B9AD442 -- C:\WINDOWS\system32\drivers\HSF_K56K.sys
[2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) MD5=74E379857D4C0DFB56DE2D19B8F4C434 -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys
[2001/08/17 05:28:10 | 000,057,471 | ---- | M] (Conexant) MD5=BB7549BD94D1AAC3599C7606C50C48A0 -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys
[2001/08/17 05:28:10 | 000,044,863 | ---- | M] (Conexant) MD5=724BD3830863E2774EB17311414A865E -- C:\WINDOWS\system32\drivers\HSF_SOAR.sys
[2001/08/17 05:28:10 | 000,073,279 | ---- | M] (Conexant) MD5=6C843C43FD7F0B42CFE477CE88D0F9B3 -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys
[2001/08/17 05:28:12 | 000,050,751 | ---- | M] (Conexant) MD5=8021A499DB46B2961C285168671CB9AF -- C:\WINDOWS\system32\drivers\HSF_TONE.sys
[2001/08/17 05:28:12 | 000,488,383 | ---- | M] (Conexant) MD5=269C0ADE94B90029B12497747BE408CB -- C:\WINDOWS\system32\drivers\HSF_V124.sys
[2009/10/20 08:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) MD5=F80A415EF82CD06FFAF0D971528EAD38 -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 10:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) MD5=4755DB407CECCD6B91F4B683C3197187 -- C:\WINDOWS\system32\drivers\IdeBusDr.sys
[2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) MD5=B5E01B50B08B440018F437AEBED0BCCF -- C:\WINDOWS\system32\drivers\IdeChnDr.sys
[2008/04/13 10:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 10:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=B5466A9250342A7AA0CD1FBA13420678 -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 10:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=8C953733D8F36EB2133F5BB58808B66B -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 10:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) MD5=3BB22519A194418D5FEC05D800A19AD0 -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) MD5=D0B3DEE109AF605885C46A59BFC24CD2 -- C:\WINDOWS\system32\drivers\ipfilter.sys
[2001/08/18 04:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) MD5=731F22BA402EE4B62748ADAF6363C182 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 10:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) MD5=B87AB476DCF76E72010632B5550955F5 -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 10:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) MD5=CC748EA12C6EFFDE940EE98098BF96BB -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 11:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 10:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=C93C9FF7B04D772627A3646D89F7BF89 -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 10:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) MD5=A4E3277398C8ABA999483D4C658C9696 -- C:\WINDOWS\system32\drivers\k56nt.sys
[2008/04/13 09:39:48 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 10:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) MD5=692BCF44383D056AED41B045A323D378 -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 10:16:36 | 000,141,056 | ---- | M] (Microsoft Corporation) MD5=0753515F78DF7F271A5E61C20BCD36A1 -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 03:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) MD5=B467646C54CC746128904E1654C750C1 -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) MD5=973F78482AA2F2760323900B3A501C40 -- C:\WINDOWS\system32\drivers\L8042mou.Sys
[2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) MD5=C91206CA84684057118265E8377C77B6 -- C:\WINDOWS\system32\drivers\LHidFilt.Sys
[2006/03/28 16:56:06 | 000,027,008 | ---- | M] (Logitech, Inc.) MD5=6A255DCBB15D429A545D0F8FC1427970 -- C:\WINDOWS\system32\drivers\LHidKE.Sys
[2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) MD5=60FCF7D9E2378D92C97BC2D6A21066B1 -- C:\WINDOWS\system32\drivers\LHidUsbK.sys
[2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) MD5=9F03720FA5E6D14CD4DFEA610F2C1A7C -- C:\WINDOWS\system32\drivers\LMouFilt.Sys
[2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) MD5=2A3E4DB78B20B2CD2C548A48A8E6B1B7 -- C:\WINDOWS\system32\drivers\LMouKE.Sys
[2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) MD5=9BC5A8F08CC4770C95F9C55D992DE929 -- C:\WINDOWS\system32\drivers\LUsbFilt.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) MD5=9B5CC6C481BDD00A963829B892623247 -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) MD5=E74DC2F3F9675A6025A4AA020EDD4341 -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2001/08/18 04:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D1F8BE91ED4DDB671D42E473E3FE71AB -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/08/03 21:41:55 | 000,011,868 | ---- | M] (Conexant) MD5=195741AEE20369980796B557358CD774 -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 10:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\system32\drivers\mf.sys
[2001/08/18 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4AE068242760A1FB6E1A44BF4E16AFA6 -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 11:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) MD5=DFCBAD3CEC1C5F964962AE10E0BCC8E1 -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 09:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=35C9E97194C8CFB8430125F8DBC34D04 -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 12:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=B1C303E17FB9D46E87A98E4BA6769685 -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 10:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 10:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) MD5=C0F8E0C2C3C0437CF37C6781896DC3EC -- C:\WINDOWS\system32\drivers\mpe.sys
