Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trying this after redirect fix failed


  • Please log in to reply

#1
Eee PC 58

Eee PC 58

    New Member

  • Member
  • Pip
  • 6 posts
I have been having redirect trouble on my computer I tried the google redirect fix on this site and it did not fix things so I am trying this my log from OTL is posted below. Thanks to anyone in advance if you can help me. my next step is a new computer if this does not work.

OTL logfile created on: 12/22/2011 2:51:44 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 207.81 Mb Available Physical Memory | 20.49% Memory free
2.38 Gb Paging File | 1.63 Gb Available in Paging File | 68.38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.01 Gb Total Space | 4.13 Gb Free Space | 8.10% Space Free | Partition Type: NTFS
Drive D: | 51.01 Gb Total Space | 50.21 Gb Free Space | 98.43% Space Free | Partition Type: NTFS

Computer Name: ACER-47CBE8A5ED | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 02:49:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
PRC - [2011/12/22 01:52:52 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\David\Local Settings\Temp\RtkBtMnt.exe
PRC - [2011/11/20 22:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/19 09:11:09 | 001,698,744 | ---- | M] (MusicLab, LLC) -- C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2011/08/19 14:39:42 | 000,197,464 | ---- | M] (Speeding Software Inc) -- C:\Program Files\SpeedyComputer\SPPCSmartScan.exe
PRC - [2011/08/19 14:39:20 | 000,218,456 | ---- | M] (Speeding Software Inc) -- C:\Program Files\SpeedyComputer\SPPCReminder.exe
PRC - [2010/07/29 08:09:34 | 001,923,920 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\MobiLink3\MobiLink3.exe
PRC - [2010/07/22 10:40:22 | 000,091,984 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/07/12 11:36:40 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2007/07/04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/06/14 12:21:00 | 000,850,704 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/05/28 15:56:16 | 000,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/04/27 18:10:00 | 000,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/27 18:10:00 | 000,105,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/04/27 18:10:00 | 000,084,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/04/27 18:09:00 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/02 11:25:08 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2007/03/01 18:21:52 | 000,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2005/05/19 14:48:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2003/09/12 01:49:20 | 000,290,816 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
PRC - [2002/10/07 00:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
PRC - [2002/06/17 06:41:23 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [1996/11/17 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
PRC - [1996/11/17 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/06 08:32:33 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/20 22:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 12:02:12 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a4a01a06\mscorlib.dll
MOD - [2011/10/13 12:02:07 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_43aada20\system.drawing.dll
MOD - [2011/10/13 12:01:57 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1078a60e\system.xml.dll
MOD - [2011/10/13 12:01:50 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_23aeee7a\system.windows.forms.dll
MOD - [2011/10/13 12:01:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5c193278\system.dll
MOD - [2011/10/13 12:01:23 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/07/22 10:40:32 | 000,077,648 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\NvtlGps.dll
MOD - [2010/07/22 10:40:26 | 000,050,000 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\NvtlFile.dll
MOD - [2010/07/22 10:40:26 | 000,034,640 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\NvtlEnc.dll
MOD - [2010/07/22 10:40:24 | 000,248,144 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\NvtlConn.dll
MOD - [2010/07/22 10:40:24 | 000,086,352 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\NvtlActv.dll
MOD - [2010/07/22 10:40:22 | 000,091,984 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
MOD - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2009/11/19 10:26:12 | 002,174,976 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2009/11/19 10:18:16 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2009/11/19 10:14:38 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2009/11/19 10:14:38 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2009/11/19 10:14:38 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/19 10:14:36 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2009/03/20 10:07:54 | 007,497,216 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\QtGui4.dll
MOD - [2009/03/20 10:07:54 | 002,070,016 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\QtCore4.dll
MOD - [2009/03/20 10:07:54 | 001,474,048 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\QtXmlPatterns4.dll
MOD - [2009/03/20 10:07:54 | 000,872,960 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\QtNetwork4.dll
MOD - [2009/03/20 10:07:54 | 000,319,488 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\QtXml4.dll
MOD - [2009/03/20 10:07:54 | 000,120,832 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\Imageformats\qjpeg4.dll
MOD - [2009/03/20 10:07:54 | 000,026,112 | ---- | M] () -- C:\Program Files\Novatel Wireless\MobiLink3\Imageformats\qico4.dll
MOD - [2007/08/07 15:47:46 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/08/07 15:47:46 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/08/07 15:47:46 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2007/08/07 15:47:46 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2007/08/07 15:47:46 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2007/08/07 15:47:44 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/07/31 10:45:30 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
MOD - [2007/07/04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2007/06/14 12:22:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
MOD - [2007/05/28 15:30:30 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
MOD - [2007/04/27 18:08:00 | 000,009,376 | ---- | M] () -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc
MOD - [2005/10/20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005/05/19 14:48:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
MOD - [2002/10/09 10:08:54 | 000,122,880 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll
MOD - [2002/10/07 00:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
MOD - [2002/04/17 10:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
MOD - [1996/11/17 00:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1996/11/17 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
MOD - [1996/11/17 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Win32 Services (SafeList) ==========

SRV - [2010/07/22 10:40:22 | 000,091,984 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/02/29 17:43:18 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/04/27 18:10:00 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2007/04/27 18:10:00 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/04/27 18:10:00 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/04/27 18:10:00 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/04/27 18:10:00 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/04/27 18:10:00 | 000,105,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/04/27 18:09:00 | 000,048,272 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/04/27 18:09:00 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2007/04/27 18:08:00 | 000,079,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/01 18:21:52 | 000,024,576 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2005/05/19 14:48:34 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)


