TechSpot

[A] 206.161.121.6 trojan sirefef

By Ellca1012
Jun 6, 2012
  1. My son inadvertantly let this bug in and no I am unable to remove, I have tried using AVG, Norton 360 as well as malware bytes, all declare my computer clean, but Norton keeps alerting me to a high usage in Win322 and Malware bytes keeps blocking outgoing access to 206.161.121.6 and 78.41.203.118 HELP!! I need to get this bug off my PC any suggestions?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.06.04
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Carmen 2 :: ELLIOTT [administrator]
    Protection: Enabled
    6/7/2012 7:37:13 PM
    mbam-log-2012-06-07 (19-37-13).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 247258
    Time elapsed: 33 minute(s), 50 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
     
  4. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-07 20:34:50
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600AAJS-75PSA0 rev.05.06H05
    Running: rff42hlb[1].exe; Driver: C:\DOCUME~1\CARMEN~1\LOCALS~1\Temp\ugldapog.sys

    ---- Kernel code sections - GMER 1.0.15 ----
    init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA920EA00]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 001A3984
    .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A42DC
    .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A432B
    .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A438B
    .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A43B2
    .text C:\WINDOWS\System32\svchost.exe[1096] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
    .text C:\WINDOWS\System32\svchost.exe[1096] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 001A4477
    .text C:\WINDOWS\System32\svchost.exe[1096] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 001A444D
    .text C:\WINDOWS\System32\svchost.exe[1096] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A4278
    .text C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[3332] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00263984
    ---- Devices - GMER 1.0.15 ----
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 868312E2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 868312E2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 868312E2
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 868312E2
    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
    ---- EOF - GMER 1.0.15 ----
     
  5. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/6/2007 2:06:59 PM
    System Uptime: 6/7/2012 7:32:49 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0KW628
    Processor: Intel(R) Core(TM)2 Duo CPU E4400 @ 2.00GHz | Microprocessor | 1995/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 132.957 GiB free.
    D: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1214: 3/2/2012 5:43:12 PM - System Checkpoint
    RP1215: 3/3/2012 6:42:11 PM - System Checkpoint
    RP1216: 3/4/2012 7:42:07 PM - System Checkpoint
    RP1217: 3/5/2012 8:42:07 PM - System Checkpoint
    RP1218: 3/6/2012 9:42:08 PM - System Checkpoint
    RP1219: 3/7/2012 10:42:08 PM - System Checkpoint
    RP1220: 3/8/2012 11:42:06 PM - System Checkpoint
    RP1221: 3/10/2012 12:42:06 AM - System Checkpoint
    RP1222: 3/11/2012 2:42:05 AM - System Checkpoint
    RP1223: 3/12/2012 3:42:07 AM - System Checkpoint
    RP1224: 3/13/2012 4:42:05 AM - System Checkpoint
    RP1225: 3/14/2012 3:00:15 AM - Software Distribution Service 3.0
    RP1226: 3/15/2012 3:24:21 AM - System Checkpoint
    RP1227: 3/16/2012 4:24:20 AM - System Checkpoint
    RP1228: 3/17/2012 5:24:20 AM - System Checkpoint
    RP1229: 3/18/2012 6:24:20 AM - System Checkpoint
    RP1230: 3/19/2012 7:24:20 AM - System Checkpoint
    RP1231: 3/20/2012 8:24:20 AM - System Checkpoint
    RP1232: 3/21/2012 9:24:20 AM - System Checkpoint
    RP1233: 3/22/2012 10:24:21 AM - System Checkpoint
    RP1234: 3/23/2012 10:25:28 AM - System Checkpoint
    RP1235: 3/24/2012 10:26:07 AM - System Checkpoint
    RP1236: 3/25/2012 10:49:30 AM - System Checkpoint
    RP1237: 3/26/2012 11:24:22 AM - System Checkpoint
    RP1238: 3/27/2012 12:24:23 PM - System Checkpoint
    RP1239: 3/28/2012 12:34:08 PM - System Checkpoint
    RP1240: 3/29/2012 12:45:40 PM - System Checkpoint
    RP1241: 3/30/2012 1:34:31 PM - System Checkpoint
    RP1242: 3/31/2012 2:06:45 PM - System Checkpoint
    RP1243: 4/1/2012 2:34:31 PM - System Checkpoint
    RP1244: 4/2/2012 4:42:09 PM - System Checkpoint
    RP1245: 4/3/2012 6:02:28 PM - System Checkpoint
    RP1246: 4/4/2012 6:29:27 PM - System Checkpoint
    RP1247: 4/5/2012 7:28:25 PM - System Checkpoint
    RP1248: 4/6/2012 8:23:44 PM - System Checkpoint
    RP1249: 4/7/2012 8:28:23 PM - System Checkpoint
    RP1250: 4/8/2012 9:28:22 PM - System Checkpoint
    RP1251: 4/9/2012 10:28:22 PM - System Checkpoint
    RP1252: 4/10/2012 11:28:22 PM - System Checkpoint
    RP1253: 4/11/2012 3:00:14 AM - Software Distribution Service 3.0
    RP1254: 4/12/2012 3:29:50 AM - System Checkpoint
    RP1255: 4/13/2012 3:34:21 AM - System Checkpoint
    RP1256: 4/14/2012 4:34:21 AM - System Checkpoint
    RP1257: 4/15/2012 5:34:21 AM - System Checkpoint
    RP1258: 4/16/2012 6:34:21 AM - System Checkpoint
    RP1259: 4/17/2012 7:34:21 AM - System Checkpoint
    RP1260: 4/18/2012 8:34:21 AM - System Checkpoint
    RP1261: 4/19/2012 8:51:35 AM - System Checkpoint
    RP1262: 4/20/2012 8:53:08 AM - System Checkpoint
    RP1263: 4/21/2012 9:51:24 AM - System Checkpoint
    RP1264: 4/22/2012 9:52:29 AM - System Checkpoint
    RP1265: 4/23/2012 10:51:24 AM - System Checkpoint
    RP1266: 4/24/2012 12:32:13 PM - System Checkpoint
    RP1267: 4/25/2012 12:46:42 PM - System Checkpoint
    RP1268: 4/26/2012 12:51:25 PM - System Checkpoint
    RP1269: 4/27/2012 12:54:47 PM - System Checkpoint
    RP1270: 4/28/2012 12:55:48 PM - System Checkpoint
    RP1271: 4/29/2012 1:36:57 PM - System Checkpoint
    RP1272: 4/30/2012 2:34:53 PM - System Checkpoint
    RP1273: 5/1/2012 2:51:27 PM - System Checkpoint
    RP1274: 5/2/2012 3:58:45 PM - System Checkpoint
    RP1275: 5/3/2012 4:22:11 PM - System Checkpoint
    RP1276: 5/4/2012 6:23:38 PM - System Checkpoint
    RP1277: 5/5/2012 7:22:10 PM - System Checkpoint
    RP1278: 5/6/2012 8:35:09 PM - System Checkpoint
    RP1279: 5/7/2012 9:34:10 PM - System Checkpoint
    RP1280: 5/8/2012 10:22:09 PM - System Checkpoint
    RP1281: 5/9/2012 11:22:09 PM - System Checkpoint
    RP1282: 5/10/2012 11:23:15 PM - System Checkpoint
    RP1283: 5/11/2012 3:00:15 AM - Software Distribution Service 3.0
    RP1284: 5/12/2012 3:32:22 AM - System Checkpoint
    RP1285: 5/13/2012 4:32:22 AM - System Checkpoint
    RP1286: 5/14/2012 5:32:22 AM - System Checkpoint
    RP1287: 5/15/2012 6:10:50 AM - System Checkpoint
    RP1288: 5/16/2012 7:10:50 AM - System Checkpoint
    RP1289: 5/17/2012 8:10:50 AM - System Checkpoint
    RP1290: 5/18/2012 9:10:49 AM - System Checkpoint
    RP1291: 5/19/2012 10:10:50 AM - System Checkpoint
    RP1292: 5/20/2012 11:10:50 AM - System Checkpoint
    RP1293: 5/21/2012 12:10:49 PM - System Checkpoint
    RP1294: 5/22/2012 3:00:15 AM - Software Distribution Service 3.0
    RP1295: 5/23/2012 3:10:53 AM - System Checkpoint
    RP1296: 5/24/2012 4:10:53 AM - System Checkpoint
    RP1297: 5/25/2012 4:11:58 AM - System Checkpoint
    RP1298: 5/26/2012 5:10:53 AM - System Checkpoint
    RP1299: 5/27/2012 6:10:54 AM - System Checkpoint
    RP1300: 5/28/2012 7:10:54 AM - System Checkpoint
    RP1301: 5/29/2012 5:01:05 PM - System Checkpoint
    RP1302: 5/29/2012 8:50:46 PM - Removed AVG 2012
    RP1303: 5/29/2012 8:52:17 PM - Removed AVG 2012
    RP1304: 5/30/2012 6:58:18 PM - Norton 360 Registry Clean
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader 8.1.4
    Adobe Shockwave Player 11.6
    AVG PC Tuneup
    Broadcom ASF Management Applications
    Broadcom Management Programs
    Dell ETS Factory Installation
    DSmobile 600
    DSmobileSCAN II
    ERA Software Manager
    Frontier High Speed Internet
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Image Plugin
    Integration Assistant 3
    Intel(R) Graphics Media Accelerator Driver
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Professional
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    OpenOffice.org Installer 1.0
    PowerDVD
    Productivity 3 Toolbar
    ProQuest Product Licenser
    Rhapsody
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio Update Manager
    SearchAssist
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB923789)
    Sonic Activation Module
    SpeedyPC Pro
    Spinco Download Manager
    StarPL
    swMSM
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2598845)
    URL Assistant
    Vz In Home Agent
    WebEx
    WebFldrs XP
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/7/2012 7:41:15 PM, error: Print [6161] - The document http://www.techspot.com/community/topics/updated-5-step-viruses owned by Carmen 2 failed to print on printer Dell Photo AIO Printer 926. Data type: LEMF. Size of the spool file in bytes: 4883452. Number of bytes printed: 0. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\ELLIOTT. Win32 error code returned by the print processor: 0 (0x0).
    6/2/2012 8:55:32 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without first being prepared for removal.
    6/2/2012 7:39:55 PM, error: Service Control Manager [7000] - The UCS Install NT Service service failed to start due to the following error: The system cannot find the path specified.
    6/2/2012 7:39:55 PM, error: Service Control Manager [7000] - The REY PSCVersionService service failed to start due to the following error: The system cannot find the file specified.
    6/2/2012 7:39:55 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    6/2/2012 7:38:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/2/2012 7:11:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    6/2/2012 7:08:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
    6/2/2012 7:06:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    6/2/2012 4:14:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    6/2/2012 10:26:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
    .
    ==== End Of File ===========================
     
  6. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    duplicate
     
  7. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You posted Attach.txt part of DDS twice.
    I still need DDS.txt log.
     