[2008/04/13 10:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) MD5=11D42BB6206F33FBB3BA0288D3EF81BD -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2010/02/24 05:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 10:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=1477849772712BAC69C144DCF2C9CE81 -- C:\WINDOWS\system32\drivers\msdv.sys
[2008/04/13 10:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=C941EA2454BA8350021D774DAF0F1027 -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 10:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) MD5=0A02C63C8B144BD8C86B103DEE7C86A2 -- C:\WINDOWS\system32\drivers\msgpc.sys
[2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) MD5=877FFD0FB093B80F5ED6BA64D7921881 -- C:\WINDOWS\system32\drivers\Msikbd2k.sys
[2008/04/13 10:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) MD5=D1575E71568F4D9E14CA56B7B0453BF1 -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 10:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) MD5=325BB26842FC7CCC1FCCE2C457317F3E -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 10:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) MD5=BAD59648BA099DA4A17680B39730CB3D -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 10:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) MD5=AF5F4F3F14A8EA2C26DE30F7A1E17136 -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008/04/13 10:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=E53736A9E30C45FA9E7B5EAC55056D1D -- C:\WINDOWS\system32\drivers\mstee.sys
[2004/08/03 21:41:38 | 000,126,686 | ---- | M] (Smart Link) MD5=C53775780148884AC87C455489A0C070 -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 21:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 21:29:36 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) MD5=6DDA78A0BE692B61B668FAB860F276CF -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 11:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=2F625D11385B1A94360BFC70AAEFDEE1 -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 10:43:55 | 000,012,672 | ---- | M] (Microsoft Corporation) MD5=B538DCD9816EA35FA4F637CFC261AAA8 -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) MD5=A1520761F42DBB06DB7929D6FA9753EA -- C:\WINDOWS\system32\drivers\MxlW2k.sys
[2008/04/13 10:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) MD5=5B50F1B2A2ED47D560577B221DA734DB -- C:\WINDOWS\system32\drivers\nabtsfec.sys
[2008/04/13 11:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 10:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) MD5=7FF1F1FD8609C149AA432F95A8163D97 -- C:\WINDOWS\system32\drivers\ndisip.sys
[2008/04/13 10:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) MD5=1AB3D00C991AB086E69DB84B6C0ED78F -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 10:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=F927A4434C5028758A842943EF1A3849 -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 11:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) MD5=EDC1531A49C80614B2CFDA43CA8659AB -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 10:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) MD5=6215023940CFD3702B46ABC304E1D45A -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 10:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) MD5=5D81CF9A2F1A3A756B66CF684911CDF0 -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 11:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 10:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\system32\drivers\nic1394.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=BE984D604D91C217355CDD3737AAD25D -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) MD5=1E421A6BCF2203CC61B821ADA9DE878B -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 10:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) MD5=3182D64AE053D6FB034F44B6DEF8034A -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 11:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 21:41:39 | 000,180,360 | ---- | M] (Smart Link) MD5=576B34CEAE5B7E5D9FD2775E93B3DB53 -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2001/08/18 04:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=73C1E1F395918BC2C6DD67AF7591A3AD -- C:\WINDOWS\system32\drivers\null.sys
[2004/08/03 21:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2001/08/18 04:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) MD5=B305F3FAD35083837EF46A0BBCE2FC57 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2001/08/18 04:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) MD5=C99B3415198D1AAB7227F2C88FD664B9 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) MD5=8B8B1BE2DBA4025DA6786C645F77F123 -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2001/08/18 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2001/08/18 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) MD5=C0BB7D1615E1ACBDC99757F6CEAF8CF0 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 10:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) MD5=CA33832DF41AFB202EE7AEB05145922F -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) MD5=CEC7E2C6C1FA00C7AB2F5434F848AE51 -- C:\WINDOWS\system32\drivers\omci.sys