========== Driver Services (SafeList) ==========

DRV - [2011/11/15 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/20 20:29:58 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20111103.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2011/10/18 06:41:26 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111208.001\navex15.sys -- (NAVEX15)
DRV - [2011/10/18 06:41:26 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111208.001\naveng.sys -- (NAVENG)
DRV - [2010/07/22 10:40:36 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2010/06/10 11:14:54 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
DRV - [2010/06/10 11:14:54 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
DRV - [2010/06/10 11:14:54 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
DRV - [2010/06/08 12:35:44 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/05/24 07:40:14 | 000,120,832 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWRmNet.sys -- (NWRmNet)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/08/03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 18:07:10 | 000,035,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/22 18:56:07 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/07/31 10:43:44 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/07/31 10:43:44 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2007/07/31 10:43:42 | 000,014,120 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2007/05/30 21:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/02 04:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/05/01 21:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/27 18:10:00 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/22 12:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 12:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 12:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/19 14:48:24 | 000,070,016 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearsh...systemid=2&sr=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...q={searchTerms}
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.4.1.00
FF - prefs.js..keyword.URL: "http://search.bearsh...emid=2&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 02:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/05 21:30:38 | 000,000,000 | ---D | M]

[2011/10/29 21:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2011/12/07 12:44:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions
[2011/04/11 21:37:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/07 12:44:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/07 08:20:40 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\searchplugins\bing.xml
[2011/12/22 02:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/22 02:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/12/22 02:19:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/20 22:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/29 21:24:01 | 000,002,526 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/20 19:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/22 01:42:57 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SearchCore for Browsers) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (MusicLab, LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [HPWITOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Mobilink3] File not found
O4 - HKCU..\Run: [SpeedyComputer] C:\Program Files\SpeedyComputer\SPPCLauncher.exe ()
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.161.2.135 142.161.130.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0B5C276-BA00-4A07-BD3D-0E8D391A9CD2}: DhcpNameServer = 142.161.2.135 142.161.130.135
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c46b6588-9b79-11df-9fb0-001d7215b66c}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{c46b6588-9b79-11df-9fb0-001d7215b66c}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/22 02:49:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011/12/22 01:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\tdsskiller
[2011/12/22 01:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\GooredFix Backups
[2011/12/22 01:55:44 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\David\Desktop\GooredFix.exe
[2011/12/22 01:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Start Menu\Programs\CyberLink PowerDVD
[2011/12/22 01:42:47 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/12/22 01:42:01 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTM.exe
[2011/12/22 01:41:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/22 01:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/22 01:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/22 01:34:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\David\Desktop\erunt-setup.exe
[2011/12/22 01:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\SpeedyComputer
[2011/12/22 01:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpeedyComputer
[2011/12/22 01:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyComputer
[2011/12/14 13:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\edie dec 10th 11
[2011/12/07 17:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Google
[2011/12/07 17:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/12/07 17:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/12/07 17:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/07 17:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Google
[2008/02/29 18:30:13 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2008/02/29 18:28:02 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2008/02/29 18:28:02 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe

========== Files - Modified Within 30 Days ==========

[2011/12/22 02:49:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011/12/22 02:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/22 02:19:37 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/22 02:19:37 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/22 01:58:35 | 001,557,791 | ---- | M] () -- C:\Documents and Settings\David\Desktop\tdsskiller.zip
[2011/12/22 01:55:44 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\David\Desktop\GooredFix.exe
[2011/12/22 01:53:19 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/12/22 01:53:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/12/22 01:51:40 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/22 01:51:32 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\Svbtcduzyu.job
[2011/12/22 01:51:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/22 01:50:59 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 01:42:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/22 01:42:06 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTM.exe
[2011/12/22 01:40:55 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/22 01:40:48 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\David\Desktop\NTREGOPT.lnk
[2011/12/22 01:40:48 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\David\Desktop\ERUNT.lnk
[2011/12/22 01:37:42 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/22 01:34:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\David\Desktop\erunt-setup.exe
[2011/12/22 01:27:13 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SpeedyComputer.lnk
[2011/12/22 00:37:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/20 15:31:32 | 004,845,568 | -H-- | M] () -- C:\ffastun0.ffx
[2011/12/20 15:31:32 | 001,794,048 | -H-- | M] () -- C:\ffastun.ffl
[2011/12/20 15:31:32 | 000,471,040 | -H-- | M] () -- C:\ffastun.ffo
[2011/12/20 15:31:32 | 000,004,838 | -H-- | M] () -- C:\ffastun.ffa
[2011/12/19 14:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/14 14:05:08 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 13:59:28 | 003,273,792 | ---- | M] () -- C:\Documents and Settings\David\Desktop\5135a.jpg
[2011/12/07 17:46:48 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/07 17:37:19 | 000,001,795 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/24 13:12:34 | 000,000,583 | ---- | M] () -- C:\WINDOWS\CANCD.INI