  8. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Carmen 2 at 20:40:06 on 2012-06-07
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.278 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\NCNETWORKSDM\bin\sprtcmd.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\WINDOWS\system32\dlcxcoms.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Rey\Bin\Ucsinsvc.exe
    C:\Program Files\NCNETWORKSDM\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\NCNETWORKSDM\bin\tgsrvc.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbPro2.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - c:\program files\productivity_3\prxtbPro2.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NCNETWORKSDM] "c:\program files\ncnetworksdm\bin\sprtcmd.exe" /P NCNETWORKSDM
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194376528525
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194376586009
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\carmen 2\application data\mozilla\firefox\profiles\dhvcimm2.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
    R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-2 654408]
    R2 REY Install NT Service;REY Install NT Service;c:\rey\bin\UcsInSvc.exe [2010-9-10 98304]
    R2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);c:\program files\ncnetworksdm\bin\sprtsvc.exe [2010-6-17 206120]
    R2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);c:\program files\ncnetworksdm\bin\tgsrvc.exe [2010-6-17 185640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-2 22344]
    S2 gupdate1ca27f0cb39b8f4;Google Update Service (gupdate1ca27f0cb39b8f4);c:\program files\google\update\GoogleUpdate.exe [2009-8-28 133104]
    S2 REY PSCVersionService;REY PSCVersionService;c:\rey\bin\pscversionservice.exe --> c:\rey\bin\PscVersionService.exe [?]
    S2 UCS Install NT Service;UCS Install NT Service;c:\ucc\services\ucsinsvc.exe --> c:\ucc\services\UcsInSvc.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 257696]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-28 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-30 129976]
    .
    =============== Created Last 30 ================
    .
    2012-06-07 23:48:06 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\Adobe
    2012-06-03 00:40:22 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\Mozilla
    2012-06-02 23:40:18 -------- d-----w- c:\documents and settings\carmen 2\application data\Malwarebytes
    2012-06-02 20:15:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 20:15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-02 20:15:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-05-29 20:42:26 -------- d-sh--w- c:\documents and settings\carmen 2\PrivacIE
    2012-05-29 03:49:28 -------- d-sh--w- c:\documents and settings\carmen 2\IECompatCache
    2012-05-29 03:48:20 -------- d-----w- c:\documents and settings\carmen 2\application data\PriceGong
    2012-05-29 03:47:52 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\Conduit
    2012-05-29 03:47:10 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\Productivity_3
    2012-05-29 03:46:24 -------- d-----w- c:\documents and settings\carmen 2\local settings\application data\SupportSoft
    2012-05-28 23:42:27 -------- d-----w- c:\program files\common files\SpeedyPC Software
    2012-05-28 23:42:26 -------- d-----w- c:\program files\SpeedyPC Software
    2012-05-28 23:42:26 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
    .
    ==================== Find3M ====================
    .
    2012-05-04 17:16:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-04 17:16:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 17:16:12 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1600AAJS-75PSA0 rev.05.06H05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868314B1]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8683893c]; MOV EAX, [0x86838ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x86D86AB8]
    3 CLASSPNP[0xF7572FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x86876F18]
    \Driver\atapi[0x86977580] -> IRP_MJ_CREATE -> 0x868314B1
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x868312E2
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 20:41:34.64 ===============
     