[2001/08/18 04:00:00 | 000,003,456 | ---- | M] (Microsoft Corporation) MD5=4BB30DDC53EBC76895E38694580CDFE9 -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 10:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) MD5=C90018BAFDC7098619A4A95B046B30F3 -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 10:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) MD5=5575FAF8F97CE5E713D108C2A58D7C7C -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 10:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) MD5=BEB3BA25197665D82EC7065B724171C6 -- C:\WINDOWS\system32\drivers\partmgr.sys
[2001/08/18 04:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) MD5=70E98B3FD8E963A6A46A2E6247E0BEA1 -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 10:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=A219903CCF74233761D92BEF471A07B1 -- C:\WINDOWS\system32\drivers\pci.sys
[2008/04/13 10:40:29 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=52E60F29221D0D1AC16737E8DBF7C3E9 -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 10:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) MD5=9E89EF60E9EE05E3F2EEF2DA7397F1C1 -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008/04/13 11:19:42 | 000,146,048 | ---- | M] (Microsoft Corporation) MD5=E82A496C3961EFC6828B508C310CE98F -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 10:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=A32BEBAF723557681BFC6BD93E98BD26 -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 10:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=09298EC810B07E5D582CB3A3F9255424 -- C:\WINDOWS\system32\drivers\psched.sys
[2001/08/18 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) MD5=80D317BD1C3DBC5D4FE7B1678C60CADD -- C:\WINDOWS\system32\drivers\ptilink.sys
[2006/05/23 13:44:32 | 000,011,520 | ---- | M] (Prevx Limited, http://www.prevx1.com/) MD5=30E4AC7ED64596BAED2C4A809E8D8104 -- C:\WINDOWS\system32\drivers\pxscrmbl.sys
[2001/08/18 04:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 11:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) MD5=11B4A627BC9614B885C4969BFA5FF8A6 -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 10:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) MD5=5BC962F2654137C9909C3D4603587DEE -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 11:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) MD5=EFEEC01B1D3CF84F16DDD24D9D9D8F99 -- C:\WINDOWS\system32\drivers\raspptp.sys
[2001/08/18 04:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) MD5=FDBB1D60066FCFBB7452FD8F9829B242 -- C:\WINDOWS\system32\drivers\raspti.sys
[2001/08/18 04:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) MD5=01524CD237223B18ADBB48F70083F101 -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 11:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) MD5=7AD224AD1A1437FE28D89CF22B17780A -- C:\WINDOWS\system32\drivers\rdbss.sys
[2001/08/18 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 10:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) MD5=15CABD0F7C00C47C70124907916AF3F1 -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 16:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 21:41:39 | 000,013,776 | ---- | M] (Smart Link) MD5=E9AAA0092D74A9D371659C4C38882E12 -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 10:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 10:46:32 | 000,059,136 | ---- | M] (Microsoft Corporation) MD5=851C30DF2807FCFA21E4C681A7D6440E -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=A56FE08EC7473E8580A390BB1081CDD7 -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=0A854DF84C77A0BE205BFEAB2AE4F0EC -- C:\WINDOWS\system32\drivers\riodrv.sys
[2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) MD5=4C35E57300A2DC5932A8E29EFA527C32 -- C:\WINDOWS\system32\drivers\rksample.sys
[2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) MD5=96F7A9A7BF0C9C0440A967440065D33C -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 10:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=601844CBCF617FF8C868130CA5B2039D -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 10:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=726548542AFECA56257FF01EB13BB6D7 -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2001/08/18 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=D8B0B4ADE32574B2D9C5CC34DC0DBBE7 -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) MD5=43110C2A2C5ED32EAD96C440718E4452 -- C:\WINDOWS\system32\drivers\rrnetcap.sys
[2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) MD5=D507C1400284176573224903819FFDA3 -- C:\WINDOWS\system32\drivers\rtl8139.sys
[2004/08/03 21:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) MD5=0DBCC071A268E0340A2BA6BDD98BACE4 -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 10:40:48 | 000,043,904 | ---- | M] (Microsoft Corporation) MD5=B244960E5A1DB8E9D5D17086DE37C1E4 -- C:\WINDOWS\system32\drivers\sbp2port.sys
[2008/04/13 10:40:30 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=76C465F570E90C28942D52CCB2580A10 -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 10:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) MD5=8D04819A3CE51B9EB47E5689B44D43C4 -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 02:25:53 | 000,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=90A3935D05B494A5A39D37E71F09A677 -- C:\WINDOWS\system32\drivers\secdrv.sys
[2001/07/25 15:36:28 | 000,002,619 | ---- | M] (Sensaura Ltd) MD5=BBD0545D7BFB62165815FBD0CB75E28C -- C:\WINDOWS\system32\drivers\sensupgd.sys
[2008/04/13 10:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) MD5=0F29512CCD6BEAD730039FB4BD2C85CE -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 11:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 10:40:47 | 000,011,904 | ---- | M] (Microsoft Corporation) MD5=0FA803C64DF0914B41F807EA276BF2A6 -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 10:40:48 | 000,010,240 | ---- | M] (Microsoft Corporation) MD5=D66D22D76878BF3483A6BE30183FB648 -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 10:40:47 | 000,011,008 | ---- | M] (Microsoft Corporation) MD5=C17C331E435ED8737525C86A7557B3AC -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 10:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) MD5=6B33D0EBD30DB32E27D1D78FE946A754 -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008/04/13 10:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) MD5=866D538EBE33709A5C9F5C62B73B7D14 -- C:\WINDOWS\system32\drivers\slip.sys
[2004/08/03 21:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 21:41:42 | 000,404,990 | ---- | M] (Smart Link) MD5=2C1779C0FEB1F4A6033600305EBA623A -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 21:41:44 | 000,095,424 | ---- | M] (Smart Link) MD5=F9B8E30E82EE95CF3E1D3E495599B99C -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 21:41:45 | 000,013,240 | ---- | M] (Smart Link) MD5=DB56BB2C55723815CF549D7FC50CFCEB -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 10:36:34 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=895BE38A993B9BD5ABBE570D63D88A2E -- C:\WINDOWS\system32\drivers\smbali.sys
[2001/08/18 04:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=017DAECF0ED3AA731313433601EC40FA -- C:\WINDOWS\system32\drivers\smclib.sys
[2001/07/25 15:40:30 | 000,438,200 | ---- | M] (Analog Devices, Inc.) MD5=BD3E236281547C681DFC7C947531B726 -- C:\WINDOWS\system32\drivers\smwdm.sys
[2001/07/18 18:58:10 | 000,048,494 | ---- | M] (Conexant Systems) MD5=F270A6CEEEBBAAF8D5633BDA2CA01A60 -- C:\WINDOWS\system32\drivers\soar.sys
[2008/04/13 10:46:07 | 000,025,344 | ---- | M] (Microsoft Corporation) MD5=489703624DAC94ED943C2ABDA022A1CD -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008/04/13 10:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 10:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2010/08/26 05:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) MD5=0F6AEFAD3641A657E18081F52D0C15AF -- C:\WINDOWS\system32\drivers\srv.sys
[2010/06/17 14:27:24 | 000,028,520 | ---- | M] (Avira GmbH) MD5=A36EE93698802CD899F98BFD553D8185 -- C:\WINDOWS\system32\drivers\ssmdrv.sys
[2004/12/18 19:32:32 | 000,038,229 | ---- | M] (Generic) MD5=1C9EE2C640B6F899CC3D84BCD1EA526F -- C:\WINDOWS\system32\drivers\StMp3Rec.sys
[2008/04/13 09:45:16 | 000,049,408 | ---- | M] (Microsoft Corporation) MD5=3E5D89099DED9E86E5639F411693218F -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 10:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) MD5=77813007BA6265C4B6098187E6ED79D2 -- C:\WINDOWS\system32\drivers\streamip.sys
[2008/04/13 10:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=3941D127AEF12E93ADDF6FE6EE027E0F -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 10:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008/04/13 11:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=8B83F3ED0F1688B4958F77CD6D2BF290 -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 10:40:50 | 000,014,976 | ---- | M] (Microsoft Corporation) MD5=FD6093E3DECD925F1CFFC8A0DD539D72 -- C:\WINDOWS\system32\drivers\tape.sys
[2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) MD5=4D46F63F7DDC2442941D63327C360B90 -- C:\WINDOWS\system32\drivers\tbhsd.sys
[2008/06/20 03:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) MD5=4E53BBCC4BE37D7A4BD6EF1098C89FF7 -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 11:00:05 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=0539D5E53587F82D1B4FD74C5BE205CF -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 16:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 16:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 16:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) MD5=E0F10A379239B4FAB319C55A9CD6BC96 -- C:\WINDOWS\system32\drivers\tonesnt.sys
[2001/08/18 04:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=699450901C5CCFD82357CBC531CEDD23 -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2001/08/18 04:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) MD5=D74A8EC75305F1D3CFDE7C7FC1BD62A9 -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 10:56:01 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=8F861EDA21C05857EB8197300A92501C -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 10:36:40 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=D85938F272D1BCF3DB3A31FC0A048928 -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 10:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=5787B80C2E3C5E2F56C2A233D91FA2C9 -- C:\WINDOWS\system32\drivers\udfs.sys
[2008/04/13 10:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) MD5=402DDC88356B1BAC0EE3DD1580C76A31 -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=BEE793D4A059CAEA55D6AC20E19B3A8F -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=B6CC50279D6CD28E090A5D33244ADC9A -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2009/03/05 22:59:00 | 000,036,864 | ---- | M] (Apple, Inc.) MD5=026F7F224F088EE11E383BCA448FFF81 -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) MD5=E919708DB44ED8543A7C017953148330 -- C:\WINDOWS\system32\drivers\USBAUDIO.sys
[2008/04/13 10:45:40 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=1C1A47B40C23358245AA8D0443B6935E -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 10:45:41 | 000,025,728 | ---- | M] (Microsoft Corporation) MD5=CE97845D2E3F0D274B8BAC1ED07C6149 -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 10:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) MD5=173F317CE0DB8E21322E71B7E60A27E8 -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2001/08/17 14:03:02 | 000,004,736 | ---- | M] (Microsoft Corporation) MD5=596EB39B50D6EBD9B734DC4AE0544693 -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 10:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=65DCF09D0E37D4C6B11B5B0B76D470A7 -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 10:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) MD5=1AB3CDDE553B6E064D2E754EFE20285C -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 10:45:43 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=290913DC4F1125E5A82DE52579A44C43 -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 10:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) MD5=0DAECCE65366EA32B162F85F07C6753B -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008/04/13 10:45:36 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=791912E524CC2CC6F50B5F2B52D1EB71 -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 10:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 10:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 10:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) MD5=26496F9DEE2D787FC3E61AD54821FFE6 -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 10:46:20 | 000,121,984 | ---- | M] (Microsoft Corporation) MD5=63BBFCA7F390F4C49ED4B96BFB1633E0 -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) MD5=177B65899D418F8C8F037B20567A99D6 -- C:\WINDOWS\system32\drivers\v124nt.sys
[2001/11/21 17:09:00 | 000,081,796 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=ACC6028A7C251080C98C39C180355D37 -- C:\WINDOWS\system32\drivers\V4CB0109.SYS
[2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\V4CB010B.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB010F.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB0111.SYS
[2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\V4CB0113.SYS
[2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\V4CB0115.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB0117.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB0119.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB011B.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB011D.SYS
[2001/11/24 13:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\VC4CB104.SYS
[2001/08/18 04:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) MD5=55E01061C74A8CEFFF58DC36114A8D3F -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 10:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=0D3A8FAFCEACD8B7625CD549757A7DF1 -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 10:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=754292CE5848B3738281B4F3607EAEF4 -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 10:44:40 | 000,081,664 | ---- | M] (Microsoft Corporation) MD5=E28726B72C46821A28830E077D39A55B -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 10:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 10:43:55 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=ACED8C149B30F8496C237BCBA3727B48 -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 21:29:38 | 000,011,807 | ---- | M] (Intel(R) Corporation) MD5=0308AEF61941E4AF478FA1A0F83812F5 -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 21:29:39 | 000,011,295 | ---- | M] (Intel(R) Corporation) MD5=714038A8AA5DE08E12062202CD7EAEB5 -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 21:29:40 | 000,011,871 | ---- | M] (Intel(R) Corporation) MD5=7BB3AA595E4507A788DE1CDC63F4C8C4 -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 21:29:40 | 000,011,935 | ---- | M] (Intel(R) Corporation) MD5=36E6C405B6143D09687F4056FD9A0D10 -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 10:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) MD5=E20B95BAEDB550F32DD489265C1DA1F6 -- C:\WINDOWS\system32\drivers\wanarp.sys
[2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) MD5=0A716C08CB13C3A8F4F51E882DBF7416 -- C:\WINDOWS\system32\drivers\wanatw4.sys
[2004/08/03 21:29:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) MD5=352FA0E98BC461CE1CE5D41F64DB558D -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 21:29:45 | 000,025,471 | ---- | M] (Intel(R) Corporation) MD5=791CC45DE6E50445BE72E8AD6401FF45 -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2006/11/02 06:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) MD5=FD47474BD21794508AF449D9D91AF6E6 -- C:\WINDOWS\system32\drivers\wdf01000.sys
[2006/11/02 06:22:52 | 000,032,224 | ---- | M] (Microsoft Corporation) MD5=DED98A3E466251CCAB93D579144B048C -- C:\WINDOWS\system32\drivers\wdfldr.sys
[2008/04/13 11:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) MD5=6768ACF64B18196494413695F0C3A00F -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2001/08/18 04:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=2F31B7F954BED437F2C75026C65CAF7B -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) MD5=CF4DEF1BF66F06964DC0D91844239104 -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2008/04/13 10:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) MD5=C98B39829C2BBD34E454150633C62C78 -- C:\WINDOWS\system32\drivers\wstcodec.sys
[2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) MD5=F15FEAFFFBB3644CCC80C5DA584E6311 -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=28B524262BCE6DE1F7EF9F510BA3985B -- C:\WINDOWS\system32\drivers\WudfRd.sys

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 16:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 16:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 16:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< >

< End of report >

**Jack Fischer** · 2010-12-12, 03:27

I increased the paging file as instructed and RootRepeal still hung while initializing. I let it sit more than an hour and finally got another message saying low on virtual memory. I increased each value by 1000 and tried again and it still hung. Can I make it bigger still?

Thanks!

jack

**Jack&Jill** · 2010-12-13, 17:30

Hello Jack

,

Please hang in there. I would like to seek some second opinions and get back to you soon. Thanks.

For the paging file, please keep to the figures I provided.

**Jack Fischer** · 2010-12-13, 18:27

I'm hanging!

Amazing what mischief malware can cause.

Thanks again for all the help.

Best,

jack

**Jack&Jill** · 2010-12-14, 17:38

Hello Jack

,

How are you connecting to the Internet? By router? May I know the brand and model?

**Jack Fischer** · 2010-12-15, 07:44

Hi Jack and/or Jill.

An easy one. I have a DSL connection and use an Actiontec DSL Gateway modem and a Netgear Range Max wireless modem for the rest of the house. The machine we're working on is connected by wire directly to the modem.

Best,

jack

Thread: Redirect Problems San Jose CA

Thread Tools

Display

Redirect Problems in San Jose, CA

Redirect Problems in San Jose, CA

Redirect Problems in San Jose, CA

Redirect Problems in San Jose, CA

Redirect Problems in San Jose, CA

Redirect Problems in San Jose, Ca

Posting Permissions