========== Files Created - No Company Name ==========

[2011/12/22 02:19:37 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/22 02:19:37 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/22 02:19:36 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/22 01:58:20 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\David\Desktop\tdsskiller.zip
[2011/12/22 01:40:55 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/12/22 01:40:48 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\David\Desktop\NTREGOPT.lnk
[2011/12/22 01:40:48 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\David\Desktop\ERUNT.lnk
[2011/12/22 01:27:13 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SpeedyComputer.lnk
[2011/12/14 13:59:23 | 003,273,792 | ---- | C] () -- C:\Documents and Settings\David\Desktop\5135a.jpg
[2011/12/07 17:46:48 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/07 17:37:19 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/07 17:37:19 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/07 17:30:49 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/07 17:30:47 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/05 09:54:28 | 000,094,720 | RHS- | C] () -- C:\WINDOWS\System32\xpsp2resq.dll
[2010/12/16 18:20:20 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2010/08/23 21:27:57 | 000,000,130 | ---- | C] () -- C:\WINDOWS\CLASSIC2.INI
[2010/08/23 21:27:57 | 000,000,091 | ---- | C] () -- C:\WINDOWS\WSIMFARM.INI
[2010/05/05 06:59:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2009/08/30 09:44:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\SWIFTREC.INI
[2009/08/17 13:52:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/10/28 22:38:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/09 11:35:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\scrub2k.exe
[2008/05/09 11:35:30 | 000,000,126 | ---- | C] () -- C:\WINDOWS\hpw9600k.ini
[2008/05/09 11:34:04 | 000,014,885 | ---- | C] () -- C:\WINDOWS\hpdj9600.ini
[2008/03/18 11:06:49 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2008/03/16 08:24:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LxrSII1s.exe
[2008/03/16 08:23:59 | 000,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/03/16 08:23:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LxrUnplug.exe
[2008/03/12 13:40:46 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4O.DLL
[2008/03/03 14:54:11 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/03/03 14:50:18 | 000,000,583 | ---- | C] () -- C:\WINDOWS\CANCD.INI
[2008/03/03 14:23:18 | 000,001,344 | ---- | C] () -- C:\WINDOWS\System32\odbcinst.ini
[2008/03/03 14:21:58 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[2008/03/03 14:21:57 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\Regobj.DLL
[2008/03/02 14:39:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/02 11:43:53 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/01 14:13:53 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/01 14:13:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2008/02/29 18:30:41 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2008/02/29 18:29:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll
[2008/02/29 18:28:02 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2008/02/29 18:27:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\fusioncache.dat
[2008/02/29 18:15:15 | 000,000,039 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/08/07 17:40:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/07 17:40:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/08/07 16:49:16 | 000,490,540 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/08/07 16:49:16 | 000,090,470 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/08/07 16:44:08 | 000,338,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/07 15:43:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2007/08/07 15:43:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2007/08/07 15:43:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2007/08/07 15:43:20 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007/06/05 17:24:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007/06/05 16:48:58 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/28 15:56:14 | 001,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2007/05/28 15:55:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007/05/28 15:54:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2007/03/22 20:59:10 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2007/01/04 15:10:22 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2006/08/28 20:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006/08/01 16:02:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/03/10 15:18:16 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/03 19:43:28 | 000,034,818 | ---- | C] () -- C:\WINDOWS\System32\st32w2k.dll
[2005/05/03 19:43:28 | 000,034,817 | ---- | C] () -- C:\WINDOWS\System32\suaswun.dll
[2004/08/17 14:22:26 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/17 14:19:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 21:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/14 14:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLaunch.exe
[2003/11/24 16:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003/11/24 16:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2003/09/12 01:32:54 | 000,001,363 | ---- | C] () -- C:\WINDOWS\hpwmdl01.dat
[2003/09/12 01:32:54 | 000,000,252 | ---- | C] () -- C:\WINDOWS\hpwins01.dat
[2002/09/13 14:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/13 14:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/12/26 17:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/10/29 21:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\362CE
[2011/10/29 21:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/03/12 13:40:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/29 19:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/10/10 14:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2008/02/29 17:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/11/05 21:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\bsbandmltbpi
[2008/10/28 06:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\MSNInstaller
[2011/12/22 01:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SpeedyComputer
[2011/12/22 01:51:32 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\Tasks\Svbtcduzyu.job
[2011/12/22 01:53:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.4.1.00
[2011/12/07 12:44:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/07 08:20:40 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\searchplugins\bing.xml
[2011/12/22 02:19:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SearchCore for Browsers) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (MusicLab, LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKCU..\Run: [Mobilink3] File not found
O4 - HKCU..\Run: [SpeedyComputer] C:\Program Files\SpeedyComputer\SPPCLauncher.exe ()
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (MusicLab, LLC)
[2011/12/22 01:51:32 | 000,000,310 | -HS- | M] () -- C:\WINDOWS\tasks\Svbtcduzyu.job
[2011/11/05 09:54:28 | 000,094,720 | RHS- | C] () -- C:\WINDOWS\System32\xpsp2resq.dll

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
  
:Commands
[RESETHOSTS]
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
Eee PC 58

Eee PC 58

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I did the first step and it seams to have fixed the redirect for now I will post the log and try the next step with the malwarebytes. If i am slow at getting back to the form it is only because of the Christmas season but I am very thankful for the help so far and I will follow through with this to the end.
Thank you again
========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 removed from extensions.enabledItems
Prefs.js: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.4.1.00 removed from extensions.enabledItems
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .
File move failed. C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mobilink3 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpeedyComputer deleted successfully.
C:\Program Files\SpeedyComputer\SPPCLauncher.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YSearchProtection deleted successfully.
C:\Program Files\Yahoo!\Search Protection\YspService.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{BBF74FB9-ABCD-4678-880A-2511DAABB5E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBF74FB9-ABCD-4678-880A-2511DAABB5E1}\ not found.
C:\Program Files\Yahoo!\Search Protection\ysp.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll not found.
C:\WINDOWS\tasks\Svbtcduzyu.job moved successfully.
C:\WINDOWS\system32\xpsp2resq.dll moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\David\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\David\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\David\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\David\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\David\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\David\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\David\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\David\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: David
->Flash cache emptied: 456 bytes

User: david B

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: David
->Java cache emptied: 0 bytes