  9. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    20:53:23.0843 0688 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
    20:53:23.0890 0688 ============================================================
    20:53:23.0890 0688 Current date / time: 2012/06/07 20:53:23.0890
    20:53:23.0890 0688 SystemInfo:
    20:53:23.0890 0688
    20:53:23.0890 0688 OS Version: 5.1.2600 ServicePack: 3.0
    20:53:23.0890 0688 Product type: Workstation
    20:53:23.0890 0688 ComputerName: ELLIOTT
    20:53:23.0890 0688 UserName: Carmen 2
    20:53:23.0890 0688 Windows directory: C:\WINDOWS
    20:53:23.0890 0688 System windows directory: C:\WINDOWS
    20:53:23.0890 0688 Processor architecture: Intel x86
    20:53:23.0890 0688 Number of processors: 2
    20:53:23.0890 0688 Page size: 0x1000
    20:53:23.0890 0688 Boot type: Normal boot
    20:53:23.0890 0688 ============================================================
    20:53:26.0750 0688 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    20:53:26.0781 0688 ============================================================
    20:53:26.0781 0688 \Device\Harddisk0\DR0:
    20:53:26.0781 0688 MBR partitions:
    20:53:26.0781 0688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x129ED876
    20:53:26.0781 0688 ============================================================
    20:53:26.0843 0688 C: <-> \Device\Harddisk0\DR0\Partition0
    20:53:26.0843 0688 ============================================================
    20:53:26.0843 0688 Initialize success
    20:53:26.0843 0688 ============================================================
    20:53:31.0171 2480 ============================================================
    20:53:31.0171 2480 Scan started
    20:53:31.0171 2480 Mode: Manual;
    20:53:31.0171 2480 ============================================================
    20:53:31.0921 2480 Abiosdsk - ok
    20:53:31.0953 2480 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    20:53:31.0953 2480 abp480n5 - ok
    20:53:31.0984 2480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    20:53:31.0984 2480 ACPI - ok
    20:53:32.0015 2480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    20:53:32.0015 2480 ACPIEC - ok
    20:53:32.0062 2480 ADIHdAudAddService (62afc64108bbdb8d3ca32aad559e5af1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
    20:53:32.0078 2480 ADIHdAudAddService - ok
    20:53:32.0140 2480 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    20:53:32.0156 2480 AdobeFlashPlayerUpdateSvc - ok
    20:53:32.0187 2480 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    20:53:32.0187 2480 adpu160m - ok
    20:53:32.0234 2480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    20:53:32.0234 2480 aec - ok
    20:53:32.0281 2480 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    20:53:32.0281 2480 AFD - ok
    20:53:32.0328 2480 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    20:53:32.0328 2480 agp440 - ok
    20:53:32.0359 2480 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    20:53:32.0359 2480 agpCPQ - ok
    20:53:32.0375 2480 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    20:53:32.0375 2480 Aha154x - ok
    20:53:32.0390 2480 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    20:53:32.0390 2480 aic78u2 - ok
    20:53:32.0406 2480 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    20:53:32.0406 2480 aic78xx - ok
    20:53:32.0437 2480 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    20:53:32.0437 2480 Alerter - ok
    20:53:32.0453 2480 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    20:53:32.0453 2480 ALG - ok
    20:53:32.0484 2480 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    20:53:32.0484 2480 AliIde - ok
    20:53:32.0515 2480 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    20:53:32.0515 2480 alim1541 - ok
    20:53:32.0546 2480 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    20:53:32.0546 2480 amdagp - ok
    20:53:32.0578 2480 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    20:53:32.0578 2480 amsint - ok
    20:53:32.0609 2480 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    20:53:32.0625 2480 AppMgmt - ok
    20:53:32.0640 2480 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    20:53:32.0640 2480 asc - ok
    20:53:32.0640 2480 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    20:53:32.0656 2480 asc3350p - ok
    20:53:32.0687 2480 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    20:53:32.0687 2480 asc3550 - ok
    20:53:32.0984 2480 ASFIPmon (cc184933b1dd73f34db5346515639a59) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    20:53:32.0984 2480 ASFIPmon - ok
    20:53:33.0140 2480 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    20:53:33.0171 2480 aspnet_state - ok
    20:53:33.0203 2480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    20:53:33.0203 2480 AsyncMac - ok
    20:53:33.0234 2480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    20:53:33.0234 2480 atapi - ok
    20:53:33.0250 2480 Atdisk - ok
    20:53:33.0265 2480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    20:53:33.0265 2480 Atmarpc - ok
    20:53:33.0312 2480 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    20:53:33.0312 2480 AudioSrv - ok
    20:53:33.0328 2480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    20:53:33.0328 2480 audstub - ok
    20:53:33.0375 2480 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    20:53:33.0375 2480 b57w2k - ok
    20:53:33.0390 2480 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
    20:53:33.0390 2480 BASFND - ok
    20:53:33.0437 2480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    20:53:33.0437 2480 Beep - ok
    20:53:33.0500 2480 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    20:53:33.0578 2480 BITS - ok
    20:53:33.0625 2480 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    20:53:33.0625 2480 Browser - ok
    20:53:33.0640 2480 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    20:53:33.0640 2480 cbidf - ok
    20:53:33.0656 2480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    20:53:33.0656 2480 cbidf2k - ok
    20:53:33.0656 2480 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    20:53:33.0656 2480 cd20xrnt - ok
    20:53:33.0703 2480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    20:53:33.0703 2480 Cdaudio - ok
    20:53:33.0718 2480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    20:53:33.0718 2480 Cdfs - ok
    20:53:33.0765 2480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    20:53:33.0765 2480 Cdrom - ok
    20:53:33.0765 2480 Changer - ok
    20:53:33.0796 2480 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    20:53:33.0796 2480 CiSvc - ok
    20:53:33.0828 2480 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    20:53:33.0828 2480 ClipSrv - ok
    20:53:33.0859 2480 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:53:33.0890 2480 clr_optimization_v2.0.50727_32 - ok
    20:53:33.0906 2480 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    20:53:33.0906 2480 CmdIde - ok
    20:53:33.0921 2480 COMSysApp - ok
    20:53:33.0937 2480 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    20:53:33.0937 2480 Cpqarray - ok
    20:53:34.0015 2480 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    20:53:34.0015 2480 CryptSvc - ok
    20:53:34.0046 2480 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    20:53:34.0062 2480 dac2w2k - ok
    20:53:34.0078 2480 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    20:53:34.0078 2480 dac960nt - ok
    20:53:34.0125 2480 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    20:53:34.0140 2480 DcomLaunch - ok
    20:53:34.0203 2480 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    20:53:34.0203 2480 Dhcp - ok
    20:53:34.0218 2480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    20:53:34.0218 2480 Disk - ok
    20:53:34.0281 2480 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
    20:53:34.0281 2480 DLABMFSM - ok
    20:53:34.0281 2480 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    20:53:34.0281 2480 DLABOIOM - ok
    20:53:34.0296 2480 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    20:53:34.0296 2480 DLACDBHM - ok
    20:53:34.0328 2480 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
    20:53:34.0328 2480 DLADResM - ok
    20:53:34.0343 2480 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    20:53:34.0343 2480 DLAIFS_M - ok
    20:53:34.0343 2480 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    20:53:34.0343 2480 DLAOPIOM - ok
    20:53:34.0359 2480 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    20:53:34.0359 2480 DLAPoolM - ok
    20:53:34.0359 2480 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    20:53:34.0359 2480 DLARTL_M - ok
    20:53:34.0359 2480 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    20:53:34.0359 2480 DLAUDFAM - ok
    20:53:34.0375 2480 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    20:53:34.0375 2480 DLAUDF_M - ok
    20:53:34.0375 2480 dlcx_device - ok
    20:53:34.0375 2480 dmadmin - ok
    20:53:34.0453 2480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    20:53:34.0468 2480 dmboot - ok
    20:53:34.0500 2480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    20:53:34.0500 2480 dmio - ok
    20:53:34.0531 2480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    20:53:34.0531 2480 dmload - ok
    20:53:34.0562 2480 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    20:53:34.0562 2480 dmserver - ok
    20:53:34.0578 2480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    20:53:34.0578 2480 DMusic - ok
    20:53:34.0593 2480 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    20:53:34.0609 2480 Dnscache - ok
    20:53:34.0625 2480 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    20:53:34.0625 2480 Dot3svc - ok
    20:53:34.0640 2480 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    20:53:34.0640 2480 dpti2o - ok
    20:53:34.0671 2480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    20:53:34.0671 2480 drmkaud - ok
    20:53:34.0703 2480 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    20:53:34.0718 2480 DRVMCDB - ok
    20:53:34.0718 2480 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    20:53:34.0718 2480 DRVNDDM - ok
    20:53:34.0734 2480 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    20:53:34.0734 2480 E100B - ok
    20:53:34.0750 2480 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    20:53:34.0750 2480 EapHost - ok
    20:53:34.0781 2480 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    20:53:34.0781 2480 ERSvc - ok
    20:53:34.0828 2480 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    20:53:34.0828 2480 Eventlog - ok
    20:53:34.0890 2480 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    20:53:34.0890 2480 EventSystem - ok
    20:53:34.0906 2480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    20:53:34.0906 2480 Fastfat - ok
    20:53:34.0953 2480 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:53:34.0953 2480 FastUserSwitchingCompatibility - ok
    20:53:35.0031 2480 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
    20:53:35.0031 2480 Fax - ok
    20:53:35.0093 2480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    20:53:35.0093 2480 Fdc - ok
    20:53:35.0109 2480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    20:53:35.0109 2480 Fips - ok
    20:53:35.0125 2480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    20:53:35.0125 2480 Flpydisk - ok
    20:53:35.0171 2480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    20:53:35.0171 2480 FltMgr - ok
    20:53:35.0312 2480 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    20:53:35.0312 2480 FontCache3.0.0.0 - ok
    20:53:35.0359 2480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    20:53:35.0359 2480 Fs_Rec - ok
    20:53:35.0406 2480 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    20:53:35.0406 2480 Ftdisk - ok
    20:53:35.0468 2480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    20:53:35.0468 2480 Gpc - ok
    20:53:35.0593 2480 gupdate1ca27f0cb39b8f4 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:53:35.0609 2480 gupdate1ca27f0cb39b8f4 - ok
    20:53:35.0609 2480 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:53:35.0609 2480 gupdatem - ok
    20:53:35.0656 2480 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:53:35.0656 2480 gusvc - ok
    20:53:35.0703 2480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    20:53:35.0703 2480 HDAudBus - ok
    20:53:35.0781 2480 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    20:53:35.0781 2480 helpsvc - ok
    20:53:35.0812 2480 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    20:53:35.0812 2480 HidServ - ok
    20:53:35.0828 2480 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    20:53:35.0828 2480 HidUsb - ok
    20:53:35.0875 2480 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    20:53:35.0875 2480 hkmsvc - ok
    20:53:35.0984 2480 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    20:53:36.0000 2480 HP Port Resolver - ok
    20:53:36.0093 2480 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    20:53:36.0093 2480 HP Status Server - ok
    20:53:36.0125 2480 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    20:53:36.0125 2480 hpn - ok
    20:53:36.0140 2480 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    20:53:36.0140 2480 HPZid412 - ok
    20:53:36.0156 2480 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    20:53:36.0156 2480 HPZipr12 - ok
    20:53:36.0171 2480 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    20:53:36.0171 2480 HPZius12 - ok
    20:53:36.0203 2480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    20:53:36.0203 2480 HTTP - ok
    20:53:36.0250 2480 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    20:53:36.0265 2480 HTTPFilter - ok
    20:53:36.0281 2480 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    20:53:36.0281 2480 i2omgmt - ok
    20:53:36.0312 2480 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    20:53:36.0312 2480 i2omp - ok
    20:53:36.0328 2480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    20:53:36.0328 2480 i8042prt - ok
    20:53:36.0406 2480 ialm (0674ce8ae167d830b871a99c677c5c59) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    20:53:36.0421 2480 ialm - ok
    20:53:36.0578 2480 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:53:36.0593 2480 idsvc - ok
    20:53:36.0656 2480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    20:53:36.0656 2480 Imapi - ok
    20:53:36.0687 2480 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    20:53:36.0703 2480 ImapiService - ok
    20:53:36.0718 2480 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    20:53:36.0718 2480 ini910u - ok
    20:53:36.0734 2480 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    20:53:36.0734 2480 IntelIde - ok
    20:53:36.0765 2480 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    20:53:36.0765 2480 intelppm - ok
    20:53:36.0796 2480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    20:53:36.0812 2480 Ip6Fw - ok
    20:53:36.0812 2480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    20:53:36.0812 2480 IpFilterDriver - ok
    20:53:36.0828 2480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20:53:36.0843 2480 IpInIp - ok
    20:53:36.0875 2480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    20:53:36.0875 2480 IpNat - ok
    20:53:36.0890 2480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    20:53:36.0890 2480 IPSec - ok
    20:53:36.0906 2480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    20:53:36.0921 2480 IRENUM - ok
    20:53:36.0937 2480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    20:53:36.0937 2480 isapnp - ok
    20:53:37.0125 2480 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
    20:53:37.0140 2480 JavaQuickStarterService - ok
    20:53:37.0140 2480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    20:53:37.0140 2480 Kbdclass - ok
    20:53:37.0140 2480 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    20:53:37.0140 2480 kbdhid - ok
    20:53:37.0171 2480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    20:53:37.0171 2480 kmixer - ok
    20:53:37.0203 2480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    20:53:37.0203 2480 KSecDD - ok
    20:53:37.0234 2480 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    20:53:37.0234 2480 lanmanserver - ok
    20:53:37.0281 2480 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    20:53:37.0281 2480 lanmanworkstation - ok
    20:53:37.0296 2480 lbrtfdc - ok
    20:53:37.0359 2480 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    20:53:37.0359 2480 LmHosts - ok
    20:53:37.0406 2480 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
    20:53:37.0406 2480 MBAMProtector - ok
    20:53:37.0484 2480 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    20:53:37.0500 2480 MBAMService - ok
    20:53:37.0500 2480 MCSTRM - ok
    20:53:37.0546 2480 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    20:53:37.0546 2480 Messenger - ok
    20:53:37.0578 2480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    20:53:37.0578 2480 mnmdd - ok
    20:53:37.0609 2480 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    20:53:37.0609 2480 mnmsrvc - ok
    20:53:37.0640 2480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    20:53:37.0640 2480 Modem - ok
    20:53:37.0671 2480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    20:53:37.0671 2480 Mouclass - ok
    20:53:37.0718 2480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    20:53:37.0718 2480 mouhid - ok
    20:53:37.0765 2480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    20:53:37.0765 2480 MountMgr - ok
    20:53:37.0812 2480 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    20:53:37.0812 2480 MozillaMaintenance - ok
    20:53:37.0843 2480 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    20:53:37.0843 2480 mraid35x - ok
    20:53:37.0843 2480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    20:53:37.0843 2480 MRxDAV - ok
    20:53:37.0921 2480 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    20:53:37.0968 2480 MRxSmb - ok
    20:53:38.0015 2480 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    20:53:38.0031 2480 MSDTC - ok
    20:53:38.0031 2480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    20:53:38.0031 2480 Msfs - ok
    20:53:38.0031 2480 MSIServer - ok
    20:53:38.0078 2480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    20:53:38.0078 2480 MSKSSRV - ok
    20:53:38.0078 2480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    20:53:38.0078 2480 MSPCLOCK - ok
    20:53:38.0093 2480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    20:53:38.0093 2480 MSPQM - ok
    20:53:38.0125 2480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    20:53:38.0140 2480 mssmbios - ok
    20:53:38.0187 2480 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    20:53:38.0187 2480 Mup - ok
    20:53:38.0234 2480 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    20:53:38.0281 2480 napagent - ok
    20:53:38.0312 2480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    20:53:38.0328 2480 NDIS - ok
    20:53:38.0359 2480 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    20:53:38.0375 2480 NdisTapi - ok
    20:53:38.0375 2480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    20:53:38.0375 2480 Ndisuio - ok
    20:53:38.0406 2480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    20:53:38.0406 2480 NdisWan - ok
    20:53:38.0421 2480 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    20:53:38.0421 2480 NDProxy - ok
    20:53:38.0421 2480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    20:53:38.0421 2480 NetBIOS - ok
    20:53:38.0468 2480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    20:53:38.0468 2480 NetBT - ok
    20:53:38.0500 2480 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    20:53:38.0500 2480 NetDDE - ok
    20:53:38.0515 2480 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    20:53:38.0515 2480 NetDDEdsdm - ok
    20:53:38.0546 2480 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:53:38.0546 2480 Netlogon - ok
    20:53:38.0609 2480 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    20:53:38.0609 2480 Netman - ok
    20:53:38.0734 2480 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:53:38.0734 2480 NetTcpPortSharing - ok
    20:53:38.0781 2480 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    20:53:38.0781 2480 Nla - ok
    20:53:38.0812 2480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    20:53:38.0812 2480 Npfs - ok
    20:53:38.0859 2480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    20:53:38.0859 2480 Ntfs - ok
    20:53:38.0859 2480 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:53:38.0859 2480 NtLmSsp - ok
    20:53:38.0921 2480 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    20:53:38.0953 2480 NtmsSvc - ok
    20:53:39.0000 2480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    20:53:39.0000 2480 Null - ok
    20:53:39.0125 2480 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    20:53:39.0203 2480 nv - ok
    20:53:39.0296 2480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    20:53:39.0296 2480 NwlnkFlt - ok
    20:53:39.0312 2480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    20:53:39.0312 2480 NwlnkFwd - ok
    20:53:39.0343 2480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    20:53:39.0343 2480 Parport - ok
    20:53:39.0359 2480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    20:53:39.0359 2480 PartMgr - ok
    20:53:39.0375 2480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    20:53:39.0375 2480 ParVdm - ok
    20:53:39.0406 2480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    20:53:39.0406 2480 PCI - ok
    20:53:39.0406 2480 PCIDump - ok
    20:53:39.0421 2480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    20:53:39.0421 2480 PCIIde - ok
    20:53:39.0437 2480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    20:53:39.0437 2480 Pcmcia - ok
    20:53:39.0453 2480 PDCOMP - ok
    20:53:39.0453 2480 PDFRAME - ok
    20:53:39.0453 2480 PDRELI - ok
    20:53:39.0453 2480 PDRFRAME - ok
    20:53:39.0484 2480 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    20:53:39.0484 2480 perc2 - ok
    20:53:39.0500 2480 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    20:53:39.0500 2480 perc2hib - ok
    20:53:39.0546 2480 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    20:53:39.0546 2480 PlugPlay - ok
    20:53:39.0593 2480 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
    20:53:39.0593 2480 Pml Driver HPZ12 - ok
    20:53:39.0640 2480 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:53:39.0640 2480 PolicyAgent - ok
    20:53:39.0703 2480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    20:53:39.0703 2480 PptpMiniport - ok
    20:53:39.0703 2480 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:53:39.0703 2480 ProtectedStorage - ok
    20:53:39.0703 2480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    20:53:39.0703 2480 PSched - ok
    20:53:39.0718 2480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    20:53:39.0718 2480 Ptilink - ok
    20:53:39.0734 2480 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    20:53:39.0734 2480 PxHelp20 - ok
    20:53:39.0750 2480 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    20:53:39.0750 2480 ql1080 - ok
    20:53:39.0750 2480 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    20:53:39.0750 2480 Ql10wnt - ok
    20:53:39.0765 2480 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    20:53:39.0765 2480 ql12160 - ok
    20:53:39.0781 2480 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    20:53:39.0781 2480 ql1240 - ok
    20:53:39.0796 2480 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    20:53:39.0796 2480 ql1280 - ok
    20:53:39.0828 2480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    20:53:39.0828 2480 RasAcd - ok
    20:53:39.0859 2480 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    20:53:39.0859 2480 RasAuto - ok
    20:53:39.0890 2480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    20:53:39.0890 2480 Rasl2tp - ok
    20:53:39.0937 2480 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    20:53:39.0953 2480 RasMan - ok
    20:53:39.0953 2480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    20:53:39.0953 2480 RasPppoe - ok
    20:53:39.0953 2480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    20:53:39.0953 2480 Raspti - ok
    20:53:40.0000 2480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    20:53:40.0000 2480 Rdbss - ok
    20:53:40.0000 2480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    20:53:40.0015 2480 RDPCDD - ok
    20:53:40.0015 2480 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    20:53:40.0031 2480 rdpdr - ok
    20:53:40.0093 2480 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    20:53:40.0093 2480 RDPWD - ok
    20:53:40.0125 2480 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    20:53:40.0140 2480 RDSessMgr - ok
    20:53:40.0171 2480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    20:53:40.0171 2480 redbook - ok
    20:53:40.0218 2480 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    20:53:40.0218 2480 RemoteAccess - ok
    20:53:40.0250 2480 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    20:53:40.0265 2480 RemoteRegistry - ok
    20:53:40.0343 2480 REY Install NT Service (0b975a71d0122f85fb466d8eea826c78) C:\Rey\Bin\Ucsinsvc.exe
    20:53:40.0343 2480 REY Install NT Service - ok
    20:53:40.0359 2480 REY PSCVersionService - ok
    20:53:40.0406 2480 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    20:53:40.0406 2480 RpcLocator - ok
    20:53:40.0453 2480 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    20:53:40.0468 2480 RpcSs - ok
    20:53:40.0515 2480 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    20:53:40.0515 2480 RSVP - ok
    20:53:40.0562 2480 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    20:53:40.0562 2480 SamSs - ok
    20:53:40.0593 2480 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    20:53:40.0593 2480 SCardSvr - ok
    20:53:40.0640 2480 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    20:53:40.0656 2480 Schedule - ok
    20:53:40.0703 2480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20:53:40.0703 2480 Secdrv - ok
    20:53:40.0750 2480 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    20:53:40.0750 2480 seclogon - ok
    20:53:40.0812 2480 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
    20:53:40.0828 2480 SenFiltService - ok
    20:53:40.0843 2480 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    20:53:40.0843 2480 SENS - ok
    20:53:40.0890 2480 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    20:53:40.0890 2480 serenum - ok
    20:53:40.0906 2480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    20:53:40.0906 2480 Serial - ok
    20:53:40.0937 2480 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
    20:53:40.0937 2480 sermouse - ok
    20:53:40.0953 2480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    20:53:40.0953 2480 Sfloppy - ok
    20:53:41.0015 2480 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    20:53:41.0031 2480 SharedAccess - ok
    20:53:41.0125 2480 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:53:41.0125 2480 ShellHWDetection - ok
    20:53:41.0125 2480 Simbad - ok
    20:53:41.0171 2480 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    20:53:41.0171 2480 sisagp - ok
    20:53:41.0203 2480 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    20:53:41.0203 2480 Sparrow - ok
    20:53:41.0218 2480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    20:53:41.0218 2480 splitter - ok
    20:53:41.0265 2480 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    20:53:41.0265 2480 Spooler - ok
    20:53:41.0359 2480 sprtsvc_ncnetworksdm - ok
    20:53:41.0375 2480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    20:53:41.0375 2480 sr - ok
    20:53:41.0437 2480 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    20:53:41.0437 2480 srservice - ok
    20:53:41.0468 2480 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    20:53:41.0484 2480 Srv - ok
    20:53:41.0500 2480 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    20:53:41.0500 2480 SSDPSRV - ok
    20:53:41.0562 2480 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    20:53:41.0625 2480 stisvc - ok
    20:53:41.0687 2480 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    20:53:41.0687 2480 stllssvr - ok
    20:53:41.0718 2480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    20:53:41.0718 2480 swenum - ok
    20:53:41.0718 2480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    20:53:41.0718 2480 swmidi - ok
    20:53:41.0734 2480 SwPrv - ok
    20:53:41.0781 2480 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    20:53:41.0781 2480 symc810 - ok
    20:53:41.0796 2480 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    20:53:41.0796 2480 symc8xx - ok
    20:53:41.0812 2480 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    20:53:41.0812 2480 sym_hi - ok
    20:53:41.0812 2480 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    20:53:41.0812 2480 sym_u3 - ok
    20:53:41.0843 2480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    20:53:41.0843 2480 sysaudio - ok
    20:53:41.0890 2480 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    20:53:41.0890 2480 SysmonLog - ok
    20:53:41.0921 2480 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    20:53:41.0937 2480 TapiSrv - ok
    20:53:41.0968 2480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    20:53:42.0015 2480 Tcpip - ok
    20:53:42.0062 2480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    20:53:42.0062 2480 TDPIPE - ok
    20:53:42.0078 2480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    20:53:42.0078 2480 TDTCP - ok
    20:53:42.0156 2480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    20:53:42.0156 2480 TermDD - ok
    20:53:42.0203 2480 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    20:53:42.0250 2480 TermService - ok
    20:53:42.0328 2480 tgsrvc_ncnetworksdm - ok
    20:53:42.0375 2480 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    20:53:42.0390 2480 Themes - ok
    20:53:42.0421 2480 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    20:53:42.0437 2480 TlntSvr - ok
    20:53:42.0453 2480 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    20:53:42.0468 2480 TosIde - ok
    20:53:42.0500 2480 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    20:53:42.0500 2480 TrkWks - ok
    20:53:42.0531 2480 UCS Install NT Service - ok
    20:53:42.0546 2480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    20:53:42.0562 2480 Udfs - ok
    20:53:42.0578 2480 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    20:53:42.0578 2480 ultra - ok
    20:53:42.0640 2480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    20:53:42.0640 2480 Update - ok
    20:53:42.0703 2480 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    20:53:42.0703 2480 upnphost - ok
    20:53:42.0734 2480 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    20:53:42.0734 2480 UPS - ok
    20:53:42.0765 2480 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    20:53:42.0765 2480 usbaudio - ok
    20:53:42.0781 2480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    20:53:42.0781 2480 usbccgp - ok
    20:53:42.0828 2480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    20:53:42.0828 2480 usbehci - ok
    20:53:42.0828 2480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    20:53:42.0843 2480 usbhub - ok
    20:53:42.0859 2480 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    20:53:42.0859 2480 usbprint - ok
    20:53:42.0890 2480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    20:53:42.0890 2480 usbscan - ok
    20:53:42.0921 2480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    20:53:42.0921 2480 USBSTOR - ok
    20:53:42.0921 2480 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20:53:42.0921 2480 usbuhci - ok
    20:53:42.0937 2480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    20:53:42.0937 2480 VgaSave - ok
    20:53:42.0984 2480 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    20:53:42.0984 2480 viaagp - ok
    20:53:43.0000 2480 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    20:53:43.0000 2480 ViaIde - ok
    20:53:43.0031 2480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    20:53:43.0031 2480 VolSnap - ok
    20:53:43.0078 2480 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    20:53:43.0109 2480 VSS - ok
    20:53:43.0171 2480 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    20:53:43.0171 2480 w32time - ok
    20:53:43.0218 2480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    20:53:43.0234 2480 Wanarp - ok
    20:53:43.0234 2480 WDICA - ok
    20:53:43.0250 2480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    20:53:43.0250 2480 wdmaud - ok
    20:53:43.0296 2480 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    20:53:43.0296 2480 WebClient - ok
    20:53:43.0390 2480 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    20:53:43.0406 2480 winmgmt - ok
    20:53:43.0468 2480 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    20:53:43.0468 2480 WmdmPmSN - ok
    20:53:43.0531 2480 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    20:53:43.0578 2480 Wmi - ok
    20:53:43.0625 2480 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    20:53:43.0625 2480 WmiApSrv - ok
    20:53:43.0750 2480 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    20:53:43.0781 2480 WMPNetworkSvc - ok
    20:53:43.0828 2480 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    20:53:43.0828 2480 wscsvc - ok
    20:53:43.0875 2480 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    20:53:43.0906 2480 wuauserv - ok
    20:53:43.0984 2480 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    20:53:43.0984 2480 WudfPf - ok
    20:53:44.0000 2480 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    20:53:44.0000 2480 WudfRd - ok
    20:53:44.0015 2480 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    20:53:44.0015 2480 WudfSvc - ok
    20:53:44.0078 2480 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    20:53:44.0093 2480 WZCSVC - ok
    20:53:44.0171 2480 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    20:53:44.0171 2480 xmlprov - ok
    20:53:44.0203 2480 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    20:53:44.0250 2480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    20:53:44.0250 2480 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    20:53:44.0281 2480 Boot (0x1200) (3fcdddab4f35a1210d9e28fe8729ffdd) \Device\Harddisk0\DR0\Partition0
    20:53:44.0296 2480 \Device\Harddisk0\DR0\Partition0 - ok
    20:53:44.0296 2480 ============================================================
    20:53:44.0296 2480 Scan finished
    20:53:44.0296 2480 ============================================================
    20:53:44.0296 3224 Detected object count: 1
    20:53:44.0296 3224 Actual detected object count: 1
    20:54:06.0781 3224 \Device\Harddisk0\DR0\# - copied to quarantine
    20:54:06.0781 3224 \Device\Harddisk0\DR0 - copied to quarantine
    20:54:06.0796 3224 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    20:54:06.0796 3224 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    20:54:06.0828 3224 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    20:54:06.0828 3224 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    20:54:06.0843 3224 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    20:54:06.0843 3224 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    20:54:06.0890 3224 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    20:54:06.0890 3224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    20:54:06.0890 3224 \Device\Harddisk0\DR0 - ok
    20:54:07.0984 3224 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    20:54:12.0796 3512 Deinitialize success
     
  11. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good :)

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ==========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  12. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    When I hit Ctrl + C the screen turns white, I open the Notepad and hit Cntrl +V it eerily looks like the TDSS log-- Is that correct?
     
  13. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    duplicate
     
  14. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    That was TDSSKiller log.

    On your desktop you should see bootkit_remover_debug_log.txt file.
    Post its content.
     
  15. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-07 21:14:37
    -----------------------------
    21:14:37.203 OS Version: Windows 5.1.2600 Service Pack 3
    21:14:37.203 Number of processors: 2 586 0xF0D
    21:14:37.203 ComputerName: ELLIOTT UserName:
    21:14:37.859 Initialize success
    21:17:27.312 AVAST engine defs: 12060701
    21:17:44.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    21:17:44.453 Disk 0 Vendor: WDC_WD1600AAJS-75PSA0 05.06H05 Size: 152587MB BusType: 3
    21:17:44.484 Disk 0 MBR read successfully
    21:17:44.484 Disk 0 MBR scan
    21:17:44.546 Disk 0 Windows XP default MBR code
    21:17:44.546 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
    21:17:44.562 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 96390
    21:17:44.562 Disk 0 scanning sectors +312496380
    21:17:44.687 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:17:55.671 Service scanning
    21:18:11.453 Modules scanning
    21:18:18.687 Disk 0 trace - called modules:
    21:18:18.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    21:18:18.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d87ab8]
    21:18:18.703 3 CLASSPNP.SYS[f7572fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d3cd98]
    21:18:19.312 AVAST engine scan C:\WINDOWS
    21:18:27.281 AVAST engine scan C:\WINDOWS\system32
    21:20:55.046 AVAST engine scan C:\WINDOWS\system32\drivers
    21:21:12.390 AVAST engine scan C:\Documents and Settings\Carmen 2
    21:22:59.500 AVAST engine scan C:\Documents and Settings\All Users
    21:23:50.375 Scan finished successfully
    21:25:01.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carmen 2\Desktop\MBR.dat"
    21:25:01.671 The log file has been saved successfully to "C:\Documents and Settings\Carmen 2\Desktop\aswMBR.txt"
     
  16. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    .\debug.cpp(238) : Debug log started at 08.06.2012 - 01:11:59
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"
    .\debug.cpp(256) : 0xf7a32000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
    .\debug.cpp(256) : 0xf7942000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0xf7403000 0x0002e000 "ACPI.sys"
    .\debug.cpp(256) : 0xf7a34000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
    .\debug.cpp(256) : 0xf73f2000 0x00011000 "pci.sys"
    .\debug.cpp(256) : 0xf7532000 0x0000a000 "isapnp.sys"
    .\debug.cpp(256) : 0xf7afa000 0x00001000 "pciide.sys"
    .\debug.cpp(256) : 0xf77b2000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
    .\debug.cpp(256) : 0xf7542000 0x0000b000 "MountMgr.sys"
    .\debug.cpp(256) : 0xf73d3000 0x0001f000 "ftdisk.sys"
    .\debug.cpp(256) : 0xf7a36000 0x00002000 "dmload.sys"
    .\debug.cpp(256) : 0xf73ad000 0x00026000 "dmio.sys"
    .\debug.cpp(256) : 0xf77ba000 0x00005000 "PartMgr.sys"
    .\debug.cpp(256) : 0xf7552000 0x0000d000 "VolSnap.sys"
    .\debug.cpp(256) : 0xf7395000 0x00018000 "atapi.sys"
    .\debug.cpp(256) : 0xf7562000 0x00009000 "disk.sys"
    .\debug.cpp(256) : 0xf7572000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0xf7375000 0x00020000 "fltmgr.sys"
    .\debug.cpp(256) : 0xf7363000 0x00012000 "sr.sys"
    .\debug.cpp(256) : 0xf734d000 0x00016000 "DRVMCDB.SYS"
    .\debug.cpp(256) : 0xf7582000 0x00009000 "PxHelp20.sys"
    .\debug.cpp(256) : 0xf7336000 0x00017000 "KSecDD.sys"
    .\debug.cpp(256) : 0xf72a9000 0x0008d000 "Ntfs.sys"
    .\debug.cpp(256) : 0xf727c000 0x0002d000 "NDIS.sys"
    .\debug.cpp(256) : 0xf7262000 0x0001a000 "Mup.sys"
    .\debug.cpp(256) : 0xf75a2000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0xf70fd000 0x0010c000 "\SystemRoot\system32\DRIVERS\igxpmp32.sys"
    .\debug.cpp(256) : 0xf70e9000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0xf78a2000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
    .\debug.cpp(256) : 0xf70c5000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0xf78aa000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0xf709d000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
    .\debug.cpp(256) : 0xf7073000 0x0002a000 "\SystemRoot\system32\DRIVERS\b57xp32.sys"
    .\debug.cpp(256) : 0xf78b2000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
    .\debug.cpp(256) : 0xf705f000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
    .\debug.cpp(256) : 0xf75b2000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
    .\debug.cpp(256) : 0xf79fe000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
    .\debug.cpp(256) : 0xf75c2000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
    .\debug.cpp(256) : 0xf7a5e000 0x00002000 "\SystemRoot\System32\Drivers\DLACDBHM.SYS"
    .\debug.cpp(256) : 0xf75d2000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0xf75e2000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
    .\debug.cpp(256) : 0xf703c000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0xf7c29000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
    .\debug.cpp(256) : 0xf75f2000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0xf7a06000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0xf7025000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0xf7602000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0xf7612000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0xf78ba000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0xf7014000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
    .\debug.cpp(256) : 0xf7622000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
    .\debug.cpp(256) : 0xf78c2000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
    .\debug.cpp(256) : 0xf78ca000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
    .\debug.cpp(256) : 0xf6fe4000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
    .\debug.cpp(256) : 0xf7632000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0xf78d2000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0xf78da000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0xf7a60000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0xf6f5e000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
    .\debug.cpp(256) : 0xf7a26000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0xf7652000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0xf7662000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0xf7a62000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0xa9f22000 0x00040000 "\SystemRoot\system32\drivers\ADIHdAud.sys"
    .\debug.cpp(256) : 0xa9efe000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0xf7672000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0xa9dfe000 0x00060000 "\SystemRoot\system32\drivers\Senfilt.sys"
    .\debug.cpp(256) : 0xf78e2000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
    .\debug.cpp(256) : 0xf79da000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
    .\debug.cpp(256) : 0xf78f2000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0xf7a68000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0xf7b9c000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0xf7a6a000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0xf7902000 0x00006000 "\SystemRoot\System32\Drivers\DLARTL_M.SYS"
    .\debug.cpp(256) : 0xf790a000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0xf7912000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0xf7a6c000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
    .\debug.cpp(256) : 0xf7a6e000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0xf791a000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0xf7922000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0xf79ea000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
    .\debug.cpp(256) : 0xa9da3000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
    .\debug.cpp(256) : 0xa9d4a000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
    .\debug.cpp(256) : 0xa9cfa000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0xa9cd4000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
    .\debug.cpp(256) : 0xa8ff2000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
    .\debug.cpp(256) : 0xf76b2000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0xa8fc7000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0xa8f57000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0xf76c2000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
    .\debug.cpp(256) : 0xf76d2000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0xf6fd0000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
    .\debug.cpp(256) : 0xf7932000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
    .\debug.cpp(256) : 0xf6fcc000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
    .\debug.cpp(256) : 0xf76e2000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0xf77ca000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
    .\debug.cpp(256) : 0xf7712000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
    .\debug.cpp(256) : 0xf722d000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
    .\debug.cpp(256) : 0xf7229000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0xa8f17000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
    .\debug.cpp(256) : 0xf7a80000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
    .\debug.cpp(256) : 0xbf800000 0x001c7000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0xa9dd6000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0xf77fa000 0x00005000 "\SystemRoot\System32\watchdog.sys"
    .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
    .\debug.cpp(256) : 0xf7b37000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
    .\debug.cpp(256) : 0xbf022000 0x00027000 "\SystemRoot\System32\igxpgd32.dll"
    .\debug.cpp(256) : 0xbf012000 0x00010000 "\SystemRoot\System32\igxprd32.dll"
    .\debug.cpp(256) : 0xbf049000 0x0013d000 "\SystemRoot\System32\igxpdv32.DLL"
    .\debug.cpp(256) : 0xbf186000 0x00200000 "\SystemRoot\System32\igxpdx32.DLL"
    .\debug.cpp(256) : 0xbf386000 0x00047000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0xa8e73000 0x00004000 "\??\C:\WINDOWS\system32\drivers\mbam.sys"
    .\debug.cpp(256) : 0xa9e9e000 0x0000b000 "\SystemRoot\System32\Drivers\DRVNDDM.SYS"
    .\debug.cpp(256) : 0xf7bc3000 0x00001000 "\SystemRoot\System32\DLA\DLADResM.SYS"
    .\debug.cpp(256) : 0xa8dbf000 0x00018000 "\SystemRoot\System32\DLA\DLAIFS_M.SYS"
    .\debug.cpp(256) : 0xf7812000 0x00005000 "\SystemRoot\System32\DLA\DLAOPIOM.SYS"
    .\debug.cpp(256) : 0xf7a9e000 0x00002000 "\SystemRoot\System32\DLA\DLAPoolM.SYS"
    .\debug.cpp(256) : 0xf781a000 0x00007000 "\SystemRoot\System32\DLA\DLABMFSM.SYS"
    .\debug.cpp(256) : 0xf7822000 0x00007000 "\SystemRoot\System32\DLA\DLABOIOM.SYS"
    .\debug.cpp(256) : 0xa8da9000 0x00016000 "\SystemRoot\System32\DLA\DLAUDFAM.SYS"
    .\debug.cpp(256) : 0xa8d92000 0x00017000 "\SystemRoot\System32\DLA\DLAUDF_M.SYS"
    .\debug.cpp(256) : 0xa8e13000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0xa8b35000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
    .\debug.cpp(256) : 0xa8a58000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
    .\debug.cpp(256) : 0xa8e97000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
    .\debug.cpp(256) : 0xf7aca000 0x00002000 "\??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys"
    .\debug.cpp(256) : 0xa86d5000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xa7f58000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
    .\debug.cpp(256) : 0xa7d79000 0x00009000 "\SystemRoot\system32\DRIVERS\ipfltdrv.sys"
    .\debug.cpp(256) : 0xa7a6d000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000029"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b0dc341a-1879-11e1-a80b-001aa0dbdc06}"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
    .\debug.cpp(400) : Destination "\Device\Ip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&23116b25&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
    .\debug.cpp(400) : Destination "\Device\Parallel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000028"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_01DA1028&REV_02#3&172e68dd&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
    .\debug.cpp(400) : Destination "\Device\IPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_2003#5&18e0a94f&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
    .\debug.cpp(400) : Destination "\Device\NDProxy"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
    .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&2b8fcfeb&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&40094b8&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\FloppyPDO0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_01DA1028&REV_02#3&172e68dd&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
    .\debug.cpp(400) : Destination "\Device\Serial0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{23996D71-0B1E-411E-B2B2-E59EDF8353F5}"
    .\debug.cpp(400) : Destination "\Device\{23996D71-0B1E-411E-B2B2-E59EDF8353F5}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000037"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_01DA1028&REV_02#3&172e68dd&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
    .\debug.cpp(400) : Destination "\Device\Usbscan0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3828bed4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
    .\debug.cpp(400) : Destination "\Device\IPNAT"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
    .\debug.cpp(400) : Destination "\Device\PSched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#8&2b8fcfeb&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
    .\debug.cpp(400) : Destination "\Device\I2OExec"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Dell&Prod_USB_Mass_Storage&Rev_1.00#7&2af10d4b&0&88ZLGB1&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000067"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2992&SUBSYS_01DA1028&REV_02#3&172e68dd&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000002d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination "\Device\VideoPdo0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&6ba2591&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPFILTERDRIVER"
    .\debug.cpp(400) : Destination "\Device\IPFILTERDRIVER"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature41AB2316Offset2F10C00Length253DB0EC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000002c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000002b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_167A&SUBSYS_01DA1028&REV_02#4&21e4e6e0&0&00E4#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
    .\debug.cpp(400) : Destination "\Device\sysaudio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E6984F7-592D-47F6-98D0-801C944188C5}"
    .\debug.cpp(400) : Destination "\Device\{8E6984F7-592D-47F6-98D0-801C944188C5}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_01DA1028&REV_02#3&172e68dd&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-H31N_______________B109____#5&1a4d1015&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
    .\debug.cpp(400) : Destination "\Device\USBFDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&64061ba&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
    .\debug.cpp(400) : Destination "\Device\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{a8bdfc47-9b46-4bc3-97ea-7d092a5c1b72}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
    .\debug.cpp(400) : Destination "\Device\USBFDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvnddm"
    .\debug.cpp(400) : Destination "\Device\drvnddm"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-H31N_______________B109____#5&1a4d1015&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
    .\debug.cpp(400) : Destination "\Device\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c408#5&198140ad&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1ecb9431-8c9b-11dc-a5e3-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_413c&Pid_5115&MI_02#7&719cf89&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000066"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1ecb9430-8c9b-11dc-a5e3-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&61efccb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2c6be34e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_11D4&DEV_1983&SUBSYS_102801DA&REV_1004#4&33439bc3&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{99805ECF-EE0C-47CB-AFA1-A37216867C24}"
    .\debug.cpp(400) : Destination "\Device\{99805ECF-EE0C-47CB-AFA1-A37216867C24}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_413c&Pid_2003#6&9f75d98&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000068"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000027"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_5115#88ZLGB1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_413c&Pid_2003#6&9f75d98&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000068"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD1600AAJS-75PSA0___________________05.06H05#5&7935f70&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{1ecb9432-8c9b-11dc-a5e3-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\Floppy0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&25ebac29&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
    .\debug.cpp(400) : Destination "\Device\00000052"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
    .\debug.cpp(400) : Destination "\Device\Floppy0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NdisWanIp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c408#6&d0567be&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_01DA1028&REV_02#3&172e68dd&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
    .\debug.cpp(400) : Destination "\Device\ParTechInc0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000002a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_01DA1028&REV_02#3&172e68dd&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
    .\debug.cpp(400) : Destination "\Device\00000031"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
    .\debug.cpp(400) : Destination "\Device\DmLoader"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
    .\debug.cpp(400) : Destination "\Device\ParTechInc1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
    .\debug.cpp(400) : Destination "\Device\Parallel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
    .\debug.cpp(400) : Destination "\Device\IPMULTICAST"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
    .\debug.cpp(400) : Destination "\Device\NdisTapi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : Device "\GLOBAL??\DLAIFS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
    .\debug.cpp(400) : Destination "\Device\drvmcdb"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
    .\debug.cpp(400) : Destination "\Device\ParTechInc2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
    .\debug.cpp(400) : Destination "\Device\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1b8e453e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD+-RW_GSA-H31N_______________B109____#5&1a4d1015&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
    .\debug.cpp(400) : Destination "\Device\LanmanRedirector"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\FtControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&10671e48&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector"
    .\debug.cpp(400) : Destination "\Device\MBAMProtector"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BASFND"
    .\debug.cpp(400) : Destination "\Device\BASFND"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2993&SUBSYS_01DA1028&REV_02#3&172e68dd&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000030"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c408#6&d0567be&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_5115&MI_00#6&3819bf4c&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\00000060"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6AFC366D-296E-4803-8210-5117A775E02D}"
    .\debug.cpp(400) : Destination "\Device\{6AFC366D-296E-4803-8210-5117A775E02D}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000002f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
    .\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_01DA1028&REV_02#3&172e68dd&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_413c&Pid_5115&MI_01#6&3819bf4c&0&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
    .\debug.cpp(400) : Destination "\Device\00000061"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Those look good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  18. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    ComboFix 12-06-07.04 - Carmen 2 06/07/2012 21:48:20.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.542 [GMT -4:00]
    Running from: c:\documents and settings\Carmen 2\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Carmen 2\Application Data\PriceGong
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\2229.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\407.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\4436.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\I.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\Carmen 2\Application Data\PriceGong\Data\z.txt
    c:\windows\system32\Cache
    c:\windows\system32\Cache\077c683d500ebf65.fb
    c:\windows\system32\Cache\103bd32941421ab2.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2ab1dd6fe84f5db3.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\Cache\ea87f5ec972ce832.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-08 00:54 . 2012-06-08 00:54 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-03 02:50 . 2012-06-03 02:50 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2012-06-02 20:15 . 2012-06-02 20:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2012-06-02 20:15 . 2012-06-02 20:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-02 20:15 . 2012-06-02 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-06-02 20:15 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-31 00:06 . 2012-05-31 00:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2012-05-31 00:06 . 2012-05-31 00:06 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-30 00:58 . 2012-05-30 00:58 -------- d-----w- c:\program files\Windows Sidebar
    2012-05-29 03:45 . 2012-05-30 02:16 -------- d-----w- c:\documents and settings\Carmen 2
    2012-05-29 03:03 . 2012-05-29 03:03 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
    2012-05-29 00:43 . 2012-05-29 00:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2012-05-29 00:40 . 2012-05-29 00:40 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2012-05-29 00:04 . 2012-05-29 00:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2012-05-28 23:42 . 2012-05-28 23:42 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
    2012-05-28 23:42 . 2012-05-28 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
    2012-05-28 23:42 . 2012-05-28 23:42 -------- d-----w- c:\program files\SpeedyPC Software
    2012-05-28 16:11 . 2012-05-28 16:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-04 17:16 . 2012-04-11 17:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 17:16 . 2011-11-26 23:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-04 17:16 . 2012-05-04 17:16 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-04-11 13:14 . 2004-08-11 21:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12 . 2004-08-11 21:00 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35 . 2004-08-04 02:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-21 01:19 . 2012-05-31 00:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\Productivity_3\prxtbPro2.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}"= "c:\program files\Productivity_3\prxtbPro2.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588}"= "c:\program files\Productivity_3\prxtbPro2.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1fca4df8-9acd-4dfb-89cc-ddd0082fc588}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "NCNETWORKSDM"="c:\program files\NCNETWORKSDM\bin\sprtcmd.exe" [2010-06-17 206120]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
    2004-02-19 09:23 61440 ----a-w- c:\dell\bldbubg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
    2007-01-26 13:08 18944 ----a-w- c:\dell\E-Center\EULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2006-07-21 20:50 86016 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2006-07-21 20:48 98304 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 20:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 20:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2006-10-20 21:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2006-07-21 20:47 81920 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2006-05-01 12:07 843776 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-11-10 17:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2012-02-26 01:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\ReynoldsCommon\\ERAccess\\wIntegSM.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\WINDOWS\\system32\\dlcxcoms.exe"=
    "c:\\Rey\\Bin\\Umhwinmg.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5713:TCP"= 5713:TCP:*:Disabled:Reynolds5713
    "5713:UDP"= 5713:UDP:*:Disabled:Reynolds5713
    "5714:TCP"= 5714:TCP:*:Disabled:Reynolds5714
    "5714:UDP"= 5714:UDP:*:Disabled:Reynolds5714
    "5715:TCP"= 5715:TCP:*:Disabled:Reynolds5715
    "5715:UDP"= 5715:UDP:*:Disabled:Reynolds5715
    "5281:TCP"= 5281:TCP:*:Disabled:Reynolds5281
    "5281:UDP"= 5281:UDP:*:Disabled:Reynolds5281
    .
    R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
    R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/2/2012 4:15 PM 654408]
    R2 REY Install NT Service;REY Install NT Service;c:\rey\Bin\UcsInSvc.exe [9/10/2010 12:07 PM 98304]
    R2 sprtsvc_ncnetworksdm;SupportSoft Sprocket Service (ncnetworksdm);c:\program files\NCNETWORKSDM\bin\sprtsvc.exe [6/17/2010 4:59 AM 206120]
    R2 tgsrvc_ncnetworksdm;SupportSoft Repair Service (ncnetworksdm);c:\program files\NCNETWORKSDM\bin\tgsrvc.exe [6/17/2010 4:59 AM 185640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/2/2012 4:15 PM 22344]
    S2 gupdate1ca27f0cb39b8f4;Google Update Service (gupdate1ca27f0cb39b8f4);c:\program files\Google\Update\GoogleUpdate.exe [8/28/2009 11:04 AM 133104]
    S2 REY PSCVersionService;REY PSCVersionService;c:\rey\bin\PscVersionService.exe --> c:\rey\bin\PscVersionService.exe [?]
    S2 UCS Install NT Service;UCS Install NT Service;c:\ucc\Services\UcsInSvc.exe --> c:\ucc\Services\UcsInSvc.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 1:17 PM 257696]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/28/2009 11:04 AM 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/30/2012 8:06 PM 129976]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 17:16]
    .
    2012-06-08 c:\windows\Tasks\AVG PC Tuneup Integrator Start On Paul Logon.job
    - c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-03-28 21:20]
    .
    2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-28 15:04]
    .
    2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-28 15:04]
    .
    2012-05-28 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
    .
    2012-05-30 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
    .
    2012-05-28 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Carmen 2\Application Data\Mozilla\Firefox\Profiles\dhvcimm2.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-07 21:54
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-06-07 21:55:52
    ComboFix-quarantined-files.txt 2012-06-08 01:55
    .
    Pre-Run: 142,526,308,352 bytes free
    Post-Run: 143,515,611,136 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 268A70DE099657469FC3BAB160611F2E
     
  19. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Looks good.

    How is computer doing?

    You're not running any AV program.
    Install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
    Update, run full scan, report on any findings.

    ================================================================================

    Uninstall SpeedyPC Pro.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =======================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    Avast did not find anything. I initially installed Norton 360 but it slowed my system way down again nad it had the PC tuneup which was ill advised. I was unable to remove it to I removed Norton 360 and installed avast. I also removed speedy PC Pro. ran OTL-- logs to follow
     
  21. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    OTL logfile created on: 6/7/2012 11:58:41 PM - Run 1
    OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\Carmen 2\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.54 Mb Total Physical Memory | 350.57 Mb Available Physical Memory | 34.59% Memory free
    2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.26% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 132.99 Gb Free Space | 89.27% Space Free | Partition Type: NTFS

    Computer Name: ELLIOTT | User Name: Carmen 2 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/07 23:57:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen 2\Desktop\OTL.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2011/07/29 16:06:54 | 000,098,304 | ---- | M] (UCS) -- C:\Rey\Bin\UcsInSvc.exe
    PRC - [2011/06/09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2010/06/17 04:59:54 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\NCNETWORKSDM\bin\tgsrvc.exe
    PRC - [2010/06/17 04:59:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\NCNETWORKSDM\bin\sprtsvc.exe
    PRC - [2010/06/17 04:59:28 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\NCNETWORKSDM\bin\sprtcmd.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2006/11/03 18:07:04 | 000,537,480 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcxcoms.exe
    PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/07 17:50:38 | 001,768,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12060701\algo.dll
    MOD - [2012/05/11 03:07:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    MOD - [2012/05/11 03:07:25 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/11 03:07:14 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2011/02/19 22:35:02 | 000,015,872 | ---- | M] () -- C:\Rey\Bin\reyconfig.dll
    MOD - [2010/04/13 15:04:39 | 000,019,456 | ---- | M] () -- C:\Rey\Bin\UCSString.dll
    MOD - [2009/08/08 01:44:36 | 000,049,152 | ---- | M] () -- C:\Rey\Bin\IntelDis.dll
    MOD - [2006/10/20 21:05:50 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxprpr.dll
    MOD - [2006/10/20 02:34:34 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxdrui.dll
    MOD - [2006/10/20 02:33:28 | 000,117,760 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll
    MOD - [2006/09/06 07:13:14 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcxcfg.dll
    MOD - [2006/08/18 13:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\UCC\Services\UcsInSvc.exe -- (UCS Install NT Service)
    SRV - File not found [Auto | Stopped] -- C:\rey\bin\PscVersionService.exe -- (REY PSCVersionService)
    SRV - [2012/05/04 13:16:17 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV - [2011/07/29 16:06:54 | 000,098,304 | ---- | M] (UCS) [Auto | Running] -- C:\Rey\Bin\UcsInSvc.exe -- (REY Install NT Service)
    SRV - [2010/06/17 04:59:54 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\NCNETWORKSDM\bin\tgsrvc.exe -- (tgsrvc_ncnetworksdm) SupportSoft Repair Service (ncnetworksdm)
    SRV - [2010/06/17 04:59:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\NCNETWORKSDM\bin\sprtsvc.exe -- (sprtsvc_ncnetworksdm) SupportSoft Sprocket Service (ncnetworksdm)
    SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2006/11/03 18:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dlcxcoms.exe -- (dlcx_device)
    SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CARMEN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/03/06 19:04:25 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/06 19:03:23 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
    DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/03/06 18:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
    DRV - [2006/08/28 02:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
    DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071024
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...04ee51b5401&lang=en&ds=AVG&pr=pr&d=2011-12-28 00:53:45&v=11.0.0.9&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/07 23:42:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/30 20:06:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/06/02 20:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carmen 2\Application Data\Mozilla\Extensions
    [2012/05/30 20:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

    O1 HOSTS File: ([2012/06/07 21:54:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Productivity 3 Toolbar) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbPro2.dll (Conduit Ltd.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (Productivity 3 Toolbar) - {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - C:\Program Files\Productivity_3\prxtbPro2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\..\Toolbar\WebBrowser: (Productivity 3 Toolbar) - {1FCA4DF8-9ACD-4DFB-89CC-DDD0082FC588} - C:\Program Files\Productivity_3\prxtbPro2.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NCNETWORKSDM] C:\Program Files\NCNETWORKSDM\bin\sprtcmd.exe (SupportSoft, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-279607682-2533331918-2848403705-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194376528525 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1194376586009 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23996D71-0B1E-411E-B2B2-E59EDF8353F5}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    Continued in next post-
     
  22. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/07 23:56:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carmen 2\Desktop\OTL.exe
    [2012/06/07 23:48:48 | 000,112,984 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
    [2012/06/07 23:48:36 | 000,196,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
    [2012/06/07 23:48:35 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
    [2012/06/07 23:48:32 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
    [2012/06/07 23:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
    [2012/06/07 23:42:39 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/06/07 23:42:39 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/06/07 23:42:35 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/06/07 23:42:35 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/06/07 23:42:34 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/06/07 23:42:33 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/06/07 23:42:33 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/06/07 23:42:30 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/06/07 23:42:04 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/06/07 23:42:03 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/06/07 23:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/06/07 23:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/06/07 21:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\PriceGong
    [2012/06/07 21:46:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/06/07 21:45:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/06/07 21:45:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/06/07 21:45:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/06/07 21:45:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/06/07 21:45:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/06/07 21:45:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/07 21:44:30 | 004,539,477 | R--- | C] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\ComboFix.exe
    [2012/06/07 21:14:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Carmen 2\Desktop\aswMBR.exe
    [2012/06/07 21:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Desktop\bootkit_remover
    [2012/06/07 20:54:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/06/07 20:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Desktop\tdsskiller
    [2012/06/07 20:40:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Administrative Tools
    [2012/06/07 20:38:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\dds.scr
    [2012/06/07 19:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Adobe
    [2012/06/02 20:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Mozilla
    [2012/06/02 20:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Mozilla
    [2012/06/02 19:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Malwarebytes
    [2012/06/02 16:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/02 16:15:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/06/02 16:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/06/02 16:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/05/30 20:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/05/30 20:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
    [2012/05/30 20:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/05/29 21:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\My Documents\Symantec
    [2012/05/29 20:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
    [2012/05/29 16:42:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carmen 2\PrivacIE
    [2012/05/28 23:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Sun
    [2012/05/28 23:49:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carmen 2\IECompatCache
    [2012/05/28 23:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Adobe
    [2012/05/28 23:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Conduit
    [2012/05/28 23:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Google
    [2012/05/28 23:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Productivity_3
    [2012/05/28 23:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\SupportSoft
    [2012/05/28 23:45:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carmen 2\IETldCache
    [2012/05/28 23:45:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft
    [2012/05/28 23:45:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carmen 2\Application Data
    [2012/05/28 23:45:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Favorites
    [2012/05/28 23:45:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carmen 2\Cookies
    [2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Macromedia
    [2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Application Data\Identities
    [2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Google
    [2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Desktop
    [2012/05/28 23:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\ApplicationHistory
    [2012/05/28 23:45:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carmen 2\SendTo
    [2012/05/28 23:45:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Carmen 2\Recent
    [2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Startup
    [2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Start Menu
    [2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\My Documents\My Videos
    [2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\My Documents\My Pictures
    [2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\My Documents\My Music
    [2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\My Documents
    [2012/05/28 23:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Accessories
    [2012/05/28 23:45:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Carmen 2\Templates
    [2012/05/28 23:45:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Carmen 2\PrintHood
    [2012/05/28 23:45:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Carmen 2\NetHood
    [2012/05/28 23:45:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Carmen 2\Local Settings
    [2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Roxio
    [2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\PowerDVD DX
    [2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\My Documents\My Google Gadgets
    [2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\Microsoft
    [2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Dell Accessories
    [2012/05/28 23:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carmen 2\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
    [2012/05/28 20:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2012/05/28 20:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2012/05/28 20:39:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2012/05/28 20:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2012/05/28 19:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
    [2012/05/28 11:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/05/28 11:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/05/14 16:06:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/07 23:57:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen 2\Desktop\OTL.exe
    [2012/06/07 23:50:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/06/07 23:50:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/07 23:50:14 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Paul Logon.job
    [2012/06/07 23:50:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/06/07 23:50:02 | 1062,846,464 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/07 23:48:35 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/06/07 23:46:37 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2012/06/07 23:22:28 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/07 23:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/06/07 21:54:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/06/07 21:46:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/06/07 21:44:43 | 004,539,477 | R--- | M] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\ComboFix.exe
    [2012/06/07 21:25:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\MBR.dat
    [2012/06/07 21:14:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Carmen 2\Desktop\aswMBR.exe
    [2012/06/07 21:05:32 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\bootkit_remover.zip
    [2012/06/07 20:50:24 | 002,108,959 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\tdsskiller.zip
    [2012/06/07 20:38:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\dds.scr
    [2012/06/06 14:57:20 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/06/02 16:15:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/30 20:06:12 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/05/29 00:19:17 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\My Computer.lnk
    [2012/05/28 23:46:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/05/28 23:46:08 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Desktop\Windows Media Player.lnk
    [2012/05/24 01:24:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2012/05/24 01:24:24 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/05/11 03:28:22 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/05/11 03:06:42 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/05/11 03:06:42 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/05/11 03:03:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/07 23:46:37 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
    [2012/06/07 21:46:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/06/07 21:46:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/06/07 21:45:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/06/07 21:45:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/06/07 21:45:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/06/07 21:45:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/06/07 21:45:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/06/07 21:25:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\MBR.dat
    [2012/06/07 21:05:32 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\bootkit_remover.zip
    [2012/06/07 20:50:14 | 002,108,959 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\tdsskiller.zip
    [2012/06/06 14:37:02 | 1062,846,464 | -HS- | C] () -- C:\hiberfil.sys
    [2012/06/02 16:15:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/30 20:06:12 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/05/30 20:06:12 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/05/29 00:19:17 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\My Computer.lnk
    [2012/05/28 23:46:08 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Windows Media Player.lnk
    [2012/05/28 23:46:08 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\Windows Media Player.lnk
    [2012/05/28 23:45:12 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/05/28 23:45:12 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/05/28 23:45:12 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Desktop\Help and Support.lnk
    [2012/05/28 23:45:12 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2012/05/28 23:45:11 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Remote Assistance.lnk
    [2012/05/28 23:45:11 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Internet Explorer.lnk
    [2012/05/28 23:45:11 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Carmen 2\Start Menu\Programs\Outlook Express.lnk
    [2012/05/28 14:53:31 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/02/14 21:03:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/07 18:48:28 | 000,331,264 | ---- | C] () -- C:\WINDOWS\System32\DS600WIA.dll
    [2010/11/04 14:48:04 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll

    ========== LOP Check ==========

    [2011/11/26 19:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
    [2012/06/07 23:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/11/26 19:57:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/05/29 20:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/02/07 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PENTAX
    [2011/08/05 16:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Reynolds
    [2009/02/18 17:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Snap-on Business Solutions
    [2012/06/07 23:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
    [2012/01/20 21:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2012/06/07 23:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carmen 2\Application Data\PriceGong
    [2012/02/25 21:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AVG Secure Search
    [2012/06/07 23:50:14 | 000,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup Integrator Start On Paul Logon.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/11/07 08:45:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/06/07 21:46:47 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/06/07 21:55:53 | 000,016,505 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/10/23 23:40:44 | 000,005,887 | RH-- | M] () -- C:\dell.sdr
    [2011/10/14 09:37:14 | 000,000,000 | ---- | M] () -- C:\EPC_CLIENT.LOG
    [2012/02/23 10:25:08 | 000,027,136 | ---- | M] () -- C:\FAX SHEET.doc
    [2012/06/07 23:50:02 | 1062,846,464 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:36:08 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/11 08:26:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/06/07 23:50:01 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2010/09/29 08:35:54 | 000,000,090 | ---- | M] () -- C:\Pcterm1.txt
    [2012/06/07 20:54:12 | 000,091,100 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_07.06.2012_20.53.23_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 17:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/10/20 02:33:28 | 000,117,760 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2005/10/14 23:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/11 08:30:33 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/05/28 23:46:15 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/11 17:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/07 21:14:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Carmen 2\Desktop\aswMBR.exe
    [2012/06/07 21:44:43 | 004,539,477 | R--- | M] (Swearware) -- C:\Documents and Settings\Carmen 2\Desktop\ComboFix.exe
    [2012/06/07 23:57:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carmen 2\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/07 23:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/06/07 23:50:14 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Paul Logon.job
    [2004/08/04 05:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/06/07 23:50:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/07 23:22:28 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/07 23:50:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/05/28 23:46:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Carmen 2\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/06/07 23:50:06 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Carmen 2\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-22 07:03:47

    < >
    < End of report >

    End OTL Txt log-- Ellca1012; Extras txt log to follow
     
  23. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    OTL Extras logfile created on: 6/7/2012 11:58:41 PM - Run 1
    OTL by OldTimer - Version 3.2.47.0 Folder = C:\Documents and Settings\Carmen 2\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.54 Mb Total Physical Memory | 350.57 Mb Available Physical Memory | 34.59% Memory free
    2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.26% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.96 Gb Total Space | 132.99 Gb Free Space | 89.27% Space Free | Partition Type: NTFS

    Computer Name: ELLIOTT | User Name: Carmen 2 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "5713:TCP" = 5713:TCP:*:Enabled:Reynolds5713
    "5713:UDP" = 5713:UDP:*:Enabled:Reynolds5713
    "5714:TCP" = 5714:TCP:*:Enabled:Reynolds5714
    "5714:UDP" = 5714:UDP:*:Enabled:Reynolds5714
    "5715:TCP" = 5715:TCP:*:Enabled:Reynolds5715
    "5715:UDP" = 5715:UDP:*:Enabled:Reynolds5715
    "5281:TCP" = 5281:TCP:*:Enabled:Reynolds5281
    "5281:UDP" = 5281:UDP:*:Enabled:Reynolds5281

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "5713:TCP" = 5713:TCP:*:Disabled:Reynolds5713
    "5713:UDP" = 5713:UDP:*:Disabled:Reynolds5713
    "5714:TCP" = 5714:TCP:*:Disabled:Reynolds5714
    "5714:UDP" = 5714:UDP:*:Disabled:Reynolds5714
    "5715:TCP" = 5715:TCP:*:Disabled:Reynolds5715
    "5715:UDP" = 5715:UDP:*:Disabled:Reynolds5715
    "5281:TCP" = 5281:TCP:*:Disabled:Reynolds5281
    "5281:UDP" = 5281:UDP:*:Disabled:Reynolds5281

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\ReynoldsCommon\ERAccess\wIntegSM.exe" = C:\ReynoldsCommon\ERAccess\wIntegSM.exe:*:Enabled:wIntegrate Session Manager -- (Rocket Software)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
    "C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Dell 926 Server -- ( )
    "C:\Rey\Bin\Umhwinmg.exe" = C:\Rey\Bin\Umhwinmg.exe:*:Disabled:Umhwinmg -- (UCS)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{05227385-5073-46ED-9035-B1910E2613CC}" = DSmobileSCAN II
    "{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{260EB1B5-AA50-4E04-ABA0-361F675213C4}_is1" = Frontier High Speed Internet
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3715EF4B-E9E6-462F-858A-F2E8F1C77170}" = Integration Assistant 3
    "{3D800710-5CB7-49EC-B5D1-5FC14E727025}" = StarPL
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{44F9B9B0-1725-421E-9377-8193E982CE2B}" = DSmobile 600
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{68C063CF-FF7D-49F3-AE93-ED0DA0EAE214}" = Vz In Home Agent
    "{704C2901-0E9C-4E4B-862B-2001DACA314B}" = Spinco Download Manager
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
    "{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "avast" = avast! Internet Security
    "Bell & Howell Product Licenser III" = ProQuest Product Licenser
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Productivity_3 Toolbar" = Productivity 3 Toolbar
    "Rhapsody" = Rhapsody
    "SearchAssist" = SearchAssist
    "SMGINSTL" = ERA Software Manager
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/2/2012 8:34:57 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11705
    Description = Product: Microsoft Office 2000 Professional -- Error 1705. A previous
    installation for this product is in progress. You must undo the changes made by
    that installation to continue. Do you want to undo those changes?

    Error - 6/2/2012 8:35:29 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    Error - 6/2/2012 8:35:36 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 Professional. The Windows
    installer cannot continue.

    Error - 6/2/2012 8:38:48 PM | Computer Name = ELLIOTT | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 6/2/2012 8:50:42 PM | Computer Name = ELLIOTT | Source = Application Hang | ID = 1002
    Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 6/2/2012 9:48:21 PM | Computer Name = ELLIOTT | Source = Broadcom ASF IP Monitor | ID = 0
    Description = !ERROR 53 Refreshing BMAPI data

    Error - 6/7/2012 8:56:58 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11705
    Description = Product: Microsoft Office 2000 Professional -- Error 1705. A previous
    installation for this product is in progress. You must undo the changes made by
    that installation to continue. Do you want to undo those changes?

    Error - 6/7/2012 8:57:01 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11705
    Description = Product: Microsoft Office 2000 Professional -- Error 1705. A previous
    installation for this product is in progress. You must undo the changes made by
    that installation to continue. Do you want to undo those changes?

    Error - 6/7/2012 8:57:05 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11705
    Description = Product: Microsoft Office 2000 Professional -- Error 1705. A previous
    installation for this product is in progress. You must undo the changes made by
    that installation to continue. Do you want to undo those changes?

    Error - 6/7/2012 11:42:18 PM | Computer Name = ELLIOTT | Source = MsiInstaller | ID = 11704
    Description = Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    -- Error 1704.An installation for Microsoft Office 2000 Professional is currently
    suspended. You must undo the changes made by that installation to continue. Do
    you want to undo those changes?

    [ System Events ]
    Error - 6/7/2012 11:24:38 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 6/7/2012 11:24:38 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
    Description = The REY PSCVersionService service failed to start due to the following
    error: %%2

    Error - 6/7/2012 11:24:38 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
    Description = The UCS Install NT Service service failed to start due to the following
    error: %%3

    Error - 6/7/2012 11:33:26 PM | Computer Name = ELLIOTT | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without
    first being prepared for removal.

    Error - 6/7/2012 11:35:29 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 6/7/2012 11:35:29 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
    Description = The REY PSCVersionService service failed to start due to the following
    error: %%2

    Error - 6/7/2012 11:35:29 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
    Description = The UCS Install NT Service service failed to start due to the following
    error: %%3

    Error - 6/7/2012 11:50:20 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 6/7/2012 11:50:20 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
    Description = The REY PSCVersionService service failed to start due to the following
    error: %%2

    Error - 6/7/2012 11:50:20 PM | Computer Name = ELLIOTT | Source = Service Control Manager | ID = 7000
    Description = The UCS Install NT Service service failed to start due to the following
    error: %%3


    < End of report >
     
  24. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    Computer is running much faster and seems to be back to where it was prior to my son's handywork, avast is active after OTL
     
  25. Ellca1012

    Ellca1012 TS Rookie Topic Starter Posts: 18

    Is my computer clean so I can go back to using it for important things like school, banking etc, without compromising my security?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...