Redirect Problems San Jose CA

Hello Jack :),

The settings for OTL is not correct.

Please read my instructions slowly and carefully.

I have looked through the earlier logs, but I need the proper OTL log and GMER log. No need for Extras.txt.
 
Redirect Problems in San Jose, CA

Here is one of the URLs that I am sent to when it redirects:

premium_.s3.amazonaws[dot]com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1291779241&Signature=vLPGkMfKzTkNLyHz4Is%2BMjiWAHQ%3D



And here's the right OTL text:

OTL logfile created on: 12/7/2010 8:30:51 PM - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 453.00 Mb Available Physical Memory | 44.00% Memory free
926.00 Mb Paging File | 483.00 Mb Available in Paging File | 52.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.74 Gb Free Space | 31.55% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
PRC - [2010/10/28 08:40:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 08:39:57 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 15:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/07/12 04:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/10 09:39:16 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/13 01:39:09 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
PRC - [2001/09/23 07:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
PRC - [2001/09/22 14:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe
PRC - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP2.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/22 21:28:18 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/08/02 15:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 15:09:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006/11/13 13:02:08 | 000,076,544 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
SRV - [2001/08/09 01:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)
SRV - [2000/05/15 18:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOYCEL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/22 18:18:34 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/02 15:10:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/06/17 14:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
DRV - [2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)
DRV - [2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel(r)
DRV - [2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)
DRV - [2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 10:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/22 21:19:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/08 20:09:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/22 21:19:36 | 000,000,000 | ---D | M]

[2010/10/10 11:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions
[2010/10/10 11:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions
[2009/08/09 07:07:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/13 21:34:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/23 18:36:34 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\askcom.xml
[2010/02/23 18:38:45 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\bing.xml
[2010/11/07 10:42:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 21:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 21:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 14:50:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2004/12/22 08:08:32 | 000,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/04/27 16:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2010/12/06 17:58:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab (FilePlanet Download Control Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com/computercheckup/qdiagcc.cab (QDiagAOLCCUpdateObj Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab (Windows Live Safety Center Base Module)
O16 - DPF: {60F5C72D-84E8-445A-94E7-F84C3A33E924} http://haserv1.liveglobalbid.com/lgbmpr.cab (LgbMediaPlayer Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124349026031 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/04 22:19:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 23:23:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/05 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/01 21:33:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/01 21:30:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/01 21:30:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/01 21:30:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/01 21:30:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/01 21:28:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/27 12:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Avira
[2010/11/23 21:18:05 | 001,852,800 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\win32k two
[2010/11/23 21:16:37 | 001,852,800 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\win32k.sys
[2010/11/20 11:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/19 23:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/11/19 23:37:44 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\MGADiag.exe
[2010/11/18 20:34:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 19:52:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/07 19:03:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 19:03:37 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2010/12/07 19:03:36 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2010/12/07 19:02:35 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/12/07 19:01:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/07 19:01:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 19:01:19 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/06 21:42:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/06 17:58:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/06 17:45:54 | 003,985,074 | R--- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\ComboFix.exe
[2010/12/05 20:17:10 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\esetsmartinstaller_enu(2).exe
[2010/12/05 17:05:40 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\esetsmartinstaller_enu.exe
[2010/12/03 17:54:03 | 000,001,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/01 21:34:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/29 18:22:16 | 000,017,352 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\OT Final Exam Study Guide.docx
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/27 13:02:47 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\ResetTeaTimer.exe
[2010/11/26 18:07:27 | 000,221,888 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Report most recent
[2010/11/26 14:51:04 | 000,033,344 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Report root
[2010/11/23 21:18:06 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\win32k two
[2010/11/23 21:16:38 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\win32k.sys
[2010/11/23 18:09:52 | 000,306,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/22 18:18:34 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/20 11:18:44 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\RkU.lnk
[2010/11/20 11:15:21 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\7-Zip File Manager.lnk
[2010/11/20 11:12:54 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe
[2010/11/19 23:41:39 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\CKScanner.exe
[2010/11/19 23:37:49 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Joycellen Floyd\Desktop\MGADiag.exe
[2010/11/18 21:09:34 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\58bs8qew.exe
[2010/11/18 20:34:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joycellen Floyd\Desktop\OTL.exe
[2010/11/18 20:21:10 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/17 20:14:07 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/05 20:17:10 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\esetsmartinstaller_enu(2).exe
[2010/12/05 17:04:47 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\esetsmartinstaller_enu.exe
[2010/12/01 21:34:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/01 21:33:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/01 21:30:13 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/01 21:30:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/01 21:30:13 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/01 21:30:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/01 21:30:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/30 22:15:39 | 003,985,074 | R--- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\ComboFix.exe
[2010/11/29 18:22:16 | 000,017,352 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\OT Final Exam Study Guide.docx
[2010/11/27 13:11:31 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/27 13:02:46 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\ResetTeaTimer.exe
[2010/11/26 18:07:27 | 000,221,888 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Report most recent
[2010/11/26 14:51:04 | 000,033,344 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\Report root
[2010/11/26 13:37:55 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\RkU.lnk
[2010/11/20 11:16:58 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\7-Zip File Manager.lnk
[2010/11/20 11:12:52 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe
[2010/11/19 23:41:35 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\CKScanner.exe
[2010/11/18 21:09:34 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\58bs8qew.exe
[2010/11/17 20:14:05 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Desktop\dds.scr
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/22 07:32:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/07/12 19:47:18 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\EAL.INI
[2007/07/12 19:47:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PICTURM8.ini
[2007/02/26 22:56:21 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2006/09/13 19:52:59 | 000,000,058 | ---- | C] () -- C:\WINDOWS\sview.ini
[2006/09/13 19:44:36 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\svfiles.log
[2006/01/18 18:58:06 | 000,000,681 | ---- | C] () -- C:\WINDOWS\arp.INI
[2006/01/18 17:21:52 | 000,000,079 | ---- | C] () -- C:\WINDOWS\dpss.ini
[2006/01/16 22:13:27 | 000,000,395 | ---- | C] () -- C:\WINDOWS\DSSCC.INI
[2005/05/29 23:56:24 | 000,015,409 | ---- | C] () -- C:\WINDOWS\System32\lqmsaaaa.dll
[2005/05/29 13:40:58 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/05/29 13:40:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/29 13:40:07 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/25 20:24:58 | 000,002,640 | ---- | C] () -- C:\WINDOWS\System32\lqkaaaaa.dll
[2005/05/25 20:23:56 | 000,011,304 | ---- | C] () -- C:\WINDOWS\System32\haghkdf.dll
[2005/05/25 19:26:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/25 19:26:06 | 000,108,301 | ---- | C] () -- C:\WINDOWS\System32\comprsvp.dll
[2004/12/16 19:33:46 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/11/29 22:28:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/06 21:23:00 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\MFSBaseLib2889.dll
[2004/10/06 21:23:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\MFSIFLib2889.dll
[2004/09/25 22:08:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS1280.ini
[2004/09/12 10:25:40 | 000,000,621 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/08/16 17:30:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 17:30:47 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/30 15:18:38 | 000,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/04/14 15:13:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2004/04/09 06:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL
[2004/03/22 20:44:47 | 000,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2004/03/22 20:44:47 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ICE.INI
[2004/03/08 19:59:17 | 000,000,590 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/02/09 19:36:21 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/01/27 07:45:49 | 000,108,273 | ---- | C] () -- C:\WINDOWS\System32\autokdll.dll
[2004/01/27 07:45:49 | 000,103,575 | ---- | C] () -- C:\WINDOWS\System32\read87em.dll
[2004/01/27 07:45:47 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\plusideo.dll
[2004/01/10 19:42:03 | 000,050,012 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/01/08 09:05:51 | 000,110,708 | ---- | C] () -- C:\WINDOWS\System32\mtxo0081.dll
[2004/01/08 09:04:32 | 000,111,252 | ---- | C] () -- C:\WINDOWS\System32\hostgwiz.dll
[2004/01/08 09:01:42 | 000,102,687 | ---- | C] () -- C:\WINDOWS\System32\1252sutb.dll
[2004/01/08 08:57:36 | 000,110,292 | ---- | C] () -- C:\WINDOWS\System32\ltwvodex.dll
[2004/01/08 08:57:23 | 000,103,708 | ---- | C] () -- C:\WINDOWS\System32\vbamgnt5.dll
[2004/01/05 21:18:58 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2004/01/05 19:34:24 | 000,000,080 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/01/05 19:07:42 | 000,000,580 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/05 17:31:34 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Joycellen Floyd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/01/05 00:39:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPC60.ini
[2004/01/04 22:43:20 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2004/01/04 22:43:20 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2004/01/04 22:43:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2004/01/04 22:43:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/01/04 22:32:37 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\lsasqdv.dll
[2004/01/04 22:18:14 | 000,103,103 | ---- | C] () -- C:\WINDOWS\System32\esenonui.dll
[2004/01/04 14:00:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/04 13:59:55 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\noisshrm.dll
[2004/01/04 13:59:51 | 000,103,475 | ---- | C] () -- C:\WINDOWS\System32\freebteg.dll
[2003/11/03 15:38:02 | 000,007,731 | ---- | C] () -- C:\WINDOWS\System32\DAntivirus.ini
[2003/03/27 15:28:44 | 000,004,955 | ---- | C] () -- C:\WINDOWS\System32\DProg.ini
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/08/18 04:00:00 | 000,110,736 | ---- | C] () -- C:\WINDOWS\System32\msv1arp.dll
[2001/08/18 04:00:00 | 000,109,089 | ---- | C] () -- C:\WINDOWS\System32\kbdcela3.dll
[2001/08/18 04:00:00 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\ntshpi32.dll
[2001/08/18 04:00:00 | 000,105,666 | ---- | C] () -- C:\WINDOWS\System32\msexjsel.dll
[2001/08/18 04:00:00 | 000,105,321 | ---- | C] () -- C:\WINDOWS\System32\msh2pgrd.dll
[2001/08/18 04:00:00 | 000,104,363 | ---- | C] () -- C:\WINDOWS\System32\wshoepad.dll
[2001/08/17 14:36:34 | 000,111,008 | ---- | C] () -- C:\WINDOWS\System32\javax11n.dll
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1995/09/15 16:31:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

========== LOP Check ==========

[2008/12/14 14:33:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/15 14:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/03/07 17:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/10/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/03/07 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2006/01/18 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/06/05 14:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 17:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/12 21:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/09 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 20:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/01/11 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Acoustica
[2009/09/11 20:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Amazon
[2010/08/02 07:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Cisco
[2006/01/18 19:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Digital Photo Slide Show
[2005/04/14 18:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ICAClient
[2004/01/05 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Leadertech
[2004/05/19 12:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Learn2.com
[2006/01/20 19:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Netscape
[2008/05/01 20:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Opera
[2009/11/14 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\QuadToneRIP
[2010/10/10 11:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Thunderbird
[2004/05/30 15:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\ubi.com
[2006/01/18 21:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Ulead Systems
[2010/06/05 14:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joycellen Floyd\Application Data\Uniblue

========== Purity Check ==========



< End of report >

I'll try the GMER now.
 
Last edited by a moderator:
Redirect Problems in San Jose, CA

I set the GMER as you advised and diabled my antivirus software but, has happened every time I've tried to run it, it crashed part way through and did not generate a file that could be saved. Advice?

Thanks!

jack
 
Hello Jack :),

Please retry GMER with Devices unchecked as well. If you are still encountering difficulties, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.
 
Redirect Problems in San Jose, CA

Tried to run Gmer with devices also unchecked. It stopped running and the main window, under "Type" said ".text and under "Name" said ntoskrnl.exe!_abnormal_termination+120.

When I twice tried to run it in safe mode it just stopped without scanning or generating any text. I did NOT try to do anything else on the machine while it was running Gmer. Is there something else to try?

Thanks much,

jack :thanks:
 
Hello Jack :),

How long did you wait before you come to a conclusion that it stopped? Sometimes it can take hours to produce a log. We will try something else if this does not work.

Rerun GMER with initial scan only
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
  • If you need help to disable your protection programs see here and here.
  • Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
  • After the initial scan, click the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
  • Enable back your security softwares as soon as you completed the GMER steps.
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

--------------------

Please post back:
1. the GMER log
 
Redirect Problems in San Jose, CA

Well, I tried to run Gmer repeatedly without success. I turned off Avira and running it in safe mode. It will start to run the initial scan and then freeze on one of the files being scanned. I've let it sit for hours. There doesn't seem to be much to it, but hire is a log from one of the initial scans when it didn't crash immediately:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-09 19:24:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75CAA0 rev.16.06V16
Running: 99hjeu7t.exe; Driver: C:\DOCUME~1\JOYCEL~1\LOCALS~1\Temp\pxtdapod.sys


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


What next?
 
Hello Jack :),

It seems so difficult to get a rootkit scan running on your computer. We will try a different approach.