User: david B
->Java cache emptied: 0 bytes
  • 0

#4
Eee PC 58

Eee PC 58

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
well my computer is running better now and will now try and post the logs from all of the scans I ran.
I am not sure if these are in the right order but I think it is all of them.
Thank you again for your help.
16:36:28.0515 5532 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:36:30.0515 5532 ============================================================
16:36:30.0515 5532 Current date / time: 2011/12/23 16:36:30.0515
16:36:30.0515 5532 SystemInfo:
16:36:30.0515 5532
16:36:30.0515 5532 OS Version: 5.1.2600 ServicePack: 3.0
16:36:30.0515 5532 Product type: Workstation
16:36:30.0515 5532 ComputerName: ACER-47CBE8A5ED
16:36:30.0515 5532 UserName: David
16:36:30.0515 5532 Windows directory: C:\WINDOWS
16:36:30.0515 5532 System windows directory: C:\WINDOWS
16:36:30.0515 5532 Processor architecture: Intel x86
16:36:30.0515 5532 Number of processors: 2
16:36:30.0515 5532 Page size: 0x1000
16:36:30.0515 5532 Boot type: Normal boot
16:36:30.0515 5532 ============================================================
16:36:30.0843 5532 Initialize success
16:36:34.0546 6136 ============================================================
16:36:34.0546 6136 Scan started
16:36:34.0546 6136 Mode: Manual;
16:36:34.0546 6136 ============================================================
16:36:34.0796 6136 Abiosdsk - ok
16:36:34.0859 6136 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:36:34.0859 6136 abp480n5 - ok
16:36:34.0906 6136 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:36:34.0906 6136 ACPI - ok
16:36:34.0921 6136 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:36:34.0921 6136 ACPIEC - ok
16:36:34.0937 6136 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:36:34.0937 6136 adpu160m - ok
16:36:34.0984 6136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:36:34.0984 6136 aec - ok
16:36:35.0078 6136 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:36:35.0078 6136 AFD - ok
16:36:35.0140 6136 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
16:36:35.0140 6136 AFS2K - ok
16:36:35.0187 6136 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:36:35.0187 6136 agp440 - ok
16:36:35.0265 6136 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:36:35.0265 6136 agpCPQ - ok
16:36:35.0296 6136 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:36:35.0296 6136 Aha154x - ok
16:36:35.0328 6136 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:36:35.0328 6136 aic78u2 - ok
16:36:35.0343 6136 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:36:35.0343 6136 aic78xx - ok
16:36:35.0359 6136 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:36:35.0359 6136 AliIde - ok
16:36:35.0390 6136 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:36:35.0390 6136 alim1541 - ok
16:36:35.0406 6136 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:36:35.0406 6136 amdagp - ok
16:36:35.0421 6136 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:36:35.0421 6136 amsint - ok
16:36:35.0484 6136 AR5211 (6d5f95602b8d0d994d31a864872b38ef) C:\WINDOWS\system32\DRIVERS\ar5211.sys
16:36:35.0484 6136 AR5211 - ok
16:36:35.0593 6136 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:36:35.0593 6136 Arp1394 - ok
16:36:35.0656 6136 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:36:35.0656 6136 asc - ok
16:36:35.0671 6136 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:36:35.0671 6136 asc3350p - ok
16:36:35.0687 6136 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:36:35.0687 6136 asc3550 - ok
16:36:35.0750 6136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:36:35.0750 6136 AsyncMac - ok
16:36:35.0781 6136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:36:35.0781 6136 atapi - ok
16:36:35.0796 6136 Atdisk - ok
16:36:35.0843 6136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:36:35.0843 6136 Atmarpc - ok
16:36:35.0906 6136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:36:35.0906 6136 audstub - ok
16:36:35.0968 6136 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:36:35.0968 6136 b57w2k - ok
16:36:36.0031 6136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:36:36.0031 6136 Beep - ok
16:36:36.0093 6136 catchme - ok
16:36:36.0171 6136 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:36:36.0171 6136 cbidf - ok
16:36:36.0218 6136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:36:36.0218 6136 cbidf2k - ok
16:36:36.0265 6136 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:36:36.0265 6136 CCDECODE - ok
16:36:36.0281 6136 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:36:36.0281 6136 cd20xrnt - ok
16:36:36.0312 6136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:36:36.0312 6136 Cdaudio - ok
16:36:36.0406 6136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:36:36.0406 6136 Cdfs - ok
16:36:36.0437 6136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:36:36.0437 6136 Cdrom - ok
16:36:36.0453 6136 Changer - ok
16:36:36.0484 6136 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:36:36.0484 6136 CmBatt - ok
16:36:36.0593 6136 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:36:36.0625 6136 CmdIde - ok
16:36:36.0812 6136 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:36:36.0828 6136 Compbatt - ok
16:36:36.0843 6136 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:36:36.0843 6136 Cpqarray - ok
16:36:36.0875 6136 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:36:36.0875 6136 dac2w2k - ok
16:36:36.0890 6136 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:36:36.0890 6136 dac960nt - ok
16:36:36.0921 6136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:36:36.0921 6136 Disk - ok
16:36:36.0953 6136 DKbFltr (060db81dfb79c8244eb65d10b6c7873f) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
16:36:36.0953 6136 DKbFltr - ok
16:36:37.0062 6136 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:36:37.0062 6136 dmboot - ok
16:36:37.0156 6136 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:36:37.0156 6136 dmio - ok
16:36:37.0187 6136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:36:37.0187 6136 dmload - ok
16:36:37.0250 6136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:36:37.0250 6136 DMusic - ok
16:36:37.0265 6136 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:36:37.0265 6136 dpti2o - ok
16:36:37.0296 6136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:36:37.0296 6136 drmkaud - ok
16:36:37.0406 6136 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:36:37.0406 6136 eeCtrl - ok
16:36:37.0453 6136 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:36:37.0453 6136 EraserUtilRebootDrv - ok
16:36:37.0578 6136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:36:37.0578 6136 Fastfat - ok
16:36:37.0609 6136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:36:37.0625 6136 Fdc - ok
16:36:37.0656 6136 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
16:36:37.0656 6136 FETNDIS - ok
16:36:37.0687 6136 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:36:37.0687 6136 Fips - ok
16:36:37.0718 6136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:36:37.0718 6136 Flpydisk - ok
16:36:37.0843 6136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:36:37.0843 6136 FltMgr - ok
16:36:37.0890 6136 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:36:37.0890 6136 fssfltr - ok
16:36:37.0937 6136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:36:37.0937 6136 Fs_Rec - ok
16:36:37.0953 6136 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:36:37.0953 6136 Ftdisk - ok
16:36:37.0968 6136 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
16:36:37.0968 6136 gagp30kx - ok
16:36:38.0015 6136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:36:38.0015 6136 Gpc - ok
16:36:38.0109 6136 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:36:38.0109 6136 HDAudBus - ok
16:36:38.0140 6136 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:36:38.0140 6136 HidUsb - ok
16:36:38.0171 6136 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:36:38.0171 6136 hpn - ok
16:36:38.0218 6136 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:36:38.0218 6136 HSFHWAZL - ok
16:36:38.0281 6136 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:36:38.0281 6136 HSF_DPV - ok
16:36:38.0421 6136 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:36:38.0437 6136 HTTP - ok
16:36:38.0484 6136 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:36:38.0484 6136 i2omgmt - ok
16:36:38.0500 6136 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:36:38.0500 6136 i2omp - ok
16:36:38.0515 6136 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:36:38.0515 6136 i8042prt - ok
16:36:38.0750 6136 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:36:38.0796 6136 ialm - ok
16:36:38.0906 6136 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:36:38.0906 6136 iaStor - ok
16:36:38.0953 6136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:36:38.0953 6136 Imapi - ok
16:36:38.0984 6136 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:36:38.0984 6136 ini910u - ok
16:36:39.0031 6136 int15 (f8f75594c17fe7bce1b4045bb7199868) C:\WINDOWS\system32\drivers\int15.sys
16:36:39.0031 6136 int15 - ok
16:36:39.0281 6136 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:36:39.0312 6136 IntcAzAudAddService - ok
16:36:39.0421 6136 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:36:39.0421 6136 IntelIde - ok
16:36:39.0453 6136 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:36:39.0453 6136 intelppm - ok
16:36:39.0500 6136 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:36:39.0500 6136 Ip6Fw - ok
16:36:39.0578 6136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:36:39.0578 6136 IpFilterDriver - ok
16:36:39.0625 6136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:36:39.0625 6136 IpInIp - ok
16:36:39.0671 6136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:36:39.0671 6136 IpNat - ok
16:36:39.0718 6136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:36:39.0718 6136 IPSec - ok
16:36:39.0781 6136 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
16:36:39.0781 6136 irda - ok
16:36:39.0796 6136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:36:39.0796 6136 IRENUM - ok
16:36:39.0828 6136 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:36:39.0828 6136 isapnp - ok
16:36:39.0859 6136 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:36:39.0859 6136 Kbdclass - ok
16:36:39.0906 6136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:36:39.0906 6136 kmixer - ok
16:36:39.0953 6136 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:36:39.0953 6136 KSecDD - ok
16:36:40.0000 6136 lbrtfdc - ok
16:36:40.0062 6136 LxrSII1d (db7f488269290a8c1907602b7f4c213d) C:\WINDOWS\system32\Drivers\LxrSII1d.sys
16:36:40.0062 6136 LxrSII1d - ok
16:36:40.0109 6136 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
16:36:40.0109 6136 MBAMProtector - ok
16:36:40.0125 6136 MBAMSwissArmy - ok
16:36:40.0171 6136 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:36:40.0171 6136 mdmxsdk - ok
16:36:40.0234 6136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:36:40.0234 6136 mnmdd - ok
16:36:40.0328 6136 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:36:40.0343 6136 Modem - ok
16:36:40.0375 6136 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:36:40.0375 6136 Mouclass - ok
16:36:40.0421 6136 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:36:40.0421 6136 mouhid - ok
16:36:40.0484 6136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:36:40.0484 6136 MountMgr - ok
16:36:40.0562 6136 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:36:40.0562 6136 mraid35x - ok
16:36:40.0578 6136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:36:40.0578 6136 MRxDAV - ok
16:36:40.0625 6136 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:36:40.0640 6136 MRxSmb - ok
16:36:40.0656 6136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:36:40.0656 6136 Msfs - ok
16:36:40.0687 6136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:36:40.0687 6136 MSKSSRV - ok
16:36:40.0765 6136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:36:40.0765 6136 MSPCLOCK - ok
16:36:40.0828 6136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:36:40.0828 6136 MSPQM - ok
16:36:40.0843 6136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:36:40.0843 6136 mssmbios - ok
16:36:40.0875 6136 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:36:40.0875 6136 MSTEE - ok
16:36:40.0921 6136 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:36:40.0921 6136 Mup - ok
16:36:41.0000 6136 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:36:41.0000 6136 NABTSFEC - ok
16:36:41.0140 6136 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111223.002\NAVENG.SYS
16:36:41.0140 6136 NAVENG - ok
16:36:41.0218 6136 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111223.002\NAVEX15.SYS
16:36:41.0218 6136 NAVEX15 - ok
16:36:41.0343 6136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:36:41.0343 6136 NDIS - ok
16:36:41.0359 6136 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:36:41.0359 6136 NdisIP - ok