Please run ERUNT to backup the registry. This is important before you proceed to the next step.

--------------------

Fix with OTL
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click on OTL.exe to run it.
  • Copy and paste ALL the following text into the white box below Custom Scans/Fixes:
    Code: 
    :otl
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
[2010/02/23 18:36:34 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\askcom.xml
[2010/07/13 21:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 21:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1078081533-688789844-1801674531-1004\..Trusted Ranges: GD ([http] in Local intranet)
[2005/05/29 23:56:24 | 000,015,409 | ---- | C] () -- C:\WINDOWS\System32\lqmsaaaa.dll
[2005/05/25 20:24:58 | 000,002,640 | ---- | C] () -- C:\WINDOWS\System32\lqkaaaaa.dll
[2005/05/25 20:23:56 | 000,011,304 | ---- | C] () -- C:\WINDOWS\System32\haghkdf.dll
[2005/05/25 19:26:06 | 000,108,301 | ---- | C] () -- C:\WINDOWS\System32\comprsvp.dll
[2004/12/16 19:33:46 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[2004/01/27 07:45:49 | 000,108,273 | ---- | C] () -- C:\WINDOWS\System32\autokdll.dll
[2004/01/27 07:45:49 | 000,103,575 | ---- | C] () -- C:\WINDOWS\System32\read87em.dll
[2004/01/27 07:45:47 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\plusideo.dll
[2004/01/08 09:05:51 | 000,110,708 | ---- | C] () -- C:\WINDOWS\System32\mtxo0081.dll
[2004/01/08 09:04:32 | 000,111,252 | ---- | C] () -- C:\WINDOWS\System32\hostgwiz.dll
[2004/01/08 09:01:42 | 000,102,687 | ---- | C] () -- C:\WINDOWS\System32\1252sutb.dll
[2004/01/08 08:57:36 | 000,110,292 | ---- | C] () -- C:\WINDOWS\System32\ltwvodex.dll
[2004/01/08 08:57:23 | 000,103,708 | ---- | C] () -- C:\WINDOWS\System32\vbamgnt5.dll
[2004/01/04 22:32:37 | 000,106,497 | ---- | C] () -- C:\WINDOWS\System32\lsasqdv.dll
[2004/01/04 22:18:14 | 000,103,103 | ---- | C] () -- C:\WINDOWS\System32\esenonui.dll
[2004/01/04 13:59:55 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\noisshrm.dll
[2004/01/04 13:59:51 | 000,103,475 | ---- | C] () -- C:\WINDOWS\System32\freebteg.dll
[2001/08/18 04:00:00 | 000,110,736 | ---- | C] () -- C:\WINDOWS\System32\msv1arp.dll
[2001/08/18 04:00:00 | 000,109,089 | ---- | C] () -- C:\WINDOWS\System32\kbdcela3.dll
[2001/08/18 04:00:00 | 000,107,829 | ---- | C] () -- C:\WINDOWS\System32\ntshpi32.dll
[2001/08/18 04:00:00 | 000,105,666 | ---- | C] () -- C:\WINDOWS\System32\msexjsel.dll
[2001/08/18 04:00:00 | 000,105,321 | ---- | C] () -- C:\WINDOWS\System32\msh2pgrd.dll
[2001/08/18 04:00:00 | 000,104,363 | ---- | C] () -- C:\WINDOWS\System32\wshoepad.dll
[2001/08/17 14:36:34 | 000,111,008 | ---- | C] () -- C:\WINDOWS\System32\javax11n.dll

:files
ipconfig /all /c

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0a\waol.exe"=-
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"=-
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"=-
"C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe"=-

:commands
[CREATERESTOREPOINT]
[emptytemp]
  • Click Run Fix.
  • Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
  • If requested to reboot, please do so. The log file will open after restart.
  • Enable back your security softwares as soon as you completed the OTL fix steps.

--------------------

C:\Documents and Settings\Joycellen Floyd\Desktop\win32k two
C:\Documents and Settings\Joycellen Floyd\Desktop\win32k.sys
C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe
C:\Documents and Settings\Joycellen Floyd\Desktop\58bs8qew.exe
Click to expand...
These files, do you have any idea about them, especially the first two?

--------------------

Please download RootRepeal from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Scan with RootRepeal
  • Extract RootRepeal.exe from the zip file to your desktop.
  • Double click on RootRepeal.exe to run it.
  • Click on the Report tab at the bottom right of the program window and then press the Scan button.
  • In the Select Scan dialog, check (tick) all the options available and click OK.
  • Select the main system drive, usually C:\, and click OK to start the scan. Please wait for it to finish.
  • Once done, a log in Notepad will open. Please post the contents of the log, also saved as C:\RootRepeal report mm-dd-yy (hh-mm-ss).txt.

--------------------

Please post back:
1. the OTL fix log
2. the answer to my question about the files
3. the RootRepeal log
 
Redirect Problems in San Jose, CA

Here is the first step, the OTL log:

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
C:\Documents and Settings\Joycellen Floyd\Application Data\Mozilla\Firefox\Profiles\q8ifr7p2.default\searchplugins\askcom.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1078081533-688789844-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\WINDOWS\system32\lqmsaaaa.dll moved successfully.
C:\WINDOWS\system32\lqkaaaaa.dll moved successfully.
C:\WINDOWS\system32\haghkdf.dll moved successfully.
C:\WINDOWS\system32\comprsvp.dll moved successfully.
C:\WINDOWS\system32\Zlib.dll moved successfully.
C:\WINDOWS\system32\autokdll.dll moved successfully.
C:\WINDOWS\system32\read87em.dll moved successfully.
C:\WINDOWS\system32\plusideo.dll moved successfully.
C:\WINDOWS\system32\mtxo0081.dll moved successfully.
C:\WINDOWS\system32\hostgwiz.dll moved successfully.
C:\WINDOWS\system32\1252sutb.dll moved successfully.
C:\WINDOWS\system32\ltwvodex.dll moved successfully.
C:\WINDOWS\system32\vbamgnt5.dll moved successfully.
C:\WINDOWS\system32\lsasqdv.dll moved successfully.
C:\WINDOWS\system32\esenonui.dll moved successfully.
C:\WINDOWS\system32\noisshrm.dll moved successfully.
C:\WINDOWS\system32\freebteg.dll moved successfully.
C:\WINDOWS\system32\msv1arp.dll moved successfully.
C:\WINDOWS\system32\kbdcela3.dll moved successfully.
C:\WINDOWS\system32\ntshpi32.dll moved successfully.
C:\WINDOWS\system32\msexjsel.dll moved successfully.
C:\WINDOWS\system32\msh2pgrd.dll moved successfully.
C:\WINDOWS\system32\wshoepad.dll moved successfully.
C:\WINDOWS\system32\javax11n.dll moved successfully.
========== FILES ==========
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : dell
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
Physical Address. . . . . . . . . :
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Friday, December 10, 2010 7:18:18 PM
Lease Expires . . . . . . . . . . : Saturday, December 11, 2010 7:18:18 PM
C:\Documents and Settings\Joycellen Floyd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Joycellen Floyd\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1136874479\ee\aolsoftware.exe not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: BB443B11-7D12-450c-9F85-2D32804655F9

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Joycellen Floyd
->Temp folder emptied: 15807182 bytes
->Temporary Internet Files folder emptied: 428326 bytes
->Java cache emptied: 431525 bytes
->FireFox cache emptied: 77544583 bytes
->Google Chrome cache emptied: 8632561 bytes
->Apple Safari cache emptied: 10851328 bytes
->Flash cache emptied: 75811 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 571956 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131736 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5297776 bytes

Total Files Cleaned = 114.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12102010_203333

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Last edited by a moderator:
Redirect Problems in San Jose, CA

In answer to your question, I have no idea about those files or what they are for. Are they suspicious looking?

Regarding RootRepeal, I extracted it but when I tried to run it I received a message saying the machine was low in virtual memory and then hanging while that software attempts to initialize. I tried running it with nothing else open and the virus software disabled.

Thanks for your patience,

jack
 
Hello Jack :),

I need you to upload a few suspicious files to VirusTotal (VT) for an online scan. Click here.
  • Click on the Browse button or the white box beside it. A File Upload prompt will open.
  • Copy and paste the following file and its path to upload:
    Code: 
    C:\Documents and Settings\Joycellen Floyd\Desktop\win32k two
  • Press Open, then Send file. The file will be uploaded for testing.
  • If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
  • Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.
  • Repeat for
    Code: 
    C:\Documents and Settings\Joycellen Floyd\Desktop\win32k.sys
C:\Documents and Settings\Joycellen Floyd\Desktop\7z920.exe
  • Post the results in your next response.

Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti or VirScan (VS) with similar steps.

A result from either one of the above scanners would be sufficient.

--------------------

Check some files with OTL
  • Double click on OTL.exe to run it.
  • Make sure all the None options is checked (ticked). There are eight of them.
  • Copy and paste the following into the white box under Custom Scans/Fixes:
    Code: 
    %SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\drivers\*.sys /md5
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5

DRIVERS32
NETSVCS
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, the OTL.txt file will open. Please post back the contents of this log.

--------------------

Increase paging file
  • Go to Start, then right click on My Computer. Select Properties. You can also do the same via the My Computer icon on the desktop.
  • Click on the Advanced tab, then Settings under the Performance section.
  • Go to the Advanced tab in this new window. Click Change under the Virtual Memory section.
  • Select Custom size, then in the two white boxes, key in 2046 into both and press Set. You will be prompted, click Yes. OK your way out and restart your computer if requested.

--------------------

Now, try RootRepeal again.

--------------------

Please post back:
1. VT / Jotti / VirScan results
2. OTL log
3. RootRepeal log
 
Redirect Problems in San Jose, CA

Here are the virus total results for the first file:

Antivirus Version Last Update Result
AhnLab-V3 2010.12.11.00 2010.12.10 -
AntiVir 7.10.14.255 2010.12.10 -
Antiy-AVL 2.0.3.7 2010.12.11 -
Avast 4.8.1351.0 2010.12.11 -
Avast5 5.0.677.0 2010.12.11 -
AVG 9.0.0.851 2010.12.11 -
BitDefender 7.2 2010.12.11 -
CAT-QuickHeal 11.00 2010.12.11 -
ClamAV 0.96.4.0 2010.12.11 -
Command 5.2.11.5 2010.12.11 -
Comodo 7024 2010.12.11 -
DrWeb 5.0.2.03300 2010.12.11 -
Emsisoft 5.1.0.1 2010.12.11 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8034 2010.12.10 -
F-Prot 4.6.2.117 2010.12.11 -
F-Secure 9.0.16160.0 2010.12.11 -
Fortinet 4.2.254.0 2010.12.11 -
GData 21 2010.12.11 -
Ikarus T3.1.1.90.0 2010.12.11 -
Jiangmin 13.0.900 2010.12.11 -
K7AntiVirus 9.72.3219 2010.12.11 -
Kaspersky 7.0.0.125 2010.12.11 -
McAfee 5.400.0.1158 2010.12.11 -
McAfee-GW-Edition 2010.1C 2010.12.11 -
Microsoft 1.6402 2010.12.11 -
NOD32 5694 2010.12.11 -
Norman 6.06.12 2010.12.11 -
nProtect 2010-12-11.01 2010.12.11 -
Panda 10.0.2.7 2010.12.11 -
PCTools 7.0.3.5 2010.12.11 -
Prevx 3.0 2010.12.11 -
Rising 22.77.04.00 2010.12.11 -
Sophos 4.60.0 2010.12.11 -
SUPERAntiSpyware 4.40.0.1006 2010.12.11 -
Symantec 20101.3.0.103 2010.12.11 -
TheHacker 6.7.0.1.098 2010.12.11 -
TrendMicro 9.120.0.1004 2010.12.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.11 -
VBA32 3.12.14.2 2010.12.10 -
VIPRE 7604 2010.12.11 -
ViRobot 2010.12.11.4196 2010.12.11 -
VirusBuster 13.6.87.0 2010.12.11 -
Additional information
Show all
MD5 : a77b5764cd2106d36148cb5e5ddf6bc6
SHA1 : 81970c75177d770d45f71b4ec9b34b5a0241a81c
SHA256: c245aebcc20fb429c8f1a305521eaeadd5c3b31c439984a67053043c43a8124a
ssdeep: 49152:LImTORvyy3/d+Dc/lDTs/PC+IZPwccfh:LImTOYmd+DMDTsC0hJ
File size : 1852800 bytes
First seen: 2010-10-12 22:43:51
Last seen : 2010-12-11 17:52:21
TrID:
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 5.1.2600.6033 (xpsp_sp3_gdr.100831-1644)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1B17FF
timedatestamp....: 0x4C7D06CE (Tue Aug 31 13:42:38 2010)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x380, 0x18DF47, 0x18DF80, 6.69, 44243a92680b42ff45ef5afb01ba27ff
.rdata, 0x18E300, 0xD084, 0xD100, 5.73, 5a5726cd99359db369567680e5ebdc8f
.data, 0x19B400, 0x1288C, 0x12900, 3.94, ffebf30ef46600abf749eafc9a376263
.kbdfall, 0x1ADD00, 0x63C, 0x680, 4.64, 3ba03356e2c3385ed25cd6aba303d5bd
.edata, 0x1AE380, 0x1AE3, 0x1B00, 5.97, 7e381ca9f55e372016eaa11cb35d5256
INIT, 0x1AFE80, 0x5796, 0x5800, 6.68, b8c890761499e7a7e3273093ba472da5
.rsrc, 0x1B5680, 0x2218, 0x2280, 3.51, 4436beb01e46fe54a982e7a7702f6c2b
.reloc, 0x1B7900, 0xCC74, 0xCC80, 6.76, 6aa4fe9da87ae7f682011a02b19ed39f

[[ 4 import(s) ]]
Dxapi.sys: _DxApiGetVersion@0
HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter
ntoskrnl.exe: PsSetProcessWin32Process, PsGetProcessWin32Process, ExAcquireFastMutexUnsafe, KeEnterCriticalRegion, PsGetCurrentProcessId, PsSetThreadWin32Thread, KeTickCount, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, ObfDereferenceObject, ObfReferenceObject, RtlNtStatusToDosError, strchr, strncpy, KeAreApcsDisabled, ExAllocatePoolWithTagPriority, RtlRandom, MmIsVerifierEnabled, PsGetCurrentThread, KeBugCheckEx, PsGetCurrentProcess, ProbeForWrite, _except_handler3, ExRaiseAccessViolation, SeReleaseSecurityDescriptor, SeCaptureSecurityDescriptor, RtlInitUnicodeString, swprintf, _wcsicmp, ExRaiseDatatypeMisalignment, ObReferenceObjectByHandle, ExAcquireResourceExclusiveLite, PsGetProcessSessionId, PsProcessType, ExReleaseResourceLite, ObCloseHandle, ExRaiseStatus, InterlockedExchange, RtlAreAnyAccessesGranted, memmove, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, wcsncpy, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, wcslen, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, KeInitializeEvent, ExFreePoolWithTag, ExInitializeResourceLite, ExAllocatePoolWithTag, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, wcschr, wcsstr, MmMapViewOfSection, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, PsGetThreadProcess, PsIsSystemThread, PsGetProcessJob, wcscpy, RtlGetNtGlobalFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetCurrentProcessSessionId, PsGetProcessWin32WindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessPeb, InterlockedPopEntrySList, InterlockedPushEntrySList, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, RtlFreeHeap, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, _allmul, KeSetEvent, PsIsThreadTerminating, ZwClose, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlInitializeBitMap, PsGetProcessId, PsGetProcessExitStatus, PsGetProcessExitProcessCalled, ZwQueryInformationProcess, KeSetKernelStackSwapEnable, SeTokenIsWriteRestricted, PsGetProcessSectionBaseAddress, ZwTerminateProcess, ExRaiseHardError, RtlWalkFrameChain, ExAllocatePoolWithQuotaTag, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, ZwQueryValueKey, ZwOpenKey, RtlDestroyHeap, _wcsnicmp, wcscat, KeDelayExecutionThread, InterlockedDecrement, NtQueryInformationProcess, RtlDestroyAtomTable, ExDeleteResourceLite, KeCancelTimer, KeRemoveSystemServiceTable, KeQueryInterruptTime, MmPageEntireDriver, MmUserProbeAddress, PsEstablishWin32Callouts, KeAddSystemServiceTable, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExIsResourceAcquiredSharedLite, ExAcquireResourceSharedLite, RtlQueryRegistryValues, ZwPowerInformation, KeResetEvent, ZwDeviceIoControlFile, IoGetRelatedDeviceObject, KeInitializeTimerEx, PsGetCurrentThreadId, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwQueryInformationToken, RtlEqualUnicodeString, ZwSetInformationObject, ZwQueryObject, ObCreateObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwDuplicateObject, ObFindHandleForObject, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, MmUnmapViewOfSection, ObOpenObjectByName, PsGetThreadTeb, KeDetachProcess, KeAttachProcess, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, KePulseEvent, ObQueryNameString, ZwOpenEvent, ZwSetInformationThread, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, LpcRequestWaitReplyPort, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, PsReferenceImpersonationToken, SeQueryInformationToken, SeTokenIsRestricted, PsCreateSystemThread, ObSetHandleAttributes, PsGetProcessDebugPort, ZwYieldExecution, RtlIntegerToChar, RtlUnicodeStringToAnsiString, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, KeSetPriorityThread, RtlUnicodeToMultiByteN, SeImpersonateClientEx, MmAdjustWorkingSetSize, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwQueryKey, ZwEnumerateValueKey, ZwSetValueKey, RtlMultiByteToUnicodeN, RtlFindMessage, wcsrchr, RtlEqualString, strrchr, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, IoQueryDeviceDescription, ExRundownCompleted, ExWaitForRundownProtectionRelease, ZwSetEvent, PoSetSystemState, PoRequestShutdownEvent, KeInitializeTimer, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, PsGetThreadFreezeCount, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, MmSystemRangeStart, IoFileObjectType, ZwOpenFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetStackLimits, MmCommitSessionMappedView, RtlCreateHeap, IoUnregisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, ZwCreateFile, ZwCancelIoFile, wcsncmp, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, ZwReadFile, ObReferenceObjectByName, IoDriverObjectType, IoCreateDriver, IoPnPDeliverServicePowerNotification, IoInvalidateDeviceRelations, LpcRequestPort, KeIsAttachedProcess, RtlEmptyAtomTable, RtlZeroHeap, _alldiv, _allshr, vsprintf, MmSecureVirtualMemory, KeRestoreFloatingPointState, KeSaveFloatingPointState, ZwQuerySystemInformation, ExSystemTimeToLocalTime, InterlockedCompareExchange, MmUnsecureVirtualMemory, RtlInsertElementGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, MmGrowKernelStack, PsGetCurrentThreadStackBase, ExSystemExceptionFilter, KeReadStateEvent, ZwQueryInformationFile, LdrAccessResource, LdrFindResource_U, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, RtlGetDefaultCodePage, ZwDeleteFile, LdrFindResourceDirectory_U, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageNtHeader, RtlImageDirectoryEntryToData, _strnicmp, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, strncmp, toupper, RtlWriteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, wcscmp, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, _alldvrm, _aulldiv, PsGetCurrentThreadPreviousMode, RtlCompareMemory, RtlCreateRegistryKey, MmQuerySystemSize, RtlEnumerateGenericTableAvl, RtlInitializeGenericTableAvl, PsTerminateSystemThread, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, _aulldvrm, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, MmAddVerifierThunks, PsGetThreadWin32Thread
watchdog.sys: WdDdiWatchdogDpcCallback, WdResumeDeferredWatch, WdSuspendDeferredWatch, WdAllocateDeferredWatchdog, WdStartDeferredWatch, WdStopDeferredWatch, WdFreeDeferredWatchdog, WdExitMonitoredSection, WdEnterMonitoredSection

[[ 225 export(s) ]]
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngReadStateEvent, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2

VT Community
 
Redirect Problems in San Jose, CA

Second Virus Total result:

File name:
win32k.sys
Submission date:
2010-12-11 17:58:44 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.12.11.00 2010.12.10 -
AntiVir 7.10.14.255 2010.12.10 -
Antiy-AVL 2.0.3.7 2010.12.11 -
Avast 4.8.1351.0 2010.12.11 -
Avast5 5.0.677.0 2010.12.11 -
AVG 9.0.0.851 2010.12.11 -
BitDefender 7.2 2010.12.11 -
CAT-QuickHeal 11.00 2010.12.11 -
ClamAV 0.96.4.0 2010.12.11 -
Command 5.2.11.5 2010.12.11 -
Comodo 7024 2010.12.11 -
DrWeb 5.0.2.03300 2010.12.11 -
Emsisoft 5.1.0.1 2010.12.11 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8034 2010.12.10 -
F-Prot 4.6.2.117 2010.12.11 -
F-Secure 9.0.16160.0 2010.12.11 -
Fortinet 4.2.254.0 2010.12.11 -
GData 21 2010.12.11 -
Ikarus T3.1.1.90.0 2010.12.11 -
Jiangmin 13.0.900 2010.12.11 -
K7AntiVirus 9.72.3219 2010.12.11 -
Kaspersky 7.0.0.125 2010.12.11 -
McAfee 5.400.0.1158 2010.12.11 -
McAfee-GW-Edition 2010.1C 2010.12.11 -
Microsoft 1.6402 2010.12.11 -
NOD32 5694 2010.12.11 -
Norman 6.06.12 2010.12.11 -
nProtect 2010-12-11.01 2010.12.11 -
Panda 10.0.2.7 2010.12.11 -
PCTools 7.0.3.5 2010.12.11 -
Prevx 3.0 2010.12.11 -
Rising 22.77.04.00 2010.12.11 -
Sophos 4.60.0 2010.12.11 -
SUPERAntiSpyware 4.40.0.1006 2010.12.11 -
Symantec 20101.3.0.103 2010.12.11 -
TheHacker 6.7.0.1.098 2010.12.11 -
TrendMicro 9.120.0.1004 2010.12.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.11 -
VBA32 3.12.14.2 2010.12.10 -
VIPRE 7604 2010.12.11 -
ViRobot 2010.12.11.4196 2010.12.11 -
VirusBuster 13.6.87.0 2010.12.11 -
Additional information
Show all
MD5 : a77b5764cd2106d36148cb5e5ddf6bc6
SHA1 : 81970c75177d770d45f71b4ec9b34b5a0241a81c
SHA256: c245aebcc20fb429c8f1a305521eaeadd5c3b31c439984a67053043c43a8124a
ssdeep: 49152:LImTORvyy3/d+Dc/lDTs/PC+IZPwccfh:LImTOYmd+DMDTsC0hJ
File size : 1852800 bytes
First seen: 2010-10-12 22:43:51
Last seen : 2010-12-11 17:58:44
TrID:
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Multi-User Win32 Driver
original name: win32k.sys
internal name: win32k.sys
file version.: 5.1.2600.6033 (xpsp_sp3_gdr.100831-1644)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1B17FF
timedatestamp....: 0x4C7D06CE (Tue Aug 31 13:42:38 2010)
machinetype......: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x380, 0x18DF47, 0x18DF80, 6.69, 44243a92680b42ff45ef5afb01ba27ff
.rdata, 0x18E300, 0xD084, 0xD100, 5.73, 5a5726cd99359db369567680e5ebdc8f
.data, 0x19B400, 0x1288C, 0x12900, 3.94, ffebf30ef46600abf749eafc9a376263
.kbdfall, 0x1ADD00, 0x63C, 0x680, 4.64, 3ba03356e2c3385ed25cd6aba303d5bd
.edata, 0x1AE380, 0x1AE3, 0x1B00, 5.97, 7e381ca9f55e372016eaa11cb35d5256
INIT, 0x1AFE80, 0x5796, 0x5800, 6.68, b8c890761499e7a7e3273093ba472da5
.rsrc, 0x1B5680, 0x2218, 0x2280, 3.51, 4436beb01e46fe54a982e7a7702f6c2b
.reloc, 0x1B7900, 0xCC74, 0xCC80, 6.76, 6aa4fe9da87ae7f682011a02b19ed39f

[[ 4 import(s) ]]
Dxapi.sys: _DxApiGetVersion@0
HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KeQueryPerformanceCounter
ntoskrnl.exe: PsSetProcessWin32Process, PsGetProcessWin32Process, ExAcquireFastMutexUnsafe, KeEnterCriticalRegion, PsGetCurrentProcessId, PsSetThreadWin32Thread, KeTickCount, ExReleaseFastMutexUnsafe, KeLeaveCriticalRegion, ObfDereferenceObject, ObfReferenceObject, RtlNtStatusToDosError, strchr, strncpy, KeAreApcsDisabled, ExAllocatePoolWithTagPriority, RtlRandom, MmIsVerifierEnabled, PsGetCurrentThread, KeBugCheckEx, PsGetCurrentProcess, ProbeForWrite, _except_handler3, ExRaiseAccessViolation, SeReleaseSecurityDescriptor, SeCaptureSecurityDescriptor, RtlInitUnicodeString, swprintf, _wcsicmp, ExRaiseDatatypeMisalignment, ObReferenceObjectByHandle, ExAcquireResourceExclusiveLite, PsGetProcessSessionId, PsProcessType, ExReleaseResourceLite, ObCloseHandle, ExRaiseStatus, InterlockedExchange, RtlAreAnyAccessesGranted, memmove, PsGetJobUIRestrictionsClass, PsGetJobLock, PsJobType, wcsncpy, RtlIntegerToUnicode, RtlIntegerToUnicodeString, PsGetThreadId, PsGetThreadProcessId, PsDereferenceImpersonationToken, PsDereferencePrimaryToken, SeTokenType, SeCreateClientSecurity, wcslen, ObOpenObjectByPointer, ExDesktopObjectType, RtlCopyUnicodeString, KeInitializeEvent, ExFreePoolWithTag, ExInitializeResourceLite, ExAllocatePoolWithTag, ZwCreateDirectoryObject, RtlUnicodeStringToInteger, wcschr, wcsstr, MmMapViewOfSection, MmCreateSection, MmMapViewInSessionSpace, MmUnmapViewInSessionSpace, RtlAllocateHeap, ZwSetSystemInformation, NlsMbCodePageTag, NlsAnsiCodePage, PsGetThreadProcess, PsIsSystemThread, PsGetProcessJob, wcscpy, RtlGetNtGlobalFlags, RtlCheckRegistryKey, ExWindowStationObjectType, PsGetCurrentProcessSessionId, PsGetProcessWin32WindowStation, RtlCompareUnicodeString, ZwQueryDefaultLocale, PsGetProcessPeb, InterlockedPopEntrySList, InterlockedPushEntrySList, PsGetProcessCreateTimeQuadPart, KeQuerySystemTime, KeClearEvent, RtlFreeHeap, PsLookupProcessByProcessId, PsGetThreadSessionId, PsLookupThreadByThreadId, ExDeletePagedLookasideList, ExIsResourceAcquiredExclusiveLite, ExInitializePagedLookasideList, KeWaitForMultipleObjects, KeWaitForSingleObject, _allmul, KeSetEvent, PsIsThreadTerminating, ZwClose, ExEventObjectType, ZwCreateEvent, ObReferenceObjectByPointer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, PsGetProcessImageFileName, PsThreadType, SeQueryAuthenticationIdToken, PsReferencePrimaryToken, PsGetProcessInheritedFromUniqueProcessId, PsSetProcessWindowStation, RtlInitializeBitMap, PsGetProcessId, PsGetProcessExitStatus, PsGetProcessExitProcessCalled, ZwQueryInformationProcess, KeSetKernelStackSwapEnable, SeTokenIsWriteRestricted, PsGetProcessSectionBaseAddress, ZwTerminateProcess, ExRaiseHardError, RtlWalkFrameChain, ExAllocatePoolWithQuotaTag, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, ZwQueryValueKey, ZwOpenKey, RtlDestroyHeap, _wcsnicmp, wcscat, KeDelayExecutionThread, InterlockedDecrement, NtQueryInformationProcess, RtlDestroyAtomTable, ExDeleteResourceLite, KeCancelTimer, KeRemoveSystemServiceTable, KeQueryInterruptTime, MmPageEntireDriver, MmUserProbeAddress, PsEstablishWin32Callouts, KeAddSystemServiceTable, ZwQueryDefaultUILanguage, ZwSetDefaultUILanguage, ZwSetDefaultLocale, ExIsResourceAcquiredSharedLite, ExAcquireResourceSharedLite, RtlQueryRegistryValues, ZwPowerInformation, KeResetEvent, ZwDeviceIoControlFile, IoGetRelatedDeviceObject, KeInitializeTimerEx, PsGetCurrentThreadId, InitSafeBootMode, RtlAreAllAccessesGranted, SeDeleteAccessState, ObCheckObjectAccess, SeCreateAccessState, SeReleaseSubjectContext, SeUnlockSubjectContext, SePrivilegeObjectAuditAlarm, SePrivilegeCheck, SeLockSubjectContext, SeCaptureSubjectContext, RtlCopySid, RtlLengthSid, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlCreateSecurityDescriptor, SeExports, ZwFreeVirtualMemory, ZwAllocateVirtualMemory, ZwQueryInformationToken, RtlEqualUnicodeString, ZwSetInformationObject, ZwQueryObject, ObCreateObject, KeUnstackDetachProcess, KeStackAttachProcess, ZwDuplicateObject, ObFindHandleForObject, RtlClearBits, RtlSetBits, ZwSetSecurityObject, RtlInitializeSid, RtlSubAuthoritySid, RtlLengthRequiredSid, RtlMapGenericMask, ObReleaseObjectSecurity, ObAssignSecurity, ObGetObjectSecurity, ObCheckCreateObjectAccess, MmUnmapViewOfSection, ObOpenObjectByName, PsGetThreadTeb, KeDetachProcess, KeAttachProcess, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, KePulseEvent, ObQueryNameString, ZwOpenEvent, ZwSetInformationThread, RtlPinAtomInAtomTable, RtlAddAtomToAtomTable, RtlCreateAtomTable, ExReleaseRundownProtection, LpcRequestWaitReplyPort, SeDeassignSecurity, ObSetSecurityDescriptorInfo, SeAssignSecurity, ObInsertObject, ZwOpenDirectoryObject, ExAcquireRundownProtection, ZwOpenProcessTokenEx, ZwOpenThreadTokenEx, PsReferenceImpersonationToken, SeQueryInformationToken, SeTokenIsRestricted, PsCreateSystemThread, ObSetHandleAttributes, PsGetProcessDebugPort, ZwYieldExecution, RtlIntegerToChar, RtlUnicodeStringToAnsiString, PsSetProcessPriorityByClass, PsSetProcessPriorityClass, PsGetProcessPriorityClass, KeSetPriorityThread, RtlUnicodeToMultiByteN, SeImpersonateClientEx, MmAdjustWorkingSetSize, KeSetTimer, RtlFreeUnicodeString, RtlFormatCurrentUserKeyPath, ZwQueryKey, ZwEnumerateValueKey, ZwSetValueKey, RtlMultiByteToUnicodeN, RtlFindMessage, wcsrchr, RtlEqualString, strrchr, ExGetSharedWaiterCount, ExGetExclusiveWaiterCount, IoQueryDeviceDescription, ExRundownCompleted, ExWaitForRundownProtectionRelease, ZwSetEvent, PoSetSystemState, PoRequestShutdownEvent, KeInitializeTimer, NlsOemCodePage, RtlLookupAtomInAtomTable, RtlDeleteAtomFromAtomTable, RtlQueryAtomInAtomTable, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, PsGetThreadFreezeCount, InterlockedIncrement, RtlUnicodeToMultiByteSize, RtlMultiByteToUnicodeSize, KeUserModeCallback, MmSystemRangeStart, IoFileObjectType, ZwOpenFile, IofCallDriver, IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoGetStackLimits, MmCommitSessionMappedView, RtlCreateHeap, IoUnregisterPlugPlayNotification, IoWMIQuerySingleInstance, IoWMIHandleToInstanceName, IoWMIOpenBlock, ZwCreateFile, ZwCancelIoFile, wcsncmp, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, ZwReadFile, ObReferenceObjectByName, IoDriverObjectType, IoCreateDriver, IoPnPDeliverServicePowerNotification, IoInvalidateDeviceRelations, LpcRequestPort, KeIsAttachedProcess, RtlEmptyAtomTable, RtlZeroHeap, _alldiv, _allshr, vsprintf, MmSecureVirtualMemory, KeRestoreFloatingPointState, KeSaveFloatingPointState, ZwQuerySystemInformation, ExSystemTimeToLocalTime, InterlockedCompareExchange, MmUnsecureVirtualMemory, RtlInsertElementGenericTableAvl, RtlDeleteElementGenericTableAvl, RtlLookupElementGenericTableAvl, KeInitializeDpc, ExIsProcessorFeaturePresent, RtlFillMemoryUlong, RtlTimeToTimeFields, MmGrowKernelStack, PsGetCurrentThreadStackBase, ExSystemExceptionFilter, KeReadStateEvent, ZwQueryInformationFile, LdrAccessResource, LdrFindResource_U, RtlUnicodeToCustomCPN, RtlCustomCPToUnicodeN, RtlInitCodePageTable, RtlGetDefaultCodePage, ZwDeleteFile, LdrFindResourceDirectory_U, RtlEqualSid, MmHighestUserAddress, PsRevertToSelf, RtlUnicodeToOemN, ZwCreateKey, RtlFreeAnsiString, RtlImageNtHeader, RtlImageDirectoryEntryToData, _strnicmp, PsSetThreadHardErrorsAreDisabled, PsGetThreadHardErrorsAreDisabled, strncmp, toupper, RtlWriteRegistryValue, ZwEnumerateKey, IoOpenDeviceRegistryKey, wcscmp, IoGetDeviceProperty, ZwDeleteKey, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, IoSynchronousInvalidateDeviceRelations, IoCreateFile, MmSectionObjectType, ZwSetInformationFile, ZwQueryVolumeInformationFile, IoSetThreadHardErrorMode, _alldvrm, _aulldiv, PsGetCurrentThreadPreviousMode, RtlCompareMemory, RtlCreateRegistryKey, MmQuerySystemSize, RtlEnumerateGenericTableAvl, RtlInitializeGenericTableAvl, PsTerminateSystemThread, RtlUpcaseUnicodeString, RtlExtendedLargeIntegerDivide, _aulldvrm, IoQueueThreadIrp, IoBuildAsynchronousFsdRequest, qsort, MmAddVerifierThunks, PsGetThreadWin32Thread
watchdog.sys: WdDdiWatchdogDpcCallback, WdResumeDeferredWatch, WdSuspendDeferredWatch, WdAllocateDeferredWatchdog, WdStartDeferredWatch, WdStopDeferredWatch, WdFreeDeferredWatchdog, WdExitMonitoredSection, WdEnterMonitoredSection

[[ 225 export(s) ]]
BRUSHOBJ_hGetColorTransform, BRUSHOBJ_pvAllocRbrush, BRUSHOBJ_pvGetRbrush, BRUSHOBJ_ulGetBrushColor, CLIPOBJ_bEnum, CLIPOBJ_cEnumStart, CLIPOBJ_ppoGetPath, EngAcquireSemaphore, EngAllocMem, EngAllocPrivateUserMem, EngAllocSectionMem, EngAllocUserMem, EngAlphaBlend, EngAssociateSurface, EngBitBlt, EngBugCheckEx, EngCheckAbort, EngClearEvent, EngComputeGlyphSet, EngControlSprites, EngCopyBits, EngCreateBitmap, EngCreateClip, EngCreateDeviceBitmap, EngCreateDeviceSurface, EngCreateDriverObj, EngCreateEvent, EngCreatePalette, EngCreatePath, EngCreateSemaphore, EngCreateWnd, EngDebugBreak, EngDebugPrint, EngDeleteClip, EngDeleteDriverObj, EngDeleteEvent, EngDeleteFile, EngDeletePalette, EngDeletePath, EngDeleteSafeSemaphore, EngDeleteSemaphore, EngDeleteSurface, EngDeleteWnd, EngDeviceIoControl, EngDitherColor, EngDxIoctl, EngEnumForms, EngEraseSurface, EngFileIoControl, EngFileWrite, EngFillPath, EngFindImageProcAddress, EngFindResource, EngFntCacheAlloc, EngFntCacheFault, EngFntCacheLookUp, EngFreeMem, EngFreeModule, EngFreePrivateUserMem, EngFreeSectionMem, EngFreeUserMem, EngGetCurrentCodePage, EngGetCurrentProcessId, EngGetCurrentThreadId, EngGetDriverName, EngGetFileChangeTime, EngGetFilePath, EngGetForm, EngGetLastError, EngGetPrinter, EngGetPrinterData, EngGetPrinterDataFileName, EngGetPrinterDriver, EngGetProcessHandle, EngGetTickCount, EngGetType1FontList, EngGradientFill, EngHangNotification, EngInitializeSafeSemaphore, EngIsSemaphoreOwned, EngIsSemaphoreOwnedByCurrentThread, EngLineTo, EngLoadImage, EngLoadModule, EngLoadModuleForWrite, EngLockDirectDrawSurface, EngLockDriverObj, EngLockSurface, EngLpkInstalled, EngMapEvent, EngMapFile, EngMapFontFile, EngMapFontFileFD, EngMapModule, EngMapSection, EngMarkBandingSurface, EngModifySurface, EngMovePointer, EngMulDiv, EngMultiByteToUnicodeN, EngMultiByteToWideChar, EngNineGrid, EngPaint, EngPlgBlt, EngProbeForRead, EngProbeForReadAndWrite, EngQueryDeviceAttribute, EngQueryLocalTime, EngQueryPalette, EngQueryPerformanceCounter, EngQueryPerformanceFrequency, EngQuerySystemAttribute, EngReadStateEvent, EngReleaseSemaphore, EngRestoreFloatingPointState, EngSaveFloatingPointState, EngSecureMem, EngSetEvent, EngSetLastError, EngSetPointerShape, EngSetPointerTag, EngSetPrinterData, EngSort, EngStretchBlt, EngStretchBltROP, EngStrokeAndFillPath, EngStrokePath, EngTextOut, EngTransparentBlt, EngUnicodeToMultiByteN, EngUnloadImage, EngUnlockDirectDrawSurface, EngUnlockDriverObj, EngUnlockSurface, EngUnmapEvent, EngUnmapFile, EngUnmapFontFile, EngUnmapFontFileFD, EngUnsecureMem, EngWaitForSingleObject, EngWideCharToMultiByte, EngWritePrinter, FLOATOBJ_Add, FLOATOBJ_AddFloat, FLOATOBJ_AddFloatObj, FLOATOBJ_AddLong, FLOATOBJ_Div, FLOATOBJ_DivFloat, FLOATOBJ_DivFloatObj, FLOATOBJ_DivLong, FLOATOBJ_Equal, FLOATOBJ_EqualLong, FLOATOBJ_GetFloat, FLOATOBJ_GetLong, FLOATOBJ_GreaterThan, FLOATOBJ_GreaterThanLong, FLOATOBJ_LessThan, FLOATOBJ_LessThanLong, FLOATOBJ_Mul, FLOATOBJ_MulFloat, FLOATOBJ_MulFloatObj, FLOATOBJ_MulLong, FLOATOBJ_Neg, FLOATOBJ_SetFloat, FLOATOBJ_SetLong, FLOATOBJ_Sub, FLOATOBJ_SubFloat, FLOATOBJ_SubFloatObj, FLOATOBJ_SubLong, FONTOBJ_cGetAllGlyphHandles, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, FONTOBJ_pfdg, FONTOBJ_pifi, FONTOBJ_pjOpenTypeTablePointer, FONTOBJ_pvTrueTypeFontFile, FONTOBJ_pwszFontFilePaths, FONTOBJ_pxoGetXform, FONTOBJ_vGetInfo, HT_ComputeRGBGammaTable, HT_Get8BPPFormatPalette, HT_Get8BPPMaskPalette, HeapVidMemAllocAligned, PALOBJ_cGetColors, PATHOBJ_bCloseFigure, PATHOBJ_bEnum, PATHOBJ_bEnumClipLines, PATHOBJ_bMoveTo, PATHOBJ_bPolyBezierTo, PATHOBJ_bPolyLineTo, PATHOBJ_vEnumStart, PATHOBJ_vEnumStartClipLines, PATHOBJ_vGetBounds, RtlAnsiCharToUnicodeChar, RtlMultiByteToUnicodeN, RtlRaiseException, RtlUnicodeToMultiByteN, RtlUnicodeToMultiByteSize, RtlUnwind, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeToMultiByteN, STROBJ_bEnum, STROBJ_bEnumPositionsOnly, STROBJ_bGetAdvanceWidths, STROBJ_dwGetCodePage, STROBJ_fxBreakExtra, STROBJ_fxCharacterExtra, STROBJ_vEnumStart, VidMemFree, WNDOBJ_bEnum, WNDOBJ_cEnumStart, WNDOBJ_vSetConsumer, XFORMOBJ_bApplyXform, XFORMOBJ_iGetFloatObjXform, XFORMOBJ_iGetXform, XLATEOBJ_cGetPalette, XLATEOBJ_hGetColorTransform, XLATEOBJ_iXlate, XLATEOBJ_piVector, _abnormal_termination, _except_handler2, _global_unwind2, _itoa, _itow, _local_unwind2

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
 
Redirect Problems in San Jose, CA

Third file from virus total. This one appears to have one hit.

Antivirus Version Last Update Result
AhnLab-V3 2010.12.11.00 2010.12.10 -
AntiVir 7.10.14.255 2010.12.10 -
Antiy-AVL 2.0.3.7 2010.12.11 -
Avast 4.8.1351.0 2010.12.11 -
Avast5 5.0.677.0 2010.12.11 -
AVG 9.0.0.851 2010.12.11 -
BitDefender 7.2 2010.12.11 -
CAT-QuickHeal 11.00 2010.12.11 -
ClamAV 0.96.4.0 2010.12.11 -
Command 5.2.11.5 2010.12.11 -
Comodo 7024 2010.12.11 -
DrWeb 5.0.2.03300 2010.12.11 -
Emsisoft 5.1.0.1 2010.12.11 -
eSafe 7.0.17.0 2010.12.09 -
eTrust-Vet 36.1.8034 2010.12.10 -
F-Prot 4.6.2.117 2010.12.11 -
F-Secure 9.0.16160.0 2010.12.11 -
Fortinet 4.2.254.0 2010.12.11 -
GData 21 2010.12.11 -
Ikarus T3.1.1.90.0 2010.12.11 -
Jiangmin 13.0.900 2010.12.11 -
K7AntiVirus 9.72.3219 2010.12.11 -
Kaspersky 7.0.0.125 2010.12.11 -
McAfee 5.400.0.1158 2010.12.11 -
McAfee-GW-Edition 2010.1C 2010.12.11 -
Microsoft 1.6402 2010.12.11 -
NOD32 5694 2010.12.11 -
Norman 6.06.12 2010.12.11 -
nProtect 2010-12-11.01 2010.12.11 -
Panda 10.0.2.7 2010.12.11 -
PCTools 7.0.3.5 2010.12.11 -
Prevx 3.0 2010.12.11 -
Rising 22.77.04.00 2010.12.11 -
Sophos 4.60.0 2010.12.11 -
SUPERAntiSpyware 4.40.0.1006 2010.12.11 -
Symantec 20101.3.0.103 2010.12.11 -
TheHacker 6.7.0.1.098 2010.12.11 Trojan/Downloader.Zlob.bpbl
TrendMicro 9.120.0.1004 2010.12.11 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.11 -
VBA32 3.12.14.2 2010.12.10 -
VIPRE 7604 2010.12.11 -
ViRobot 2010.12.11.4196 2010.12.11 -
VirusBuster 13.6.87.0 2010.12.11 -
Additional information
Show all
MD5 : b3fdf6e7b0aecd48ca7e4921773fb606
SHA1 : 55283ad59439134673fc32fc097bdd9ae920fbc6
SHA256: 1e2f2a8fb52d3972b9b65b8ad1bebb66965c47a2994f89b3d652c31e6f6e4c3c
ssdeep: 24576:c7Rz+6GVlkicMgH6I7kuF7Xc+qaM9oXDEmHbGrXjk5rOTm:E+6cY75ZLqaMsDp6ro6m
File size : 1110476 bytes
First seen: 2010-11-18 20:01:31
Last seen : 2010-12-11 18:17:07
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): NSIS, Unicode, UTF-8
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x323C
timedatestamp....: 0x4B1AE3C6 (Sat Dec 05 22:50:46 2009)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5A5A, 0x5C00, 6.42, 0bc2ffd32265a08d72b795b18265828d
.rdata, 0x7000, 0x1190, 0x1200, 5.18, f179218a059068529bdb4637ef5fa28e
.data, 0x9000, 0x1AF98, 0x400, 4.71, 975304d6dd6c4a4f076b15511e2bbbc0
.ndata, 0x24000, 0x9000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0x2D000, 0x4118, 0x4200, 5.85, 77483af972a8e757d8ba96b88dc0c038

[[ 8 import(s) ]]
KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
ExifTool:
file metadata
CodeSize: 23552
EntryPoint: 0x323c
FileSize: 1084 kB
FileType: Win32 EXE
ImageVersion: 6.0
InitializedDataSize: 119808
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2009:12:05 23:50:46+01:00
UninitializedDataSize: 1024

VT Community
 
Redirect Problems in San Jose, CA

And, finally, here is the OTL log:

OTL logfile created on: 12/11/2010 10:22:47 AM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Joycellen Floyd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 414.00 Mb Available Physical Memory | 40.00% Memory free
926.00 Mb Paging File | 469.00 Mb Available in Paging File | 51.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.60 Gb Free Space | 31.18% Space Free | Partition Type: NTFS
Drive D: | 7.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DELL | User Name: Joycellen Floyd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/29 17:27:57 | 000,006,148 | -H-- | M] () -- C:\.DS_Store
[2010/05/29 12:33:36 | 000,058,684 | ---- | M] () -- C:\aaw7boot.log
[2006/07/25 21:27:32 | 000,003,143 | ---- | M] () -- C:\acttmp.dat
[2005/12/15 21:58:19 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/15 21:58:19 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2004/01/04 22:19:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/24 20:39:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/01 21:34:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/06 18:02:47 | 000,013,833 | ---- | M] () -- C:\ComboFix.txt
[2004/01/05 19:34:24 | 000,000,000 | ---- | M] () -- C:\COMLOG.txt
[2004/01/04 22:19:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/23 21:14:21 | 000,016,922 | ---- | M] () -- C:\drwtsn32.log
[2005/01/23 22:54:51 | 000,024,576 | ---- | M] () -- C:\Experimental Matrix.doc
[2008/02/18 18:21:28 | 000,084,526 | ---- | M] () -- C:\fort_sdc-1.jpg
[2004/09/02 22:08:52 | 000,022,016 | ---- | M] () -- C:\Gary Garrels.doc
[2010/12/11 08:47:21 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/13 17:15:23 | 001,427,740 | ---- | M] () -- C:\hpfr5550.log
[2008/12/13 17:15:23 | 000,000,550 | ---- | M] () -- C:\hpfr5550.xml
[2004/01/04 22:19:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/06/25 21:47:18 | 000,033,436 | ---- | M] () -- C:\iTrip.xml
[2007/01/28 14:28:03 | 000,024,064 | ---- | M] () -- C:\Joe Science Project.doc
[2004/09/02 10:37:28 | 000,028,672 | ---- | M] () -- C:\Madeleine Grynsztejn.doc
[2007/01/28 18:34:11 | 000,031,744 | ---- | M] () -- C:\Media paper.doc
[2004/01/04 22:19:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/01/15 15:19:36 | 000,000,389 | ---- | M] () -- C:\My Documents.lnk
[2005/08/23 07:25:49 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/16 10:37:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/01/21 15:47:40 | 000,020,480 | ---- | M] () -- C:\parking permit ticket review.doc
[2004/09/02 22:08:34 | 000,031,744 | ---- | M] () -- C:\Philippe de Montebello kimmelman profile.doc
[2006/01/20 19:26:30 | 000,001,754 | ---- | M] () -- C:\photodex-presenter-install.log
[2006/06/23 13:24:19 | 000,184,320 | ---- | M] () -- C:\PlayerHost.dll
[2006/01/01 22:07:42 | 000,001,419 | ---- | M] () -- C:\smitfiles.txt
[2007/10/27 11:59:06 | 000,005,092 | ---- | M] () -- C:\st leo lion_alumni gif.gif
[2007/10/27 19:18:11 | 000,035,560 | ---- | M] () -- C:\st leo logo edited.jpg
[2007/10/27 13:08:41 | 000,030,861 | ---- | M] () -- C:\st leo logo.jpg
[2010/07/09 22:26:19 | 000,066,048 | ---- | M] () -- C:\Zinsser Tips.doc
[2007/01/27 16:25:22 | 000,000,162 | -H-- | M] () -- C:\~$e Science Project.doc

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/01/04 13:58:17 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/01/04 13:58:17 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/01/04 13:58:17 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /md5 >
[2008/04/13 10:46:18 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=C1536905AD2067812A238BCE998F4BFF -- C:\WINDOWS\system32\drivers\1394bus.sys
[2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) MD5=0F2D66D5F08EBE2F77BB904288DCF6F0 -- C:\WINDOWS\system32\drivers\ac97intc.sys
[2008/04/13 10:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\system32\drivers\acpi.sys
[2001/08/18 04:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) MD5=9859C0F6936E723E4892D7141B1327D5 -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008/04/13 08:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys
[2008/08/14 02:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 10:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) MD5=03A7E0922ACFE1B07D5DB2EEB0773063 -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2008/04/13 10:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) MD5=CB08AED0DE2DD889A8A820CD8082D83C -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) MD5=95B4FB835E28AA1336CEEB07FD5B9398 -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 10:31:32 | 000,037,376 | ---- | M] (Microsoft Corporation) MD5=D7701D7E72243286CC88C9973D891057 -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 10:31:33 | 000,037,760 | ---- | M] (Microsoft Corporation) MD5=8FCE268CDBDD83B23419D1F35F42C7B1 -- C:\WINDOWS\system32\drivers\amdk7.sys
[2001/07/25 17:56:48 | 000,167,309 | ---- | M] (Conexant Systems) MD5=76C432D458995DCBF17F7AED9766F9E6 -- C:\WINDOWS\system32\drivers\amosnt.sys
[2006/12/07 14:56:02 | 000,015,104 | ---- | M] (ArcSoft, Inc.) MD5=DB3241F2573E1FB9837AE561FA4622DF -- C:\WINDOWS\system32\drivers\ArcSoftVirtualCapture.sys
[2008/04/13 10:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=B5B8A80875C1DEDEDA8B02765642C32F -- C:\WINDOWS\system32\drivers\arp1394.sys
[2004/01/04 23:46:43 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) MD5=D880831279ED91F9A4190A2DB9539EA9 -- C:\WINDOWS\system32\drivers\asctrm.sys
[2008/04/13 10:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=B153AFFAC761E7F5FCFA822B9C4E97BC -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:29:29 | 000,056,623 | ---- | M] (ATI Technologies Inc.) MD5=D649C57DA6FA762C64013747E5D7D2D6 -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 21:29:29 | 000,011,615 | ---- | M] (ATI Technologies Inc.) MD5=60B6AA2DC1521DA343F781B70EB7895A -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 21:29:29 | 000,012,047 | ---- | M] (ATI Technologies Inc.) MD5=6FDC61E8E8E17F6ECC2D9A10FA8DF347 -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 21:29:30 | 000,030,671 | ---- | M] (ATI Technologies Inc.) MD5=9D318099BF3876A4AF4BC75966D27603 -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 21:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 21:29:31 | 000,026,367 | ---- | M] (ATI Technologies Inc.) MD5=DAC7D785CF62F5BD41441E9D6F5A6EFE -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 21:29:31 | 000,021,343 | ---- | M] (ATI Technologies Inc.) MD5=F7706DAE7D101F1B19CE552D772EBFCE -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 21:29:31 | 000,036,463 | ---- | M] (ATI Technologies Inc.) MD5=6F714B4720DD80FFA9F8D2731594EA4C -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 21:29:31 | 000,029,455 | ---- | M] (ATI Technologies Inc.) MD5=67FFBC158DD4D27BA3FC92C6ACD87F73 -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 21:29:31 | 000,034,735 | ---- | M] (ATI Technologies Inc.) MD5=0D8CAB1F08F7D3C4DE228B49E12E596A -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2001/08/17 04:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) MD5=9027AE586EF5F0E6A40175E92917B44C -- C:\WINDOWS\system32\drivers\ati2mpaa.sys
[2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) MD5=075E091EEBB450EEDAE9DA74F5B46494 -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 21:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) MD5=8759322FFC1A50569C1E5528EE8026B7 -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 21:29:27 | 000,057,856 | ---- | M] (ATI Technologies Inc.) MD5=993E7BD6438FE989E328C6B4BCA246A9 -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 21:29:28 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=ED4C2BF8403F4437987C0BA09CF48716 -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 21:29:29 | 000,014,336 | ---- | M] (ATI Technologies Inc.) MD5=E90AC2B14E98F1A4372E5891B4278784 -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 21:29:29 | 000,052,224 | ---- | M] (ATI Technologies Inc.) MD5=DA36687D701C833430605A298731410B -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 21:29:30 | 000,104,960 | ---- | M] (ATI Technologies Inc.) MD5=A7A01B907DB63898D40B0A14248FF9A2 -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 21:29:30 | 000,028,672 | ---- | M] (ATI Technologies Inc.) MD5=CEDDEE2E0591894D19654D458FD3B9BE -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 21:29:30 | 000,013,824 | ---- | M] (ATI Technologies Inc.) MD5=D80A8F6C0A717446496C3A06D33B0D9C -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 21:29:31 | 000,073,216 | ---- | M] (ATI Technologies Inc.) MD5=EDD66332608D27F4FD5069BCD0BC5164 -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 21:29:31 | 000,031,744 | ---- | M] (ATI Technologies Inc.) MD5=3E7D485CBD0B0D9F6EA2AD9442411831 -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 21:29:31 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 10:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) MD5=9916C1225104BA14794209CFA8012159 -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2001/08/18 04:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) MD5=39A0A59180F19946374275745B21AEBA -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 10:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=AE76348A2605FB197FA8FF1D6F547836 -- C:\WINDOWS\system32\drivers\atmlane.sys
[2001/08/18 04:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) MD5=E7EF69B38D17BA01F914AE8F66216A38 -- C:\WINDOWS\system32\drivers\atmuni.sys
[2007/04/13 09:30:39 | 000,025,136 | ---- | M] (America Online) MD5=0D74D0AA2ECCB5E2019B5E10C38AFD19 -- C:\WINDOWS\system32\drivers\atwpkt2.sys
[2007/04/13 09:30:43 | 000,033,592 | ---- | M] (America Online) MD5=D63802C63DCAC9D2450333105C81E91E -- C:\WINDOWS\system32\drivers\atwpkt264.sys
[2001/08/17 05:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=D9F724AA26C010A217C97606B160ED68 -- C:\WINDOWS\system32\drivers\audstub.sys
[2009/02/13 11:17:49 | 000,045,416 | ---- | M] (Avira GmbH) MD5=5B44C214F9CD9F590BE9125347610380 -- C:\WINDOWS\system32\drivers\avgntdd.sys
[2010/11/22 18:18:34 | 000,061,960 | ---- | M] (Avira GmbH) MD5=47B879406246FFDCED59E18D331A0E7D -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2010/06/17 14:27:26 | 000,022,360 | ---- | M] (Avira GmbH) MD5=87451AA7CC6B6A590EBCEA05E755075A -- C:\WINDOWS\system32\drivers\avgntmgr.sys
[2010/08/02 15:10:10 | 000,126,856 | ---- | M] (Avira GmbH) MD5=F8C56231ED5ECF7D1B46B0330880CCEF -- C:\WINDOWS\system32\drivers\avipbb.sys
[2001/07/18 19:01:56 | 000,077,426 | ---- | M] (Conexant Systems) MD5=9372CC48814A17E67C28945EB4ACC189 -- C:\WINDOWS\system32\drivers\basic2.sys
[2008/04/13 10:46:21 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=56B7F78228CC41FFA1F5BDF3AF799D19 -- C:\WINDOWS\system32\drivers\bdasup.sys
[2001/08/18 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
[2008/04/13 10:53:23 | 000,071,552 | ---- | M] (Microsoft Corporation) MD5=F934D1B230F84E1D19DD00AC5A7A83ED -- C:\WINDOWS\system32\drivers\bridge.sys
[2008/04/13 10:46:33 | 000,017,024 | ---- | M] (Microsoft Corporation) MD5=B279426E3C0C344893ED78A613A73BDE -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 10:46:33 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=FCA6F069597B62D42495191ACE3FC6C1 -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 10:51:34 | 000,101,120 | ---- | M] (Microsoft Corporation) MD5=80602B8746D3738F5886CE3D67EF06B6 -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 03:05:51 | 000,272,128 | ---- | M] (Microsoft Corporation) MD5=662BFD909447DD9CC15B1A1C366583B4 -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 10:46:31 | 000,036,480 | ---- | M] (Microsoft Corporation) MD5=BB68CEBFFD181E18A26112D1B9F90F3D -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 10:46:29 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=61364CD71EF63B0F038B7E9DF00F1EFA -- C:\WINDOWS\system32\drivers\bthusb.sys
[2008/01/07 12:31:18 | 000,049,904 | R--- | M] (Avanquest Software) MD5=248DFA5762DDE38DFDDBBD44149E9D7A -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
[2001/08/18 04:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) MD5=90A673FC8E12A79AFBED2576F6A7AAF9 -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008/04/13 10:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) MD5=0BE5AEF125BE881C4F854C554F2B025C -- C:\WINDOWS\system32\drivers\ccdecode.sys
[2001/08/18 04:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) MD5=C1B486A7658353D33A10CC15211A873B -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 11:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=C885B02847F5D2FD45A24E219ED93B32 -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008/04/13 10:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2001/08/18 04:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) MD5=B562592B7F5759C99E179CA467ECFB4C -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 11:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINDOWS\system32\drivers\classpnp.sys
[2001/08/18 04:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) MD5=9624293E55AD405415862B504CA95B73 -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 10:31:32 | 000,036,736 | ---- | M] (Microsoft Corporation) MD5=F50D9BDBB25CCE075E514DC07472A22F -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008/04/13 10:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 10:40:44 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=E65E2353A5D74EA89971CB918EEEB2F6 -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 10:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) MD5=D992FE1274BDE0F84AD826ACAE022A41 -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 10:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) MD5=7C824CF7BBDE77D95C08005717A95F6F -- C:\WINDOWS\system32\drivers\dmio.sys
[2001/08/18 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) MD5=E9317282A63CA4D188C0DF5E09C6AC5F -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 10:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) MD5=8A208DFCF89792A484E76C40E5F50B45 -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008/04/13 10:45:14 | 000,060,160 | ---- | M] (Microsoft Corporation) MD5=6CB08593487F5701D2D2254E693EAFCE -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 10:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=8F5FCFF8E8848AFAC920905FBD9D33C8 -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2001/08/23 05:00:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=FE97D0343ACFDEBDD578FC67CC91FA87 -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 10:38:29 | 000,071,168 | ---- | M] (Microsoft Corporation) MD5=AC7280566A7BB85CB3291F04DDC1198E -- C:\WINDOWS\system32\drivers\dxg.sys
[2001/08/18 04:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=80D1B490B60E74E002DC116EC5D41748 -- C:\WINDOWS\system32\drivers\enum1394.sys
[2001/08/09 18:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) MD5=F9472131367D39435D750F5FA3D23582 -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS
[2001/07/18 19:04:04 | 000,310,899 | ---- | M] (Conexant Systems) MD5=9EA76A7F28CD968F8ADC709E479F23B2 -- C:\WINDOWS\system32\drivers\fallback.sys
[2008/04/13 11:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys
[2001/07/18 19:05:26 | 000,217,019 | ---- | M] (Conexant Systems) MD5=413CFA795CAD19A010889DF0EC060408 -- C:\WINDOWS\system32\drivers\faxnt.sys
[2008/04/13 10:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) MD5=92CDD60B6730B9F50F6A1A0C1F8CDC81 -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 10:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=D45926117EB9FA946A6AF572FBE1CAA3 -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 10:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=9D27E7B80BFCDF1CDD9B555862D5E7F0 -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 10:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2001/07/18 19:06:12 | 000,127,405 | ---- | M] (Conexant Systems) MD5=B7B262D0431374F3AFD1349E35B368D9 -- C:\WINDOWS\system32\drivers\fsksnt.sys
[2001/08/18 04:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=455F778EE14368468560BD7CB8C854D0 -- C:\WINDOWS\system32\drivers\fsvga.sys
[2001/08/18 04:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) MD5=3E1E2BD4F39B0E2B7DC4F4D2BCC2779A -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2001/08/18 04:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) MD5=6AC26732762483366C3969C9E4D2259D -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 10:36:40 | 000,046,464 | ---- | M] (Microsoft Corporation) MD5=3A74C423CF6BCCA6982715878F450A3B -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) MD5=8182FF89C65E4D38B2DE4BB0FB18564E -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) MD5=573C7D0A32852B48F3058CFD8026F511 -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2008/04/13 10:46:30 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=7BD2DE4C85EB4241EED57672B16A7D8D -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 10:45:26 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=1AF592532532A402ED7C060F6954004F -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 10:45:26 | 000,019,200 | ---- | M] (Microsoft Corporation) MD5=BB1A6FB7D35A91E599973FA74A619056 -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 10:45:22 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=96ECCF28FDBF1B2CC12725818A63628D -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 10:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) MD5=CCF82C5EC8A7326C3066DE870C06DAF1 -- C:\WINDOWS\system32\drivers\hidusb.sys
[2004/08/03 21:41:46 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) MD5=970178E8E003EB1481293830069624B9 -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 21:41:48 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) MD5=1225EBEA76AAC3C84DF6C54FE5E5D8BE -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 21:41:54 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) MD5=EBB354438A4C5A3327FB97306260714A -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2001/08/17 05:28:04 | 000,150,239 | ---- | M] (Conexant) MD5=93EC3CB49592633B0D0E159A20BB3604 -- C:\WINDOWS\system32\drivers\HSF_AMOS.sys
[2001/08/17 05:28:04 | 000,067,167 | ---- | M] (Conexant) MD5=1B9C81AB9A456EABD9F8335F04B5F495 -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys
[2001/07/25 17:58:28 | 000,584,336 | ---- | M] (Conexant Systems) MD5=A941AA38E3951058E584C4BBDDD56ED9 -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys
[2001/08/17 05:28:06 | 000,289,887 | ---- | M] (Conexant) MD5=C823DEBE2548656549F84A875D65237B -- C:\WINDOWS\system32\drivers\HSF_FALL.sys
[2001/08/17 05:28:06 | 000,199,711 | ---- | M] (Conexant) MD5=D9E8E0CE154A2F6430D9EFABDF730867 -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys
[2001/08/17 05:28:06 | 000,115,807 | ---- | M] (Conexant) MD5=6483414841D4CAB6C3B4DB2AC6EDD70B -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys
[2001/08/17 05:28:08 | 000,391,199 | ---- | M] (Conexant) MD5=9C5E3FDBFCC30CF71A49CA178B9AD442 -- C:\WINDOWS\system32\drivers\HSF_K56K.sys
[2001/08/17 05:28:10 | 000,542,879 | ---- | M] (Conexant) MD5=74E379857D4C0DFB56DE2D19B8F4C434 -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys
[2001/08/17 05:28:10 | 000,057,471 | ---- | M] (Conexant) MD5=BB7549BD94D1AAC3599C7606C50C48A0 -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys
[2001/08/17 05:28:10 | 000,044,863 | ---- | M] (Conexant) MD5=724BD3830863E2774EB17311414A865E -- C:\WINDOWS\system32\drivers\HSF_SOAR.sys
[2001/08/17 05:28:10 | 000,073,279 | ---- | M] (Conexant) MD5=6C843C43FD7F0B42CFE477CE88D0F9B3 -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys
[2001/08/17 05:28:12 | 000,050,751 | ---- | M] (Conexant) MD5=8021A499DB46B2961C285168671CB9AF -- C:\WINDOWS\system32\drivers\HSF_TONE.sys
[2001/08/17 05:28:12 | 000,488,383 | ---- | M] (Conexant) MD5=269C0ADE94B90029B12497747BE408CB -- C:\WINDOWS\system32\drivers\HSF_V124.sys
[2009/10/20 08:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) MD5=F80A415EF82CD06FFAF0D971528EAD38 -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 10:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2001/11/06 00:00:00 | 000,013,654 | ---- | M] (Intel Corporation) MD5=4755DB407CECCD6B91F4B683C3197187 -- C:\WINDOWS\system32\drivers\IdeBusDr.sys
[2001/11/06 00:00:00 | 000,087,018 | ---- | M] (Intel Corporation) MD5=B5E01B50B08B440018F437AEBED0BCCF -- C:\WINDOWS\system32\drivers\IdeChnDr.sys
[2008/04/13 10:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 10:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=B5466A9250342A7AA0CD1FBA13420678 -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 10:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=8C953733D8F36EB2133F5BB58808B66B -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 10:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) MD5=3BB22519A194418D5FEC05D800A19AD0 -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2001/08/23 00:33:12 | 000,010,192 | R--- | M] (Microsoft Corporation) MD5=D0B3DEE109AF605885C46A59BFC24CD2 -- C:\WINDOWS\system32\drivers\ipfilter.sys
[2001/08/18 04:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) MD5=731F22BA402EE4B62748ADAF6363C182 -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 10:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) MD5=B87AB476DCF76E72010632B5550955F5 -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 10:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) MD5=CC748EA12C6EFFDE940EE98098BF96BB -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 11:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 10:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=C93C9FF7B04D772627A3646D89F7BF89 -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 10:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001/07/18 19:06:40 | 000,426,783 | ---- | M] (Conexant Systems) MD5=A4E3277398C8ABA999483D4C658C9696 -- C:\WINDOWS\system32\drivers\k56nt.sys
[2008/04/13 09:39:48 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 10:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) MD5=692BCF44383D056AED41B045A323D378 -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 10:16:36 | 000,141,056 | ---- | M] (Microsoft Corporation) MD5=0753515F78DF7F271A5E61C20BCD36A1 -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 03:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) MD5=B467646C54CC746128904E1654C750C1 -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2007/01/23 14:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) MD5=973F78482AA2F2760323900B3A501C40 -- C:\WINDOWS\system32\drivers\L8042mou.Sys
[2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) MD5=C91206CA84684057118265E8377C77B6 -- C:\WINDOWS\system32\drivers\LHidFilt.Sys
[2006/03/28 16:56:06 | 000,027,008 | ---- | M] (Logitech, Inc.) MD5=6A255DCBB15D429A545D0F8FC1427970 -- C:\WINDOWS\system32\drivers\LHidKE.Sys
[2006/03/28 16:55:20 | 000,036,736 | ---- | M] (Logitech, Inc.) MD5=60FCF7D9E2378D92C97BC2D6A21066B1 -- C:\WINDOWS\system32\drivers\LHidUsbK.sys
[2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) MD5=9F03720FA5E6D14CD4DFEA610F2C1A7C -- C:\WINDOWS\system32\drivers\LMouFilt.Sys
[2007/01/23 14:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) MD5=2A3E4DB78B20B2CD2C548A48A8E6B1B7 -- C:\WINDOWS\system32\drivers\LMouKE.Sys
[2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) MD5=9BC5A8F08CC4770C95F9C55D992DE929 -- C:\WINDOWS\system32\drivers\LUsbFilt.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) MD5=9B5CC6C481BDD00A963829B892623247 -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) MD5=E74DC2F3F9675A6025A4AA020EDD4341 -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2001/08/18 04:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D1F8BE91ED4DDB671D42E473E3FE71AB -- C:\WINDOWS\system32\drivers\mcd.sys
[2004/08/03 21:41:55 | 000,011,868 | ---- | M] (Conexant) MD5=195741AEE20369980796B557358CD774 -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 10:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) MD5=A7DA20AB18A1BDAE28B0F349E57DA0D1 -- C:\WINDOWS\system32\drivers\mf.sys
[2001/08/18 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4AE068242760A1FB6E1A44BF4E16AFA6 -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 11:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) MD5=DFCBAD3CEC1C5F964962AE10E0BCC8E1 -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 09:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=35C9E97194C8CFB8430125F8DBC34D04 -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 12:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) MD5=B1C303E17FB9D46E87A98E4BA6769685 -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 10:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 10:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) MD5=C0F8E0C2C3C0437CF37C6781896DC3EC -- C:\WINDOWS\system32\drivers\mpe.sys
[2008/04/13 10:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) MD5=11D42BB6206F33FBB3BA0288D3EF81BD -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2010/02/24 05:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 10:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) MD5=1477849772712BAC69C144DCF2C9CE81 -- C:\WINDOWS\system32\drivers\msdv.sys
[2008/04/13 10:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=C941EA2454BA8350021D774DAF0F1027 -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 10:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) MD5=0A02C63C8B144BD8C86B103DEE7C86A2 -- C:\WINDOWS\system32\drivers\msgpc.sys
[2000/10/03 15:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) MD5=877FFD0FB093B80F5ED6BA64D7921881 -- C:\WINDOWS\system32\drivers\Msikbd2k.sys
[2008/04/13 10:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) MD5=D1575E71568F4D9E14CA56B7B0453BF1 -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 10:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) MD5=325BB26842FC7CCC1FCCE2C457317F3E -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 10:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) MD5=BAD59648BA099DA4A17680B39730CB3D -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 10:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) MD5=AF5F4F3F14A8EA2C26DE30F7A1E17136 -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008/04/13 10:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=E53736A9E30C45FA9E7B5EAC55056D1D -- C:\WINDOWS\system32\drivers\mstee.sys
[2004/08/03 21:41:38 | 000,126,686 | ---- | M] (Smart Link) MD5=C53775780148884AC87C455489A0C070 -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 21:41:37 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 21:29:36 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) MD5=6DDA78A0BE692B61B668FAB860F276CF -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 11:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=2F625D11385B1A94360BFC70AAEFDEE1 -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 10:43:55 | 000,012,672 | ---- | M] (Microsoft Corporation) MD5=B538DCD9816EA35FA4F637CFC261AAA8 -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2009/09/11 19:19:14 | 000,028,352 | ---- | M] (MusicMatch, Inc.) MD5=A1520761F42DBB06DB7929D6FA9753EA -- C:\WINDOWS\system32\drivers\MxlW2k.sys
[2008/04/13 10:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) MD5=5B50F1B2A2ED47D560577B221DA734DB -- C:\WINDOWS\system32\drivers\nabtsfec.sys
[2008/04/13 11:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 10:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) MD5=7FF1F1FD8609C149AA432F95A8163D97 -- C:\WINDOWS\system32\drivers\ndisip.sys
[2008/04/13 10:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) MD5=1AB3D00C991AB086E69DB84B6C0ED78F -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 10:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=F927A4434C5028758A842943EF1A3849 -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 11:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) MD5=EDC1531A49C80614B2CFDA43CA8659AB -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2008/04/13 10:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) MD5=6215023940CFD3702B46ABC304E1D45A -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 10:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) MD5=5D81CF9A2F1A3A756B66CF684911CDF0 -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 11:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 10:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) MD5=E9E47CFB2D461FA0FC75B7A74C6383EA -- C:\WINDOWS\system32\drivers\nic1394.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=BE984D604D91C217355CDD3737AAD25D -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) MD5=1E421A6BCF2203CC61B821ADA9DE878B -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 10:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) MD5=3182D64AE053D6FB034F44B6DEF8034A -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 11:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 21:41:39 | 000,180,360 | ---- | M] (Smart Link) MD5=576B34CEAE5B7E5D9FD2775E93B3DB53 -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2001/08/18 04:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) MD5=73C1E1F395918BC2C6DD67AF7591A3AD -- C:\WINDOWS\system32\drivers\null.sys
[2004/08/03 21:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) MD5=2B298519EDBFCF451D43E0F1E8F1006D -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2001/08/18 04:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) MD5=B305F3FAD35083837EF46A0BBCE2FC57 -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2001/08/18 04:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) MD5=C99B3415198D1AAB7227F2C88FD664B9 -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) MD5=8B8B1BE2DBA4025DA6786C645F77F123 -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2001/08/18 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) MD5=56D34A67C05E94E16377C60609741FF8 -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2001/08/18 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) MD5=C0BB7D1615E1ACBDC99757F6CEAF8CF0 -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2008/04/13 10:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) MD5=CA33832DF41AFB202EE7AEB05145922F -- C:\WINDOWS\system32\drivers\ohci1394.sys
[2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) MD5=CEC7E2C6C1FA00C7AB2F5434F848AE51 -- C:\WINDOWS\system32\drivers\omci.sys
[2001/08/18 04:00:00 | 000,003,456 | ---- | M] (Microsoft Corporation) MD5=4BB30DDC53EBC76895E38694580CDFE9 -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 10:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) MD5=C90018BAFDC7098619A4A95B046B30F3 -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 10:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) MD5=5575FAF8F97CE5E713D108C2A58D7C7C -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 10:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) MD5=BEB3BA25197665D82EC7065B724171C6 -- C:\WINDOWS\system32\drivers\partmgr.sys
[2001/08/18 04:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) MD5=70E98B3FD8E963A6A46A2E6247E0BEA1 -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 10:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) MD5=A219903CCF74233761D92BEF471A07B1 -- C:\WINDOWS\system32\drivers\pci.sys
[2008/04/13 10:40:29 | 000,024,960 | ---- | M] (Microsoft Corporation) MD5=52E60F29221D0D1AC16737E8DBF7C3E9 -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 10:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) MD5=9E89EF60E9EE05E3F2EEF2DA7397F1C1 -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2008/04/13 11:19:42 | 000,146,048 | ---- | M] (Microsoft Corporation) MD5=E82A496C3961EFC6828B508C310CE98F -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 10:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=A32BEBAF723557681BFC6BD93E98BD26 -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 10:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=09298EC810B07E5D582CB3A3F9255424 -- C:\WINDOWS\system32\drivers\psched.sys
[2001/08/18 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) MD5=80D317BD1C3DBC5D4FE7B1678C60CADD -- C:\WINDOWS\system32\drivers\ptilink.sys
[2006/05/23 13:44:32 | 000,011,520 | ---- | M] (Prevx Limited, http://www.prevx1.com/) MD5=30E4AC7ED64596BAED2C4A809E8D8104 -- C:\WINDOWS\system32\drivers\pxscrmbl.sys
[2001/08/18 04:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 11:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) MD5=11B4A627BC9614B885C4969BFA5FF8A6 -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 10:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) MD5=5BC962F2654137C9909C3D4603587DEE -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 11:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) MD5=EFEEC01B1D3CF84F16DDD24D9D9D8F99 -- C:\WINDOWS\system32\drivers\raspptp.sys
[2001/08/18 04:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) MD5=FDBB1D60066FCFBB7452FD8F9829B242 -- C:\WINDOWS\system32\drivers\raspti.sys
[2001/08/18 04:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) MD5=01524CD237223B18ADBB48F70083F101 -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 11:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) MD5=7AD224AD1A1437FE28D89CF22B17780A -- C:\WINDOWS\system32\drivers\rdbss.sys
[2001/08/18 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 10:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) MD5=15CABD0F7C00C47C70124907916AF3F1 -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 16:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 21:41:39 | 000,013,776 | ---- | M] (Smart Link) MD5=E9AAA0092D74A9D371659C4C38882E12 -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 10:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 10:46:32 | 000,059,136 | ---- | M] (Microsoft Corporation) MD5=851C30DF2807FCFA21E4C681A7D6440E -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=A56FE08EC7473E8580A390BB1081CDD7 -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) MD5=0A854DF84C77A0BE205BFEAB2AE4F0EC -- C:\WINDOWS\system32\drivers\riodrv.sys
[2001/07/18 19:01:38 | 000,067,654 | ---- | M] (Conexant Systems) MD5=4C35E57300A2DC5932A8E29EFA527C32 -- C:\WINDOWS\system32\drivers\rksample.sys
[2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) MD5=96F7A9A7BF0C9C0440A967440065D33C -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 10:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=601844CBCF617FF8C868130CA5B2039D -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 10:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) MD5=726548542AFECA56257FF01EB13BB6D7 -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2001/08/18 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=D8B0B4ADE32574B2D9C5CC34DC0DBBE7 -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2010/03/04 16:13:08 | 000,031,848 | ---- | M] (RapidSolution Software AG) MD5=43110C2A2C5ED32EAD96C440718E4452 -- C:\WINDOWS\system32\drivers\rrnetcap.sys
[2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) MD5=D507C1400284176573224903819FFDA3 -- C:\WINDOWS\system32\drivers\rtl8139.sys
[2004/08/03 21:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) MD5=0DBCC071A268E0340A2BA6BDD98BACE4 -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 10:40:48 | 000,043,904 | ---- | M] (Microsoft Corporation) MD5=B244960E5A1DB8E9D5D17086DE37C1E4 -- C:\WINDOWS\system32\drivers\sbp2port.sys
[2008/04/13 10:40:30 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=76C465F570E90C28942D52CCB2580A10 -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 10:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) MD5=8D04819A3CE51B9EB47E5689B44D43C4 -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 02:25:53 | 000,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=90A3935D05B494A5A39D37E71F09A677 -- C:\WINDOWS\system32\drivers\secdrv.sys
[2001/07/25 15:36:28 | 000,002,619 | ---- | M] (Sensaura Ltd) MD5=BBD0545D7BFB62165815FBD0CB75E28C -- C:\WINDOWS\system32\drivers\sensupgd.sys
[2008/04/13 10:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) MD5=0F29512CCD6BEAD730039FB4BD2C85CE -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 11:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 10:40:47 | 000,011,904 | ---- | M] (Microsoft Corporation) MD5=0FA803C64DF0914B41F807EA276BF2A6 -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 10:40:48 | 000,010,240 | ---- | M] (Microsoft Corporation) MD5=D66D22D76878BF3483A6BE30183FB648 -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 10:40:47 | 000,011,008 | ---- | M] (Microsoft Corporation) MD5=C17C331E435ED8737525C86A7557B3AC -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 10:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) MD5=6B33D0EBD30DB32E27D1D78FE946A754 -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008/04/13 10:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) MD5=866D538EBE33709A5C9F5C62B73B7D14 -- C:\WINDOWS\system32\drivers\slip.sys
[2004/08/03 21:41:40 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 21:41:42 | 000,404,990 | ---- | M] (Smart Link) MD5=2C1779C0FEB1F4A6033600305EBA623A -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 21:41:44 | 000,095,424 | ---- | M] (Smart Link) MD5=F9B8E30E82EE95CF3E1D3E495599B99C -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 21:41:45 | 000,013,240 | ---- | M] (Smart Link) MD5=DB56BB2C55723815CF549D7FC50CFCEB -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 10:36:34 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=895BE38A993B9BD5ABBE570D63D88A2E -- C:\WINDOWS\system32\drivers\smbali.sys
[2001/08/18 04:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) MD5=017DAECF0ED3AA731313433601EC40FA -- C:\WINDOWS\system32\drivers\smclib.sys
[2001/07/25 15:40:30 | 000,438,200 | ---- | M] (Analog Devices, Inc.) MD5=BD3E236281547C681DFC7C947531B726 -- C:\WINDOWS\system32\drivers\smwdm.sys
[2001/07/18 18:58:10 | 000,048,494 | ---- | M] (Conexant Systems) MD5=F270A6CEEEBBAAF8D5633BDA2CA01A60 -- C:\WINDOWS\system32\drivers\soar.sys
[2008/04/13 10:46:07 | 000,025,344 | ---- | M] (Microsoft Corporation) MD5=489703624DAC94ED943C2ABDA022A1CD -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2008/04/13 10:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 10:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2010/08/26 05:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) MD5=0F6AEFAD3641A657E18081F52D0C15AF -- C:\WINDOWS\system32\drivers\srv.sys
[2010/06/17 14:27:24 | 000,028,520 | ---- | M] (Avira GmbH) MD5=A36EE93698802CD899F98BFD553D8185 -- C:\WINDOWS\system32\drivers\ssmdrv.sys
[2004/12/18 19:32:32 | 000,038,229 | ---- | M] (Generic) MD5=1C9EE2C640B6F899CC3D84BCD1EA526F -- C:\WINDOWS\system32\drivers\StMp3Rec.sys
[2008/04/13 09:45:16 | 000,049,408 | ---- | M] (Microsoft Corporation) MD5=3E5D89099DED9E86E5639F411693218F -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 10:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) MD5=77813007BA6265C4B6098187E6ED79D2 -- C:\WINDOWS\system32\drivers\streamip.sys
[2008/04/13 10:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=3941D127AEF12E93ADDF6FE6EE027E0F -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 10:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008/04/13 11:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) MD5=8B83F3ED0F1688B4958F77CD6D2BF290 -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 10:40:50 | 000,014,976 | ---- | M] (Microsoft Corporation) MD5=FD6093E3DECD925F1CFFC8A0DD539D72 -- C:\WINDOWS\system32\drivers\tape.sys
[2010/03/04 16:13:36 | 000,037,920 | ---- | M] (RapidSolution Software AG) MD5=4D46F63F7DDC2442941D63327C360B90 -- C:\WINDOWS\system32\drivers\tbhsd.sys
[2008/06/20 03:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) MD5=4E53BBCC4BE37D7A4BD6EF1098C89FF7 -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 11:00:05 | 000,019,072 | ---- | M] (Microsoft Corporation) MD5=0539D5E53587F82D1B4FD74C5BE205CF -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 16:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 16:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 16:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2001/07/18 19:04:26 | 000,056,607 | ---- | M] (Conexant Systems) MD5=E0F10A379239B4FAB319C55A9CD6BC96 -- C:\WINDOWS\system32\drivers\tonesnt.sys
[2001/08/18 04:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=699450901C5CCFD82357CBC531CEDD23 -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2001/08/18 04:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) MD5=D74A8EC75305F1D3CFDE7C7FC1BD62A9 -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 10:56:01 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=8F861EDA21C05857EB8197300A92501C -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 10:36:40 | 000,044,672 | ---- | M] (Microsoft Corporation) MD5=D85938F272D1BCF3DB3A31FC0A048928 -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 10:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=5787B80C2E3C5E2F56C2A233D91FA2C9 -- C:\WINDOWS\system32\drivers\udfs.sys
[2008/04/13 10:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) MD5=402DDC88356B1BAC0EE3DD1580C76A31 -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=BEE793D4A059CAEA55D6AC20E19B3A8F -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 10:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=B6CC50279D6CD28E090A5D33244ADC9A -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2009/03/05 22:59:00 | 000,036,864 | ---- | M] (Apple, Inc.) MD5=026F7F224F088EE11E383BCA448FFF81 -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) MD5=E919708DB44ED8543A7C017953148330 -- C:\WINDOWS\system32\drivers\USBAUDIO.sys
[2008/04/13 10:45:40 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=1C1A47B40C23358245AA8D0443B6935E -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 10:45:41 | 000,025,728 | ---- | M] (Microsoft Corporation) MD5=CE97845D2E3F0D274B8BAC1ED07C6149 -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 10:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) MD5=173F317CE0DB8E21322E71B7E60A27E8 -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2001/08/17 14:03:02 | 000,004,736 | ---- | M] (Microsoft Corporation) MD5=596EB39B50D6EBD9B734DC4AE0544693 -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 10:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=65DCF09D0E37D4C6B11B5B0B76D470A7 -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 10:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) MD5=1AB3CDDE553B6E064D2E754EFE20285C -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 10:45:43 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=290913DC4F1125E5A82DE52579A44C43 -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 10:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) MD5=0DAECCE65366EA32B162F85F07C6753B -- C:\WINDOWS\system32\drivers\usbohci.sys
[2008/04/13 10:45:36 | 000,143,872 | ---- | M] (Microsoft Corporation) MD5=791912E524CC2CC6F50B5F2B52D1EB71 -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 10:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 10:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 10:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 10:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) MD5=26496F9DEE2D787FC3E61AD54821FFE6 -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 10:46:20 | 000,121,984 | ---- | M] (Microsoft Corporation) MD5=63BBFCA7F390F4C49ED4B96BFB1633E0 -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2001/07/18 19:01:20 | 000,534,125 | ---- | M] (Conexant Systems) MD5=177B65899D418F8C8F037B20567A99D6 -- C:\WINDOWS\system32\drivers\v124nt.sys
[2001/11/21 17:09:00 | 000,081,796 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=ACC6028A7C251080C98C39C180355D37 -- C:\WINDOWS\system32\drivers\V4CB0109.SYS
[2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\V4CB010B.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB010F.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB0111.SYS
[2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\V4CB0113.SYS
[2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\V4CB0115.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB0117.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB0119.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB011B.SYS
[2002/05/07 05:44:04 | 000,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=C05D16C1EF3F5519764FEFDF281CA4D2 -- C:\WINDOWS\system32\drivers\V4CB011D.SYS
[2001/11/24 13:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) MD5=4372398A6AE42586EB1C6533DD3B575D -- C:\WINDOWS\system32\drivers\VC4CB104.SYS
[2001/08/18 04:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) MD5=55E01061C74A8CEFFF58DC36114A8D3F -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 10:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=0D3A8FAFCEACD8B7625CD549757A7DF1 -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 10:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=754292CE5848B3738281B4F3607EAEF4 -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 10:44:40 | 000,081,664 | ---- | M] (Microsoft Corporation) MD5=E28726B72C46821A28830E077D39A55B -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 10:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2008/04/13 10:43:55 | 000,014,208 | ---- | M] (Microsoft Corporation) MD5=ACED8C149B30F8496C237BCBA3727B48 -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 21:29:38 | 000,011,807 | ---- | M] (Intel(R) Corporation) MD5=0308AEF61941E4AF478FA1A0F83812F5 -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 21:29:39 | 000,011,295 | ---- | M] (Intel(R) Corporation) MD5=714038A8AA5DE08E12062202CD7EAEB5 -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 21:29:40 | 000,011,871 | ---- | M] (Intel(R) Corporation) MD5=7BB3AA595E4507A788DE1CDC63F4C8C4 -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 21:29:40 | 000,011,935 | ---- | M] (Intel(R) Corporation) MD5=36E6C405B6143D09687F4056FD9A0D10 -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 10:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) MD5=E20B95BAEDB550F32DD489265C1DA1F6 -- C:\WINDOWS\system32\drivers\wanarp.sys
[2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) MD5=0A716C08CB13C3A8F4F51E882DBF7416 -- C:\WINDOWS\system32\drivers\wanatw4.sys
[2004/08/03 21:29:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) MD5=352FA0E98BC461CE1CE5D41F64DB558D -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 21:29:45 | 000,025,471 | ---- | M] (Intel(R) Corporation) MD5=791CC45DE6E50445BE72E8AD6401FF45 -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2006/11/02 06:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) MD5=FD47474BD21794508AF449D9D91AF6E6 -- C:\WINDOWS\system32\drivers\wdf01000.sys
[2006/11/02 06:22:52 | 000,032,224 | ---- | M] (Microsoft Corporation) MD5=DED98A3E466251CCAB93D579144B048C -- C:\WINDOWS\system32\drivers\wdfldr.sys
[2008/04/13 11:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) MD5=6768ACF64B18196494413695F0C3A00F -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2001/08/18 04:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) MD5=2F31B7F954BED437F2C75026C65CAF7B -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) MD5=CF4DEF1BF66F06964DC0D91844239104 -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2001/08/18 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2008/04/13 10:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) MD5=C98B39829C2BBD34E454150633C62C78 -- C:\WINDOWS\system32\drivers\wstcodec.sys
[2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) MD5=F15FEAFFFBB3644CCC80C5DA584E6311 -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=28B524262BCE6DE1F7EF9F510BA3985B -- C:\WINDOWS\system32\drivers\WudfRd.sys

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 16:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 16:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 16:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< >

< End of report >
 
Redirect Problems in San Jose, CA

I increased the paging file as instructed and RootRepeal still hung while initializing. I let it sit more than an hour and finally got another message saying low on virtual memory. I increased each value by 1000 and tried again and it still hung. Can I make it bigger still?

Thanks!

jack
 
Hello Jack :),

Please hang in there. I would like to seek some second opinions and get back to you soon. Thanks.

For the paging file, please keep to the figures I provided.
 
Hello Jack :),

How are you connecting to the Internet? By router? May I know the brand and model?
 
Hi Jack and/or Jill.

An easy one. I have a DSL connection and use an Actiontec DSL Gateway modem and a Netgear Range Max wireless modem for the rest of the house. The machine we're working on is connected by wire directly to the modem.

Best,

jack
 
You must log in or register to reply here.
Back
Top