16:36:41.0390 6136 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:36:41.0390 6136 NdisTapi - ok
16:36:41.0406 6136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:36:41.0406 6136 Ndisuio - ok
16:36:41.0640 6136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:36:41.0640 6136 NdisWan - ok
16:36:41.0812 6136 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:36:41.0828 6136 NDProxy - ok
16:36:42.0140 6136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:36:42.0140 6136 NetBIOS - ok
16:36:42.0343 6136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:36:42.0343 6136 NetBT - ok
16:36:42.0500 6136 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:36:42.0500 6136 NIC1394 - ok
16:36:42.0562 6136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:36:42.0562 6136 Npfs - ok
16:36:42.0937 6136 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
16:36:42.0937 6136 NSCIRDA - ok
16:36:43.0218 6136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:36:43.0218 6136 Ntfs - ok
16:36:43.0468 6136 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
16:36:43.0468 6136 NTIDrvr - ok
16:36:43.0718 6136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:36:43.0718 6136 Null - ok
16:36:43.0906 6136 NWADI (c83766c4a147159254ff16f1a6c9dc6e) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
16:36:43.0921 6136 NWADI - ok
16:36:43.0968 6136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:36:43.0968 6136 NwlnkFlt - ok
16:36:44.0015 6136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:36:44.0015 6136 NwlnkFwd - ok
16:36:44.0109 6136 NWRmNet (cf2ad06d888b8a45da86cef7d2458601) C:\WINDOWS\system32\DRIVERS\NWRmNet.sys
16:36:44.0109 6136 NWRmNet - ok
16:36:44.0156 6136 NWUSBModem_000 (a880714fa83f46e3a564f50b2a4f2bd8) C:\WINDOWS\system32\DRIVERS\nwusbmdm_000.sys
16:36:44.0156 6136 NWUSBModem_000 - ok
16:36:44.0171 6136 NWUSBPort2_000 (a880714fa83f46e3a564f50b2a4f2bd8) C:\WINDOWS\system32\DRIVERS\nwusbser2_000.sys
16:36:44.0171 6136 NWUSBPort2_000 - ok
16:36:44.0187 6136 NWUSBPort_000 (a880714fa83f46e3a564f50b2a4f2bd8) C:\WINDOWS\system32\DRIVERS\nwusbser_000.sys
16:36:44.0187 6136 NWUSBPort_000 - ok
16:36:44.0234 6136 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:36:44.0234 6136 ohci1394 - ok
16:36:44.0359 6136 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:36:44.0359 6136 Parport - ok
16:36:44.0375 6136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:36:44.0375 6136 PartMgr - ok
16:36:44.0406 6136 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:36:44.0406 6136 ParVdm - ok
16:36:44.0453 6136 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
16:36:44.0453 6136 PCASp50 - ok
16:36:44.0484 6136 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:36:44.0484 6136 PCI - ok
16:36:44.0562 6136 PCIDump - ok
16:36:44.0578 6136 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:36:44.0578 6136 PCIIde - ok
16:36:44.0625 6136 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:36:44.0625 6136 Pcmcia - ok
16:36:44.0640 6136 PDCOMP - ok
16:36:44.0656 6136 PDFRAME - ok
16:36:44.0671 6136 PDRELI - ok
16:36:44.0687 6136 PDRFRAME - ok
16:36:44.0703 6136 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:36:44.0703 6136 perc2 - ok
16:36:44.0718 6136 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:36:44.0718 6136 perc2hib - ok
16:36:44.0765 6136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:36:44.0765 6136 PptpMiniport - ok
16:36:44.0796 6136 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:36:44.0796 6136 Processor - ok
16:36:44.0812 6136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:36:44.0812 6136 PSched - ok
16:36:44.0859 6136 psdfilter (32338659e9da79055406f2157cd0e1df) C:\WINDOWS\system32\Drivers\psdfilter.sys
16:36:44.0875 6136 psdfilter - ok
16:36:44.0953 6136 psdvdisk (4c7947014674df40b7af52342a9157d0) C:\WINDOWS\system32\Drivers\psdvdisk.sys
16:36:44.0953 6136 psdvdisk - ok
16:36:45.0000 6136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:36:45.0000 6136 Ptilink - ok
16:36:45.0031 6136 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:36:45.0031 6136 ql1080 - ok
16:36:45.0031 6136 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:36:45.0046 6136 Ql10wnt - ok
16:36:45.0062 6136 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:36:45.0062 6136 ql12160 - ok
16:36:45.0078 6136 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:36:45.0078 6136 ql1240 - ok
16:36:45.0093 6136 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:36:45.0093 6136 ql1280 - ok
16:36:45.0109 6136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:36:45.0109 6136 RasAcd - ok
16:36:45.0140 6136 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:36:45.0140 6136 Rasirda - ok
16:36:45.0234 6136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:36:45.0234 6136 Rasl2tp - ok
16:36:45.0250 6136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:36:45.0250 6136 RasPppoe - ok
16:36:45.0296 6136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:36:45.0296 6136 Raspti - ok
16:36:45.0343 6136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:36:45.0343 6136 Rdbss - ok
16:36:45.0375 6136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:36:45.0390 6136 RDPCDD - ok
16:36:45.0406 6136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:36:45.0421 6136 rdpdr - ok
16:36:45.0515 6136 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:36:45.0515 6136 RDPWD - ok
16:36:45.0546 6136 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:36:45.0546 6136 redbook - ok
16:36:45.0625 6136 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:36:45.0625 6136 sdbus - ok
16:36:45.0671 6136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:36:45.0671 6136 Secdrv - ok
16:36:45.0703 6136 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:36:45.0703 6136 Serial - ok
16:36:45.0828 6136 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
16:36:45.0828 6136 sffdisk - ok
16:36:45.0859 6136 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
16:36:45.0859 6136 sffp_sd - ok
16:36:45.0890 6136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:36:45.0890 6136 Sfloppy - ok
16:36:45.0921 6136 Simbad - ok
16:36:45.0937 6136 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:36:45.0937 6136 sisagp - ok
16:36:45.0968 6136 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:36:45.0968 6136 SLIP - ok
16:36:46.0078 6136 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:36:46.0078 6136 Sparrow - ok
16:36:46.0156 6136 SPBBCDrv (286ae4ae9b10f92e97e51a1ab684b432) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:36:46.0156 6136 SPBBCDrv - ok
16:36:46.0203 6136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:36:46.0203 6136 splitter - ok
16:36:46.0312 6136 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:36:46.0312 6136 sr - ok
16:36:46.0343 6136 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\WINDOWS\system32\Drivers\SRTSP.SYS
16:36:46.0343 6136 SRTSP - ok
16:36:46.0390 6136 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
16:36:46.0390 6136 SRTSPL - ok
16:36:46.0421 6136 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
16:36:46.0421 6136 SRTSPX - ok
16:36:46.0453 6136 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:36:46.0453 6136 Srv - ok
16:36:46.0578 6136 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:36:46.0578 6136 streamip - ok
16:36:46.0609 6136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:36:46.0609 6136 swenum - ok
16:36:46.0640 6136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:36:46.0640 6136 swmidi - ok
16:36:46.0687 6136 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:36:46.0687 6136 symc810 - ok
16:36:46.0703 6136 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:36:46.0703 6136 symc8xx - ok
16:36:46.0750 6136 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
16:36:46.0750 6136 SYMDNS - ok
16:36:46.0843 6136 SymEvent (06b95820df51502099a8a15c93e87986) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:36:46.0843 6136 SymEvent - ok
16:36:46.0875 6136 SYMFW (a131d8360b01044517aa44529e2137d6) C:\WINDOWS\System32\Drivers\SYMFW.SYS
16:36:46.0937 6136 SYMFW - ok
16:36:47.0046 6136 SYMIDS (2b77868f02dae02103380b824431b798) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
16:36:47.0046 6136 SYMIDS - ok
16:36:47.0156 6136 SYMIDSCO (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20111103.001\SymIDSCo.sys
16:36:47.0156 6136 SYMIDSCO - ok
16:36:47.0250 6136 SYMNDIS (799282f4a913ca51197c9cdd34d403d6) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
16:36:47.0250 6136 SYMNDIS - ok
16:36:47.0296 6136 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
16:36:47.0296 6136 SYMREDRV - ok
16:36:47.0343 6136 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
16:36:47.0343 6136 SYMTDI - ok
16:36:47.0390 6136 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:36:47.0390 6136 sym_hi - ok
16:36:47.0406 6136 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:36:47.0406 6136 sym_u3 - ok
16:36:47.0453 6136 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:36:47.0453 6136 SynTP - ok
16:36:47.0531 6136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:36:47.0531 6136 sysaudio - ok
16:36:47.0609 6136 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:36:47.0625 6136 Tcpip - ok
16:36:47.0671 6136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:36:47.0671 6136 TDPIPE - ok
16:36:47.0750 6136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:36:47.0765 6136 TDTCP - ok
16:36:47.0812 6136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:36:47.0812 6136 TermDD - ok
16:36:47.0875 6136 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys
16:36:47.0875 6136 tifm21 - ok
16:36:47.0906 6136 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:36:47.0906 6136 TosIde - ok
16:36:48.0000 6136 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
16:36:48.0000 6136 tvicport - ok
16:36:48.0031 6136 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
16:36:48.0031 6136 UBHelper - ok
16:36:48.0078 6136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:36:48.0078 6136 Udfs - ok
16:36:48.0125 6136 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:36:48.0125 6136 ultra - ok
16:36:48.0156 6136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:36:48.0156 6136 Update - ok
16:36:48.0250 6136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:36:48.0250 6136 usbccgp - ok
16:36:48.0312 6136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:36:48.0312 6136 usbehci - ok
16:36:48.0328 6136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:36:48.0328 6136 usbhub - ok
16:36:48.0359 6136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:36:48.0359 6136 usbprint - ok
16:36:48.0437 6136 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:36:48.0437 6136 usbstor - ok
16:36:48.0484 6136 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:36:48.0484 6136 usbuhci - ok
16:36:48.0515 6136 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:36:48.0515 6136 usbvideo - ok
16:36:48.0546 6136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:36:48.0546 6136 VgaSave - ok
16:36:48.0578 6136 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:36:48.0578 6136 viaagp - ok
16:36:48.0640 6136 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:36:48.0640 6136 ViaIde - ok
16:36:48.0687 6136 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:36:48.0687 6136 VolSnap - ok
16:36:48.0734 6136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:36:48.0734 6136 Wanarp - ok
16:36:48.0750 6136 WDICA - ok
16:36:48.0781 6136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:36:48.0781 6136 wdmaud - ok
16:36:48.0859 6136 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:36:48.0859 6136 winachsf - ok
16:36:49.0015 6136 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:36:49.0015 6136 WmiAcpi - ok
16:36:49.0062 6136 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:36:49.0062 6136 WSTCODEC - ok
16:36:49.0156 6136 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
16:36:49.0156 6136 zntport - ok
16:36:49.0187 6136 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
16:36:50.0093 6136 \Device\Harddisk0\DR0 - ok
16:36:50.0125 6136 Boot (0x1200) (925002c4b2c8bb8661783041e53b7cf7) \Device\Harddisk0\DR0\Partition0
16:36:50.0125 6136 \Device\Harddisk0\DR0\Partition0 - ok
16:36:50.0156 6136 Boot (0x1200) (a3e0eb4890bddb5c83268e7ff292cc38) \Device\Harddisk0\DR0\Partition1
16:36:50.0156 6136 \Device\Harddisk0\DR0\Partition1 - ok
16:36:50.0156 6136 ============================================================
16:36:50.0156 6136 Scan finished
16:36:50.0156 6136 ============================================================
16:36:50.0171 4360 Detected object count: 0
16:36:50.0171 4360 Actual detected object count: 0
16:39:34.0593 4952 Deinitialize success
GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:20 on 22/12/2011 (David)
Firefox version 8.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [08:19 22/12/2011]
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [17:25 22/12/2011]

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [03:37 12/04/2011]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [18:44 07/12/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [18:15 09/04/2011]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [00:20 10/07/2010]

---------- Old Logs ----------
GooredFix[07.57.08_22-12-2011].txt

-=E.O.F=-
ComboFix 11-12-23.01 - David 12/23/2011 15:59:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.392 [GMT -6:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\David\WINDOWS
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-23 21:08 . 2011-12-23 21:08 -------- d-----w- c:\documents and settings\David\Application Data\Malwarebytes
2011-12-23 21:08 . 2011-12-23 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-23 21:08 . 2011-12-23 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-23 21:08 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-23 20:33 . 2011-12-23 20:33 -------- d-----w- C:\_OTL
2011-12-22 17:26 . 2011-12-22 17:26 -------- d-----w- c:\program files\Common Files\Java
2011-12-22 07:42 . 2011-12-22 07:42 -------- d-----w- C:\_OTM
2011-12-22 07:40 . 2011-12-22 07:40 -------- d-----w- c:\program files\ERUNT
2011-12-22 07:27 . 2011-12-22 07:27 -------- d-----w- c:\documents and settings\David\Application Data\SpeedyComputer
2011-12-22 07:27 . 2011-12-23 20:34 -------- d-----w- c:\program files\SpeedyComputer
2011-12-07 23:29 . 2011-12-07 23:47 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Google
2011-12-07 23:29 . 2011-12-07 23:46 -------- d-----w- c:\program files\Google
2011-12-06 14:32 . 2011-12-06 14:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2007-03-08 13:47 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 11:54 . 2010-07-13 00:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 09:27 . 2010-07-10 00:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-01 20:35 . 2007-04-18 12:31 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2004-08-05 03:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2004-08-05 03:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2004-08-05 03:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2004-08-05 03:00 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2004-08-05 03:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2007-02-28 09:53 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2007-02-28 09:16 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-05 03:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2007-05-16 15:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-05 03:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-05 03:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-05 03:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-21 04:04 . 2011-12-22 08:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-20 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-04-28 84640]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-04-28 26248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-14 850704]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-17 188416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HPWITOOLBOX"="c:\program files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe" [2003-09-12 290816]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-04-28 100032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\David\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-2-29 45056]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-1-12 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-3 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [3/16/2008 8:23 AM 70016]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/23/2011 3:08 PM 366152]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [7/22/2010 10:40 AM 91984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2011 6:49 AM 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/23/2011 3:08 PM 22216]
R3 NWRmNet;Novatel Wireless RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet.sys [5/24/2010 7:40 AM 120832]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [6/10/2010 11:14 AM 176384]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [6/10/2010 11:14 AM 176384]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [6/10/2010 11:14 AM 176384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/7/2011 5:30 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/7/2011 5:30 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-07 23:29]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-07 23:29]
.
2011-10-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - David.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-04-28 00:08]
.
2011-12-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchAssistant = hxxp://search.bearshare.com/web?src=ieb&appid=148&systemid=2&sr=0&q={searchTerms}
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 142.161.2.135 142.161.130.135
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\odmid6wn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-BearShare 2 MediaBar - c:\program files\BearShare Applications\MediaBar\Datamngr\ToolBar\uninstallTB.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 16:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-12-23 16:09:19
ComboFix-quarantined-files.txt 2011-12-23 22:09
.
Pre-Run: 2,784,976,896 bytes free
Post-Run: 3,030,908,928 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FAB6863801F6D79B311EEADE1E84AB65
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122308

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/23/2011 3:19:52 PM
mbam-log-2011-12-23 (15-19-52).txt

Scan type: Quick scan
Objects scanned: 199610
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-23 16:47:36
-----------------------------
16:47:36.703 OS Version: Windows 5.1.2600 Service Pack 3
16:47:36.703 Number of processors: 2 586 0xF0D
16:47:36.703 ComputerName: ACER-47CBE8A5ED UserName: David
16:47:37.421 Initialize success
16:58:27.062 AVAST engine defs: 11122301
17:04:35.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:04:35.796 Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3
17:04:35.812 Disk 0 MBR read successfully
17:04:35.828 Disk 0 MBR scan
17:04:35.890 Disk 0 unknown MBR code
17:04:35.921 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
17:04:35.953 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52239 MB offset 20482048
17:04:36.000 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52232 MB offset 127467520
17:04:36.015 Disk 0 scanning sectors +234438656
17:04:36.109 Disk 0 scanning C:\WINDOWS\system32\drivers
17:04:58.125 Service scanning
17:04:59.578 Modules scanning
17:05:28.515 AVAST engine scan C:\WINDOWS
17:05:49.984 AVAST engine scan C:\WINDOWS\system32
17:08:48.906 AVAST engine scan C:\WINDOWS\system32\drivers
17:09:11.546 AVAST engine scan C:\Documents and Settings\David
17:18:04.093 AVAST engine scan C:\Documents and Settings\All Users
17:20:37.734 Scan finished successfully
17:21:08.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David\Desktop\MBR.dat"
17:21:08.140 The log file has been saved successfully to "C:\Documents and Settings\David\Desktop\aswMBR.txt"

I think that is all of them I will check back so see if there is anything more that I should be doing or if I have missed a log that was needed.
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP