[Solved] Being redirected, can't Windows Update or post to this site

Bobbye · Nov 23, 2010

I missed this earlier. AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated It's in the Combofix header, running in addition to Avast. I don't see any entries in the log. The program had a trial and if this is what you have, it can be removed. If you do not have it in the installed programs and it only appears in the header, I can remove it from there- If it's installed, follow this:

The Shield Deluxe 2010, powered by BitDefender: Removal:
Boot into Safe Mode

Restart your computer and start pressing the F8 key on your keyboard.

Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Open the control panel and select "Programs and Features" in Vista or "Add/Remove Programs" in older versions of Windows.

Find The Shield Deluxe in your list of available programs and click "Remove."

Read the choices in the uninstall wizard that pops up. Remove all aspects of the program, including definitions, the protected vaults and user configuration data.

Verify that the Shield Deluxe is not longer checked on the Startup menu

Wait until the wizard finishes, and then restart your computer into Normal Mode.

=========================================
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\windows\system32\lsp21.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
======================================
Download bootkitremover.rar and save it to your desktop.

Extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip

Double-click on the remover.exe file to run the program.

Paste the output in your next reply.

Rstynls · Nov 23, 2010

Logs

Posting this from infected computer, seeing if it works

Don't have Shield Deluxe installed

Things starting to seem more stable, something called PEV had an error and closed when combofix ran.

Logs: Log has been removed as it is unreadable with Word Wrap on. Member advised, scan being repeated.

ComboFix 10-11-23.01 - Tom 11/23/2010

Rstynls · Nov 23, 2010

Logs continued

It worked

BE0925924BB3CD5A60B396D50C7B3DC4

.\debug.cpp(238) : Debug log started at

24.11.2010 - 03:03:41
.\boot_cleaner.cpp(527) :

Bootkit Remover
.\boot_cleaner.cpp(528) : (c)

2009 eSage Lab
.\boot_cleaner.cpp(529) :

www.esagelab.com
.\boot_cleaner.cpp(533) :

Program version: 1.2.0.0
.\boot_cleaner.cpp(540)

: OS Version: Microsoft Windows XP Home Edition

Service Pack 3 (build 2600)
.\debug.cpp(248) :

**********************************************
.\debug.cpp(249) : *** [ LOADED MODULES

INFORMATION ] ***********
.\debug.cpp(250) :

**********************************************
.\debug.cpp(256) : 0x804d7000 0x001f8980

"\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806d0000 0x00020300

"\WINDOWS\system32\hal.dll"
.\debug.cpp(256) :

0xf7ad0000 0x00002000

"\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) :

0xf79e0000 0x00003000

"\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256)

: 0xf74a1000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7ad2000 0x00002000

"\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7490000 0x00011000

"pci.sys"
.\debug.cpp(256) : 0xf75d0000

0x0000a000 "isapnp.sys"
.\debug.cpp(256) :

0xf75e0000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf75f0000 0x0000e000

"\WINDOWS\System32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf7ad4000 0x00002000

"viaide.sys"
.\debug.cpp(256) : 0xf7850000

0x00007000

"\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf7600000 0x0000b000

"MountMgr.sys"
.\debug.cpp(256) : 0xf7471000

0x0001f000 "ftdisk.sys"
.\debug.cpp(256) :

0xf7858000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf7610000 0x0000d000

"VolSnap.sys"
.\debug.cpp(256) : 0xf7620000

0x0000b000 "iviVD.sys"
.\debug.cpp(256) :

0xf7459000 0x00018000

"\WINDOWS\System32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0xf7441000 0x00018000

"atapi.sys"
.\debug.cpp(256) : 0xf742e000

0x00013000 "VIASRAID.SYS"
.\debug.cpp(256) :

0xf7630000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7640000 0x0000d000

"\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf740e000 0x00020000

"fltmgr.sys"
.\debug.cpp(256) : 0xf73fc000

0x00012000 "sr.sys"
.\debug.cpp(256) :

0xf7860000 0x00005000 "PxHelp20.sys"
.\debug.cpp(256) : 0xf73e5000 0x00017000

"KSecDD.sys"
.\debug.cpp(256) : 0xf7358000

0x0008d000 "Ntfs.sys"
.\debug.cpp(256) :

0xf732b000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf7311000 0x0001a000

"Mup.sys"
.\debug.cpp(256) : 0xf7650000

0x0000c000 "gagp30kx.sys"
.\debug.cpp(256) :

0xeb2e2000 0x002b3000

"\SystemRoot\System32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xeb2ce000 0x00014000

"\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf7730000 0x00010000

"\SystemRoot\System32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xec9aa000 0x00006000

"\SystemRoot\system32\DRIVERS\RTL8139.SYS"
.\debug.cpp(256) : 0xeb250000 0x0007e000

"\SystemRoot\system32\drivers\ctaud2k.sys"
.\debug.cpp(256) : 0xeb22c000 0x00024000

"\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf77e0000 0x0000f000

"\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xeb209000 0x00023000

"\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0xeb1d5000 0x00034000

"\SystemRoot\system32\drivers\ctoss2k.sys"
.\debug.cpp(256) : 0xebe1d000 0x00008000

"\SystemRoot\system32\drivers\ctprxy2k.sys"
.\debug.cpp(256) : 0xecb05000 0x00003000

"\SystemRoot\System32\DRIVERS\gameenum.sys"
.\debug.cpp(256) : 0xf7800000 0x0000b000

"\SystemRoot\System32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xecb01000 0x00003000

"\SystemRoot\system32\drivers\iviaspi.sys"
.\debug.cpp(256) : 0xeb1c4000 0x00011000

"\SystemRoot\System32\Drivers\Cdr4_xp.SYS"
.\debug.cpp(256) : 0xf7810000 0x00010000

"\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf77c0000 0x0000f000

"\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xebe15000 0x00006000

"\SystemRoot\System32\Drivers\Cdralw2k.SYS"
.\debug.cpp(256) : 0xeb1a7000 0x0001d000

"\SystemRoot\System32\Drivers\pwd_2k.SYS"
.\debug.cpp(256) : 0xebe0d000 0x00006000

"\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xebe05000 0x00006000

"\SystemRoot\System32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xeb183000 0x00024000

"\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xebdfd000 0x00008000

"\SystemRoot\System32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xebdf5000 0x00007000

"\SystemRoot\System32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xeb16f000 0x00014000

"\SystemRoot\System32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf7750000 0x00010000

"\SystemRoot\System32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xecaf5000 0x00004000

"\SystemRoot\System32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xf7760000 0x00009000

"\SystemRoot\System32\DRIVERS\processr.sys"
.\debug.cpp(256) : 0xeb9eb000 0x00001000

"\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xeb15d000 0x00012000

"\SystemRoot\System32\DRIVERS\bridge.sys"
.\debug.cpp(256) : 0xebded000 0x00005000

"\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xebc40000 0x0000d000

"\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xecae9000 0x00003000

"\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xeb146000 0x00017000

"\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xebc30000 0x0000b000

"\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xebc20000 0x0000c000

"\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xeb135000 0x00011000

"\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xebc10000 0x00009000

"\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xebde5000 0x00005000

"\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xebddd000 0x00005000

"\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xebc00000 0x0000a000

"\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xebdd5000 0x00006000

"\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xeb8ca000 0x00006000

"\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf7ade000 0x00002000

"\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xeb0d7000 0x0005e000

"\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xecae5000 0x00004000

"\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xeb8c2000 0x00006000

"\SystemRoot\System32\Drivers\mmc_2K.SYS"
.\debug.cpp(256) : 0xebbf0000 0x0000a000

"\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xeb0ac000 0x0002b000

"\SystemRoot\system32\drivers\hap16v2k.sys"
.\debug.cpp(256) : 0xebaa6000 0x0010a000

"\SystemRoot\system32\drivers\ha10kx2k.sys"
.\debug.cpp(256) : 0xeb07d000 0x0002f000

"\SystemRoot\system32\drivers\emupia2k.sys"
.\debug.cpp(256) : 0xeb054000 0x00029000

"\SystemRoot\system32\drivers\ctsfm2k.sys"
.\debug.cpp(256) : 0xeba0a000 0x0009c000

"\SystemRoot\system32\drivers\ctac32k.sys"
.\debug.cpp(256) : 0xeb039000 0x0001b000

"\SystemRoot\system32\COMMONFX.DLL"
.\debug.cpp(256) : 0xebd29000 0x0008b000

"\SystemRoot\system32\CTAUDFX.DLL"
.\debug.cpp(256) : 0xebc9b000 0x0008e000

"\SystemRoot\system32\CTSBLFX.DLL"
.\debug.cpp(256) : 0xebbe0000 0x0000f000

"\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xedb24000 0x00002000

"\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xeb8ba000 0x00005000

"\SystemRoot\System32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0xedb22000 0x00002000

"\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7c02000 0x00001000

"\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xedb20000 0x00002000

"\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xeb8aa000 0x00007000

"\SystemRoot\System32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xeb8a2000 0x00006000

"\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xedb1e000 0x00002000

"\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xedb1c000 0x00002000

"\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xeb5af000 0x00040000

"\SystemRoot\System32\Drivers\cdudf_xp.SYS"
.\debug.cpp(256) : 0xeb6a7000 0x00024000

"\SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS"
.\debug.cpp(256) : 0xeb89a000 0x00005000

"\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xeb892000 0x00008000

"\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xeb7f5000 0x00035000

"\SystemRoot\System32\Drivers\UdfReadr_xp.SYS"
.\debug.cpp(256) : 0xf7acc000 0x00003000

"\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xeb86f000 0x00013000

"\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xebf78000 0x00059000

"\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xebbb0000 0x0000a000

"\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0xeb847000 0x00028000

"\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xf72e1000 0x00003000

"\SystemRoot\System32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0xeb8ec000 0x00022000

"\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xeb67f000 0x00009000

"\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xeb9bc000 0x0002b000

"\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xebf08000 0x00070000

"\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xeb66f000 0x0000b000

"\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xebc5a000 0x00026000

"\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xeb65f000 0x00009000

"\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xeb64f000 0x0000f000

"\SystemRoot\System32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xebee1000 0x00027000

"\SystemRoot\System32\Drivers\aswSP.SYS"
.\debug.cpp(256) : 0xeb882000 0x00006000

"\SystemRoot\System32\Drivers\Aavmker4.SYS"
.\debug.cpp(256) : 0xeb61f000 0x00010000

"\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xebe62000 0x0007f000

"\SystemRoot\system32\DRIVERS\rt2870.sys"
.\debug.cpp(256) : 0xf78e0000 0x00008000

"\SystemRoot\System32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xf6c5e000 0x00004000

"\SystemRoot\System32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xf5c9a000 0x00007000

"\SystemRoot\System32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xf7a8c000 0x00003000

"\SystemRoot\System32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xeb60f000 0x00009000

"\SystemRoot\System32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf7a74000 0x00004000

"\SystemRoot\System32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xf7a78000 0x00004000

"\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0xeb8d9000 0x00013000

"\SystemRoot\System32\Drivers\dump_viasraid.sys"
.\debug.cpp(256) : 0xbf800000 0x001c5000

"\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf7a84000 0x00003000

"\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf78c0000 0x00005000

"\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000

"\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7cc4000 0x00001000

"\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00391000

"\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000

"\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xf09c8000 0x00003000

"\SystemRoot\System32\Drivers\aswFsBlk.SYS"
.\debug.cpp(256) : 0xf1169000 0x00005000

"\SystemRoot\system32\DRIVERS\AegisP.sys"
.\debug.cpp(256) : 0xf2e54000 0x00004000

"\SystemRoot\System32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xec710000 0x00017000

"\SystemRoot\System32\Drivers\aswMon2.SYS"
.\debug.cpp(256) : 0xf3f9d000 0x0000f000

"\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xec044000 0x00015000

"\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xec7b6000 0x0002d000

"\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xf24b3000 0x00002000

"\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xf78e8000 0x00005000

"\SystemRoot\System32\drivers\aspi32.sys"
.\debug.cpp(256) : 0xec065000 0x00003000

"\??\C:\WINDOWS\System32\drivers\CdaD10BA.SYS"
.\debug.cpp(256) : 0xf11c9000 0x00002000

"\SystemRoot\System32\Drivers\MASPINT.SYS"
.\debug.cpp(256) : 0xec813000 0x00058000

"\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xecace000 0x00017000

"\??\C:\WINDOWS\System32\drivers\PfModNT.sys"
.\debug.cpp(256) : 0xecb27000 0x00041000

"\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xeda67000 0x00003000

"\SystemRoot\System32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xf1189000 0x00005000

"\SystemRoot\System32\Drivers\aswRdr.SYS"
.\debug.cpp(256) : 0xed3c4000 0x00002000

"\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS"
.\debug.cpp(256) : 0xeb8b2000 0x00008000

"\??\C:\DOCUME~1\Tom\LOCALS~1\Temp\catchme.sys"
.\debug.cpp(256) : 0xecd87000 0x0002b000

"\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000

"\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) :

**********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS

INFORMATION ] ***********
.\debug.cpp(308) :

**********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination

"\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Volume{0caa2527-b2bd-11dc-94b9-000ea6

4e849f}"
.\debug.cpp(400) : Destination

"\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#Vid_045e&Pid_001c#5&3278073a&0&2#

{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination

"\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#Vid_040a&Pid_4032&MI_02#7&2bade5b

3&2&0002#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination

"\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination

"\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\IDE#CdRomSONY_DVD-ROM_DDU1612________

____________DYS3____#5&6a6be80&0&0.1.0#{53f56308

-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400)

: Destination "\Device\Ide\IdeDeviceP1T1L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Root#MS_PSCHEDMP#0004#{ad498944-762f-

11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\00000043"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Scsi3:"
.\debug.cpp(400) :

Destination "\Device\Scsi\viasraid1"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Volume{8e0fd423-0531-11db-9c39-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\HarddiskVolume1"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :

Destination "\Device\Video0"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_808A1043

&REV_80#3&267a616a&0&38#{6bdd1fc1-810f-11d0-bec7

-08002be2092f}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ASWSP"
.\debug.cpp(400) :

Destination "\Device\aswSP"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-

90d9-421418b03a8e}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\SCSI#CdRom&Ven_IVI&Prod_Virtual_CD&Re

v_0.5a#1&2afd7d61&0&000#{53f56308-b6bf-11d0-94f2

-00a0c91efb8b}"
.\debug.cpp(400) : Destination

"\Device\Scsi\iviVD1Port0Path0Target0Lun0"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Volume{e86c4cb7-4511-11d9-8ffa-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\HarddiskVolume1"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :

Destination "\Device\Video1"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043

&REV_81#3&267a616a&0&80#{3abf6f2d-71c4-462a-8a92

-1e6861e6af27}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-

762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\0000003e"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Volume{dd7a9ac3-4545-11d9-a0d5-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\aswSP_Pot2"
.\debug.cpp(400) : Destination

"\Device\aswSP_Pot2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :

Destination "\Device\Video2"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\E:"
.\debug.cpp(400) : Destination

"\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&6edbab&0&0

#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination

"\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\IPSECDev"
.\debug.cpp(400) :

Destination "\Device\IPSEC"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :

Destination "\Device\Video3"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\CTAUDFX.DLL"
.\debug.cpp(400) :

Destination "\Device\CTAUDFX.DLL"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f

-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\0000003d"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\V1394#NIC1394#593734e01800#{ad498944-

762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\00000069"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\CDR4_XP"
.\debug.cpp(400) :

Destination "\Device\CDR4_XP"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HID#Vid_046d&Pid_c501#6&491ecb8&0&000

0#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination

"\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\NDPROXY"
.\debug.cpp(400) :

Destination "\Device\NDProxy"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ASWMON"
.\debug.cpp(400) :

Destination "\Device\aswMon"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_20021102

&REV_04#3&267a616a&0&70#{dda54a40-1e4c-11d1-a050

-405705c10000}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-

11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :

Destination "\Device\00000047"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HID#Vid_046d&Pid_c501#6&491ecb8&0&000

0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination

"\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#ROOT_HUB#4&467fdfe&0#{f18a0e88-c3

0c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :

Destination "\Device\USBPDO-0"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) :

Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-

b40f-00a0c9223196}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1102&DEV_4001&SUBSYS_00101102

&REV_04#3&267a616a&0&72#{6bdd1fc1-810f-11d0-bec7

-08002be2092f}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination

"\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\SCSI#CdRom&Ven_IVI&Prod_Virtual_CD&Re

v_0.5a#1&2afd7d61&0&000#{53f5630d-b6bf-11d0-94f2

-00a0c91efb8b}"
.\debug.cpp(400) : Destination

"\Device\Scsi\iviVD1Port0Path0Target0Lun0"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination

"\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_20021102

&REV_04#3&267a616a&0&70#{dff220f3-f70f-11d0-b917

-00a0c9223196}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\COM1"
.\debug.cpp(400) : Destination

"\Device\Serial1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\V1394#NIC1394#51069f3223c01#{ad498944

-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400)

: Destination "\Device\0000006a"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-

b917-00a0c9223196}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\COM2"
.\debug.cpp(400) : Destination

"\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\{151F8550-BBF5-4F6E-96BA-D998840E2E02

}"
.\debug.cpp(400) : Destination

"\Device\{151F8550-BBF5-4F6E-96BA-D998840E2E02}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :

Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\HID#Vid_045e&Pid_001d&MI_01&Col02#8&4

a0078c&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000

030}"
.\debug.cpp(400) : Destination

"\Device\00000083"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Usbscan0"
.\debug.cpp(400) :

Destination "\Device\Usbscan0"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0

407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c

5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination

"\Device\KSENUM#00000001"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-

a5d6-28db04c10000}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#Vid_045e&Pid_001d#6&22c12eed&0&1#

{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination

"\Device\USBPDO-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\UdfReadr_XP"
.\debug.cpp(400) :

Destination "\Device\UdfReadr_XP"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043

&REV_81#3&267a616a&0&83#{3abf6f2d-71c4-462a-8a92

-1e6861e6af27}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Volume{ef5e205f-4544-11d9-997e-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\HarddiskVolume1"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\IDE#CdRomSONY_DVD-ROM_DDU1612________

____________DYS3____#5&6a6be80&0&0.1.0#{53f5630d

-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400)

: Destination "\Device\Ide\IdeDeviceP1T1L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\PfModNT"
.\debug.cpp(400) : Destination

"\Device\PfModNT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PSched"
.\debug.cpp(400) :

Destination "\Device\PSched"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Usbscan1"
.\debug.cpp(400) :

Destination "\Device\Usbscan1"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Volume{d3438a5a-4516-11d9-8378-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\UNC"
.\debug.cpp(400) : Destination

"\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\IPNAT"
.\debug.cpp(400) :

Destination "\Device\IPNAT"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HAP16V2K"
.\debug.cpp(400) :

Destination "\Device\HAP16V2K"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :

Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-

a3cc-00a0c9223196}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination

"\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ASWTDI"
.\debug.cpp(400) :

Destination "\Device\ASWTDI"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HID#Vid_045e&Pid_001d&MI_00#8&24b85c9

d&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination

"\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination

"\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043

&REV_81#3&267a616a&0&81#{3abf6f2d-71c4-462a-8a92

-1e6861e6af27}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\{B12488EA-F0D0-4BE5-A74E-17283D9459A0

}"
.\debug.cpp(400) : Destination

"\Device\{B12488EA-F0D0-4BE5-A74E-17283D9459A0}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\{EEF58D39-4FA6-42ED-8F65-F8961947706E

}"
.\debug.cpp(400) : Destination

"\Device\{EEF58D39-4FA6-42ED-8F65-F8961947706E}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination

"\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination

"\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\EMUPIA"
.\debug.cpp(400) :

Destination "\Device\EMUPIA"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\AegisP_{739A61E4-B24F-4826-A90D-706B6

E1C9246}"
.\debug.cpp(400) : Destination

"\Device\AegisP_{739A61E4-B24F-4826-A90D-706B6E1

C9246}"
.\debug.cpp(409) : --
.\debug.cpp(369)

: SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400)

: Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\DVDVRRdr_XP"
.\debug.cpp(400) : Destination

"\Device\DVDVRRdr_XP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-76

2f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\00000044"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

Rstynls · Nov 23, 2010

More logs

"\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Mod

el_5#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination

"\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\IVIaspi0"
.\debug.cpp(400) :

Destination "\Device\IVIaspi0"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :

Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\HID#Vid_045e&Pid_001d&MI_00#8&24b85c9

d&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination

"\Device\00000081"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination

"\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PRN"
.\debug.cpp(400) : Destination

"\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-

a5d6-28db04c10000}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination

"\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\sysaudio"
.\debug.cpp(400) :

Destination "\Device\sysaudio"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\fsWrap"
.\debug.cpp(400) :

Destination "\Device\FsWrap"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-

11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\00000042"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-

a3ea-00a0c9223196}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-

11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\00000040"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\CdRom0"
.\debug.cpp(400) :

Destination "\Device\CdRom0"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination

"\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\MbMmDp32"
.\debug.cpp(400) :

Destination "\Device\MbMmDp32"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1186&DEV_1300&SUBSYS_13011186

&REV_10#3&267a616a&0&60#{ad498944-762f-11d0-8dcb

-00c04fc3358c}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\{9F0A51CA-7F03-4E1E-9AE5-5F6774947D28

}"
.\debug.cpp(400) : Destination

"\Device\{9F0A51CA-7F03-4E1E-9AE5-5F6774947D28}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\{A9850E1D-EBF3-4D30-AA6A-54CA75D115E2

}"
.\debug.cpp(400) : Destination

"\Device\{A9850E1D-EBF3-4D30-AA6A-54CA75D115E2}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400)

: Destination "\Device\CdRom1"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#ROOT_HUB#4&2d491760&0#{f18a0e88-c

30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :

Destination "\Device\USBPDO-1"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Global"
.\debug.cpp(400) :

Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\{9D1E06C5-D35E-490C-B535-96BE7A5E96E2

}"
.\debug.cpp(400) : Destination

"\Device\{9D1E06C5-D35E-490C-B535-96BE7A5E96E2}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\CdRom2"
.\debug.cpp(400)

: Destination "\Device\CdRom2"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d5

3-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400)

: Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-b

e5e-00a0c9062857}"
.\debug.cpp(400) :

Destination "\Device\00000050"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\AegisP_{8BCD12CD-A96A-411A-B624-EFAF4

0C2E99C}"
.\debug.cpp(400) : Destination

"\Device\AegisP_{8BCD12CD-A96A-411A-B624-EFAF40C

2E99C}"
.\debug.cpp(409) : --
.\debug.cpp(369)

: SymbolicLink

"\GLOBAL??\Volume{8e0fd421-0531-11db-9c39-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9c

e4-08003e301f73}"
.\debug.cpp(400) :

Destination "\Device\00000068"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) :

Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0

407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c

50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination

"\Device\KSENUM#00000001"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9c

e4-08003e301f73}"
.\debug.cpp(400) :

Destination "\Device\00000067"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_80ED1043

&REV_86#3&267a616a&0&84#{3abf6f2d-71c4-462a-8a92

-1e6861e6af27}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_80ED1043

&REV_81#3&267a616a&0&82#{3abf6f2d-71c4-462a-8a92

-1e6861e6af27}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\COMMONFX.DLL"
.\debug.cpp(400) :

Destination "\Device\COMMONFX.DLL"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-

8161-0000f8775bf1}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-

a5d6-28db04c10000}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-

9285-bd2bc77afcde}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1106&DEV_3149&SUBSYS_80ED1043

&REV_80#3&267a616a&0&78#{2accfe60-c130-11d2-b082

-00a0c91efb8b}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#Vid_05e3&Pid_0608#5&f7be307&0&4#{

f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination

"\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_20021102

&REV_04#3&267a616a&0&70#{65e8773e-8f56-11d0-a3b9

-00a0c9223196}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ARP1394"
.\debug.cpp(400) :

Destination "\Device\ARP1394"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Bridge"
.\debug.cpp(400) :

Destination "\Device\Bridge"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\catchme"
.\debug.cpp(400) :

Destination "\Device\catchme"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_20021102

&REV_04#3&267a616a&0&70#{6994ad04-93ef-11d0-a3cc

-00a0c9223196}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#Vid_050d&Pid_8053#1.0#{ad498944-7

62f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\USBPDO-5"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bf

c1-08002be10318}"
.\debug.cpp(400) :

Destination "\Device\00000068"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#Vid_040a&Pid_4032&MI_01#7&2bade5b

3&2&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination

"\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\MbDlDp32"
.\debug.cpp(400) :

Destination "\Device\MbDlDp32"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\MountPointManager"
.\debug.cpp(400) :

Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature

2F7F2F7FOffset7E00Length37E4610400#{53f5630d-b6b

f-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :

Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\ASPINT"
.\debug.cpp(400)

: Destination "\Device\msfaspi"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\CdaD10BA"
.\debug.cpp(400) : Destination

"\Device\CdaD10BA"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0

407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c

50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination

"\Device\KSENUM#00000001"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\AAVMKER4"
.\debug.cpp(400) :

Destination "\Device\AavmKer4"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-7

62f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\0000003c"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74

a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :

Destination "\Device\00000051"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\WanArp"
.\debug.cpp(400) :

Destination "\Device\WANARP"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\CTPROXY"
.\debug.cpp(400) :

Destination "\Device\CTPROXY"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-

94f2-00a0c91efb8b}"
.\debug.cpp(400) :

Destination "\Device\00000002"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USNTracker"
.\debug.cpp(400) :

Destination "\Device\USNTracker"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Volume{389663ec-7ef9-11da-baf3-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HID#Vid_045e&Pid_001d&MI_01&Col01#8&4

a0078c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000

030}"
.\debug.cpp(400) : Destination

"\Device\00000082"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#Vid_046d&Pid_c501#5&3278073a&0&1#

{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination

"\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\{739A61E4-B24F-4826-A90D-706B6E1C9246

}"
.\debug.cpp(400) : Destination

"\Device\{739A61E4-B24F-4826-A90D-706B6E1C9246}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Volume{8e0fd422-0531-11db-9c39-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\LPTENUM#MicrosoftRawPort#5&1d62032d&0

&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination

"\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\CTSBLFX.DLL"
.\debug.cpp(400) :

Destination "\Device\CTSBLFX.DLL"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\{49A6E70C-0AFA-421D-9178-D479A58EE126

}"
.\debug.cpp(400) : Destination

"\Device\{49A6E70C-0AFA-421D-9178-D479A58EE126}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) :

Destination "\Device\Floppy0"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-

8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :

Destination "\Device\NdisWanIp"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\AegisP"
.\debug.cpp(400) :

Destination "\Device\AegisP"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-

8a2b-00a0c9255ac1}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0

407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf

6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination

"\Device\KSENUM#00000001"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Scsi0:"
.\debug.cpp(400) :

Destination "\Device\Scsi\iviVD1"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Volume{e86c4cb4-4511-11d9-8ffa-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\{8123F7A7-CFE3-4460-AA61-619CC6370263

}"
.\debug.cpp(400) : Destination

"\Device\{8123F7A7-CFE3-4460-AA61-619CC6370263}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\USB#ROOT_HUB#4&7d5b616&0#{f18a0e88-c3

0c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :

Destination "\Device\USBPDO-3"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1102&DEV_7003&SUBSYS_00401102

&REV_04#3&267a616a&0&71#{cae56030-684a-11d0-d6f6

-00a0c90f57da}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\1394BUS0"
.\debug.cpp(400) :

Destination "\Device\1394BUS0"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ACPI#PNP0400#1#{97f76ef0-f883-11d0-af

1f-0000f800845c}"
.\debug.cpp(400) :

Destination "\Device\00000064"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-

a5d6-28db04c10000}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-7

62f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :

Destination "\Device\0000003f"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PTILINK1"
.\debug.cpp(400) :

Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\1394BUS1"
.\debug.cpp(400) : Destination

"\Device\1394BUS1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-

9ced-00a024bf0407}"
.\debug.cpp(400) :

Destination "\Device\00000048"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Volume{389663ed-7ef9-11da-baf3-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#ROOT_HUB20#4&2556a5a7&0#{f18a0e88

-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400)

: Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination

"\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\NdisWan"
.\debug.cpp(400) :

Destination "\Device\NdisWan"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#Vid_040a&Pid_4032#C057636#{a5dcbf

10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination

"\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Scsi1:"
.\debug.cpp(400) :

Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination

"\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination

"\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\HA10KX2K"
.\debug.cpp(400) :

Destination "\Device\HA10KX2K"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PTILINK2"
.\debug.cpp(400) :

Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\IDE#CdRomPLEXTOR_CD-R___PREMIUM______

____________1.02____#5&6a6be80&0&0.0.0#{53f5630d

-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400)

: Destination "\Device\Ide\IdeDeviceP1T0L0-6"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\USB#Vid_040a&Pid_4032&MI_00#7&2bade5b

3&2&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination

"\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Shadow"
.\debug.cpp(400) :

Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bf

c1-08002be10318}"
.\debug.cpp(400) :

Destination "\Device\00000067"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_10DE&DEV_0333&SUBSYS_194E270F

&REV_A1#4&3600494a&0&0008#{5b45201d-f2f2-4f3b-85

bb-30ff1f953599}"
.\debug.cpp(400) :

Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination

"\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\pwd_2k"
.\debug.cpp(400) :

Destination "\Device\pwd_2k"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\SCSI#Disk&Ven_VIA_SATA&Prod__RAID_0&R

ev_#4&17c50b7c&0&000#{53f56307-b6bf-11d0-94f2-00

a0c91efb8b}"
.\debug.cpp(400) : Destination

"\Device\Scsi\viasraid1Port3Path0Target0Lun0"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400)

: Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination

"\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination

"\Device\HarddiskVolume1"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\CdUdf_XP"
.\debug.cpp(400) :

Destination "\Device\CdUdf_XP"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\ASWRDR"
.\debug.cpp(400) :

Destination "\Device\ASWRDR"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\aswSP_Avar"
.\debug.cpp(400) :

Destination "\Device\aswSP_Avar"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\USB#ROOT_HUB#4&1a8f66bb&0#{f18a0e88-c

30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :

Destination "\Device\USBPDO-2"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\CdaD23BA"
.\debug.cpp(400) :

Destination "\Device\CdaD23BA"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_20021102

&REV_04#3&267a616a&0&70#{65e8773d-8f56-11d0-a3b9

-00a0c9223196}"
.\debug.cpp(400) : Destination

"\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Volume{d3438a5d-4516-11d9-8378-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\HarddiskVolume1"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Volume{8e0fd420-0531-11db-9c39-806d61

72696f}"
.\debug.cpp(400) : Destination

"\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :

Destination "\Device\MailSlot"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\AUX"
.\debug.cpp(400) : Destination

"\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :

Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Ndisuio"
.\debug.cpp(400) :

Destination "\Device\Ndisuio"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1

-bc8c-00a0c91405dd}"
.\debug.cpp(400) :

Destination "\Device\00000046"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\Scsi2:"
.\debug.cpp(400) :

Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :

Destination "\Device\Null"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\{8BCD12CD-A96A-411A-B624-EFAF40C2E99C

}"
.\debug.cpp(400) : Destination

"\Device\{8BCD12CD-A96A-411A-B624-EFAF40C2E99C}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\IDE#CdRomPLEXTOR_CD-R___PREMIUM______

____________1.02____#5&6a6be80&0&0.0.0#{53f56308

-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400)

: Destination "\Device\Ide\IdeDeviceP1T0L0-6"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink

"\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1

-bc8c-00a0c91405dd}"
.\debug.cpp(400) :

Destination "\Device\00000045"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\USB#Vid_050d&Pid_8053#1.0#{a5dcbf10-6

530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :

Destination "\Device\USBPDO-5"
.\debug.cpp(409)

: --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\CTAC32K"
.\debug.cpp(400) :

Destination "\Device\CTAC32K"
.\debug.cpp(409) :

--
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\IDE#CdRomPLEXTOR_CD-R___PREMIUM______

____________1.02____#5&6a6be80&0&0.0.0#{1186654d

-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400)

: Destination "\Device\Ide\IdeDeviceP1T0L0-6"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\PROCEXP113"
.\debug.cpp(400) : Destination

"\Device\PROCEXP113"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink

"\GLOBAL??\{D7075411-6248-4E83-BA44-21DEA793D884

}"
.\debug.cpp(400) : Destination

"\Device\{D7075411-6248-4E83-BA44-21DEA793D884}"
.\debug.cpp(409) : --
.\debug.cpp(369) :

SymbolicLink "\GLOBAL??\CTSFM2K"
.\debug.cpp(400) : Destination

"\Device\CTSFM2K"
.\debug.cpp(409) : --
.\debug.cpp(453) :

**********************************************
.\boot_cleaner.cpp(565) : System volume is

\\.\C:
.\boot_cleaner.cpp(600) : \\.\C: ->

\\.\PhysicalDrive0 at offset

0x00000000`00007e00
.\diskio.cpp(204) :

ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is:

6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device

Name MBR Status
.\boot_cleaner.cpp(1062) :

--------------------------------------------
.\boot_cleaner.cpp(1106) : 223 GB

\\.\PhysicalDrive0 OK (DOS/Win32 Boot code

found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;

Bobbye · Nov 25, 2010

I've deleted the Combofix log as it is unreadable. When you open Notepad, first go to Format> Uncheck 'Word Wrap', then repeat this to generate new log:

Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
File::
c:\windows\system32\lsp21.tmp
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
You don't have to repeat the Bootscan, but any time you use NotePad for the logs, but sure that Word Wrap is unchecked
Note:
Combofix Log has been removed as it is unreadable with Word Wrap on. Member advised, scan being repeated.

Rstynls · Nov 26, 2010

Log

Note: Got "PEV.cfxxe encountered a problem and needs to close" while combofix was running

Log:

ComboFix 10-11-25.06 - Tom 11/26/2010 17:34:31.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.613 [GMT -8:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: The Shield Deluxe Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FILE ::
"c:\windows\system32\lsp21.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iexplore.sy_

.
((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-25 08:03 . 2010-11-25 08:04 -------- d-----w- c:\program files\iTunes
2010-11-25 07:56 . 2010-11-25 07:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-11-19 04:11 . 2010-11-19 04:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-11-19 04:11 . 2010-11-19 04:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-11-03 05:07 . 2010-11-03 05:07 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Mozilla Corporation
2010-11-02 01:33 . 2010-11-02 01:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-11-01 19:49 . 2010-11-01 19:49 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 19:49 . 2010-11-01 19:49 -------- d-----w- c:\program files\Trend Micro
2010-10-28 20:36 . 2010-10-28 20:36 -------- d-----w- C:\_OTM
2010-10-28 20:22 . 2010-10-28 20:22 -------- d-sh--w- c:\documents and settings\Tom\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-09-26 15:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2007-04-19 04:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2006-06-23 19:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-06-27 01:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-06-27 01:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-30 06:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-01 01:32 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-01 01:32 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-01 01:32 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-01 01:32 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-01 01:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-06-01 01:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-06-01 01:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-06-01 01:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-02 15:21 . 2010-09-26 03:29 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll
2010-09-02 15:17 . 2010-09-26 03:29 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-09-02 15:17 . 2010-09-26 03:29 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2010-09-01 11:51 . 2001-08-18 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2001-08-18 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-10-25_21.06.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-27 01:22 . 2010-11-27 01:22 16384 c:\windows\Temp\Perflib_Perfdata_ba8.dat
+ 2001-08-18 12:00 . 2010-11-08 06:57 72446 c:\windows\system32\perfc009.dat
- 2001-08-18 12:00 . 2010-10-08 06:28 72446 c:\windows\system32\perfc009.dat
+ 2010-11-25 08:00 . 2010-09-28 23:44 41984 c:\windows\system32\DRVSTORE\usbaapl_DECA0B114863448FE4957E5F5676B09528A18C9F\usbaapl.sys
+ 2010-11-25 08:00 . 2010-04-20 03:29 18432 c:\windows\system32\DRVSTORE\netaapl_A0C073C4137716F9478B8B08B2873A7AB3AECF72\netaapl.sys
- 2001-08-18 12:00 . 2010-10-08 06:28 443942 c:\windows\system32\perfh009.dat
+ 2001-08-18 12:00 . 2010-11-08 06:57 443942 c:\windows\system32\perfh009.dat
+ 2010-11-25 07:59 . 2010-11-25 07:59 811008 c:\windows\Installer\14173c0.msi
+ 2010-11-25 08:04 . 2010-11-25 08:04 380928 c:\windows\Installer\{FAE36873-1941-4076-A9A5-48812B5EA0B7}\iTunesIco.exe
+ 2010-11-25 08:00 . 2010-09-28 23:44 4184352 c:\windows\system32\DRVSTORE\usbaapl_DECA0B114863448FE4957E5F5676B09528A18C9F\usbaaplrc.dll
+ 2010-11-25 08:00 . 2010-04-20 03:29 1461992 c:\windows\system32\DRVSTORE\netaapl_A0C073C4137716F9478B8B08B2873A7AB3AECF72\wdfcoinstaller01009.dll
+ 2010-11-01 19:49 . 2010-11-01 19:49 1094656 c:\windows\Installer\9aa12.msi
+ 2010-11-25 08:04 . 2010-11-25 08:04 6237184 c:\windows\Installer\1417cb5.msi
+ 2010-11-25 08:00 . 2010-11-25 08:00 3085312 c:\windows\Installer\141740f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-07-19 62436]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-24 364544]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-12 1474560]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-30 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG.exe -on [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 viasraid;viasraid;c:\windows\system32\drivers\VIASRAID.SYS [5/13/2010 4:35 AM 77056]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2010 5:32 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2010 5:32 PM 17744]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 4:18 PM 308656]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/4/2004 9:17 AM 16168]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [12/23/2008 6:17 PM 552448]
.
Contents of the 'Scheduled Tasks' folder

2010-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - (no file)
AddRemove-Mozilla Firefox 4.0b7 (x86 en-US) - g:\files\Mozilla Firefox 4.0 Beta 6\uninstall\helper.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 17:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-11-26 17:42:34
ComboFix-quarantined-files.txt 2010-11-27 01:42
ComboFix2.txt 2010-11-24 02:59
ComboFix3.txt 2010-11-21 01:49
ComboFix4.txt 2010-11-19 04:33
ComboFix5.txt 2010-11-27 01:32

Pre-Run: 168,419,381,248 bytes free
Post-Run: 168,400,740,352 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 909BF64D0C4F464437FC5598B65B5C13

Bobbye · Nov 27, 2010

Please run this Custom CFScript

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code:
File::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]

SecCenter::
{6C4BB89C-B0ED-4F41-A29C-4373888923BB}
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Advise remove all from Trusted Zone:
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Internet Options (through Control Panel or Tools in IE)> Security tab< Trusted Sites> Sites> click on each Domain and remove> Click on Apply> OK whe through. The security settings are lower in this zone and nothing needs to be there,
=============================================
Download HijackThis and save to your desktop.

Extract it to a directory on your hard drive called c:\HijackThis.

Then navigate to that directory and double-click on the hijackthis.exe file.

When started click on the Scan button and then the Save Log button to create a log of your information.

The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

How is the system running now?

Rstynls · Dec 1, 2010

Logs

Running pretty smooth, haven't had any pop ups, crashes or virus alerts

Logs:

ComboFix 10-11-30.04 - Tom 11/30/2010 22:24:22.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.585 [GMT -8:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
.

2010-11-25 08:03 . 2010-11-25 08:04 -------- d-----w- c:\program files\iTunes
2010-11-25 07:56 . 2010-11-25 07:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-11-19 04:11 . 2010-11-19 04:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-11-19 04:11 . 2010-11-19 04:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-11-03 05:07 . 2010-11-03 05:07 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Mozilla Corporation
2010-11-02 01:33 . 2010-11-02 01:33 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-11-01 19:49 . 2010-11-01 19:49 388096 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-01 19:49 . 2010-11-01 19:49 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-09-26 15:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2007-04-19 04:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2006-06-23 19:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-06-27 01:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-06-27 01:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-30 06:13 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-01 01:32 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-01 01:32 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-01 01:32 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-01 01:32 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-01 01:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-06-01 01:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-06-01 01:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-06-01 01:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-02 15:21 . 2010-09-26 03:29 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll
2010-09-02 15:17 . 2010-09-26 03:29 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-09-02 15:17 . 2010-09-26 03:29 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-10-25_21.06.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-01 06:14 . 2010-12-01 06:14 16384 c:\windows\Temp\Perflib_Perfdata_a10.dat
+ 2001-08-18 12:00 . 2010-11-08 06:57 72446 c:\windows\system32\perfc009.dat
- 2001-08-18 12:00 . 2010-10-08 06:28 72446 c:\windows\system32\perfc009.dat
+ 2010-11-25 08:00 . 2010-09-28 23:44 41984 c:\windows\system32\DRVSTORE\usbaapl_DECA0B114863448FE4957E5F5676B09528A18C9F\usbaapl.sys
+ 2010-11-25 08:00 . 2010-04-20 03:29 18432 c:\windows\system32\DRVSTORE\netaapl_A0C073C4137716F9478B8B08B2873A7AB3AECF72\netaapl.sys
- 2001-08-18 12:00 . 2010-10-08 06:28 443942 c:\windows\system32\perfh009.dat
+ 2001-08-18 12:00 . 2010-11-08 06:57 443942 c:\windows\system32\perfh009.dat
+ 2010-11-25 07:59 . 2010-11-25 07:59 811008 c:\windows\Installer\14173c0.msi
+ 2010-11-25 08:04 . 2010-11-25 08:04 380928 c:\windows\Installer\{FAE36873-1941-4076-A9A5-48812B5EA0B7}\iTunesIco.exe
+ 2010-11-25 08:00 . 2010-09-28 23:44 4184352 c:\windows\system32\DRVSTORE\usbaapl_DECA0B114863448FE4957E5F5676B09528A18C9F\usbaaplrc.dll
+ 2010-11-25 08:00 . 2010-04-20 03:29 1461992 c:\windows\system32\DRVSTORE\netaapl_A0C073C4137716F9478B8B08B2873A7AB3AECF72\wdfcoinstaller01009.dll
+ 2010-11-01 19:49 . 2010-11-01 19:49 1094656 c:\windows\Installer\9aa12.msi
+ 2010-11-25 08:04 . 2010-11-25 08:04 6237184 c:\windows\Installer\1417cb5.msi
+ 2010-11-25 08:00 . 2010-11-25 08:00 3085312 c:\windows\Installer\141740f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Red Swoosh"="c:\program files\RSSoft\RedSwoosh.exe" [2007-07-19 62436]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-10-29 86016]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-25 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"DIGServices"="c:\program files\ESPNRunTime\DIGServices.exe" [2005-05-19 101888]
"WD Button Manager"="WDBtnMgr.exe" [2007-09-24 364544]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F5D8053v4\BelkinWCUI.exe [2009-1-12 1474560]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-30 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIxxXn]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG.exe -on [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 viasraid;viasraid;c:\windows\system32\drivers\VIASRAID.SYS [5/13/2010 4:35 AM 77056]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/31/2010 5:32 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/31/2010 5:32 PM 17744]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 4:18 PM 308656]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [12/4/2004 9:17 AM 16168]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [12/23/2008 6:17 PM 552448]
.
Contents of the 'Scheduled Tasks' folder

2010-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 22:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1800)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-30 22:32:25
ComboFix-quarantined-files.txt 2010-12-01 06:32
ComboFix2.txt 2010-11-27 01:42
ComboFix3.txt 2010-11-24 02:59
ComboFix4.txt 2010-11-21 01:49
ComboFix5.txt 2010-12-01 06:22

Pre-Run: 168,157,089,792 bytes free
Post-Run: 168,136,790,016 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A5E1E43C9576ACD4A832DC7CC8587CC1

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:05 PM, on 11/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Belkin\F5D8053v4\BelkinWCUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - Winlogon Notify: rqRIxxXn - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8413 bytes

Bobbye · Dec 1, 2010

Okay- please give me an update on your system. Do any of the original problems remain?

There is one entry I'd like you to check in the HJT log:
Please reopen HijackThis to 'do system scan only.' Check the following entry if present:

O20 - Winlogon Notify: rqRIxxXn - Invalid registry found

Close all Windows except HijackThis and click on "Fix Checked."

And I'd like you to check this entry:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCASUTIEXE]
TCAUDIAG.exe -on [X]

What it is for: TCAUDIAG -off or TCASUTIEXE

Filename: tcaudiag.exe
Description: Associated with the 3COM diagnostic module (3COM NIC Doctor). No further information is available.

The 'X' following this entry in Combofix indicates it's not being used or it possibly outdated. If you still have this on your system (it is set to start on boot,) see if there is a driver or firmware update for it:
http://support.3com.com/infodeli/tools/nic/3c509b/docs/ugb/ch6.htm
Go to the Control Panel> System> Hardware tab> Device Manager

Rstynls · Dec 5, 2010

Update

Original problems gone. (Haven't tried Windows Update yet)

Removed entry with HJT

Checked on that drver and it was disabled, no updates found.

When I clicked on that link I got redirected and now I can't right click with my mouse even after a system restart.

Tried the link again and it worked this time.

Bobbye · Dec 5, 2010

When you checked the driver in the Device Manager, was there an error icon like this?

I still have some concern about the 'invalid Registry entry" here: O20 - Winlogon Notify: rqRIxxXn - Invalid registry found. I can't remove it and I can't identify it. Please do this one more scan and see if it picks the entry up:

Download OTL from either of the links below and save it to your desktop.
Link 1
Link 2

Double click the OTL icon to run it.

The opened console will resemble this:

Set Output at the top to Minimal Output.

Check the boxes beside LOP Check and Purity Check.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

Make sure all other windows are closed and to let it run uninterrupted.

When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

It's possible the entry is from some third party program you have on the system and harmless.

Rstynls · Dec 9, 2010

Logs

For the 3COM there is a red X on it

OTL Log:

OTL logfile created on: 12/9/2010 7:55:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 495.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.57 Gb Total Space | 155.93 Gb Free Space | 69.75% Space Free | Partition Type: NTFS

Computer Name: GAME-MACHINE | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Belkin\F5D8053v4\Belkinwcui.exe (Belkin)
PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\RSSoft\RedSwoosh.exe ()
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files\ESPNRunTime\DIGServices.exe (Walt Disney Internet Group)
PRC - C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe (Roxio, Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
PRC - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ctagent.dll (Creative Technology Ltd)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\Tom\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (viasraid) -- C:\WINDOWS\SYSTEM32\DRIVERS\VIASRAID.SYS (VIA Technologies inc,.ltd)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (netr28u) -- C:\WINDOWS\system32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (PfDetNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (iviVD) -- C:\WINDOWS\System32\DRIVERS\iviVD.sys (InterVideo)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
DRV - (CdaD10BA) -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS (Macrovision Europe Ltd)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Sus2pl) -- C:\WINDOWS\system32\drivers\sus2pl.sys (Susteen)
DRV - (EL2000) -- C:\WINDOWS\system32\drivers\EL2K_XP.sys (3Com Corporation)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (DVDVRRdr_xp) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Roxio)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = Reg Error: Unknown registry data type

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: G:\Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: G:\Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: G:\Files\Mozilla Firefox 4.0 Beta 6\components
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: G:\Files\Mozilla Firefox 4.0 Beta 6\plugins

[2008/08/25 21:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2010/12/07 22:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\spxhd2wc.default\extensions
[2010/06/21 21:41:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\spxhd2wc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/07 22:00:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\spxhd2wc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/10/23 22:06:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\spxhd2wc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/17 23:03:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\spxhd2wc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/08/09 18:02:56 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\spxhd2wc.default\searchplugins\search.xml

O1 HOSTS File: ([2010/11/26 17:40:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O3 - HKCU\..\Toolbar\WebBrowser: (&ESPN) - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll (Walt Disney Internet Group)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe (Walt Disney Internet Group)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioAudioCentral] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe ()
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8053v4\Belkinwcui.exe (Belkin)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 68.87.69.150 68.87.85.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/03 13:23:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/09 19:54:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/12/06 23:11:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/25 00:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/24 23:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/11/20 17:54:11 | 001,339,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tom\Desktop\TDSSKiller.exe
[2010/11/18 20:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/11/18 20:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2004/12/04 09:17:09 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/12/09 19:54:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/12/09 19:47:07 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/09 19:46:59 | 004,933,048 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000004-20021102}.CDF
[2010/12/09 19:46:07 | 000,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/09 19:45:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/08 22:26:41 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000E-00001102-00000004-20021102}.rfx
[2010/12/08 22:26:41 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000E-00001102-00000004-20021102}.rfx
[2010/12/08 22:26:41 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000E-00001102-00000004-20021102}.rfx
[2010/12/08 22:26:40 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000E-00001102-00000004-20021102}.rfx
[2010/12/08 22:26:40 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000E-00001102-00000004-20021102}.rfx
[2010/12/08 22:26:23 | 004,933,048 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000E-00001102-00000004-20021102}.BAK
[2010/12/05 11:04:36 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\HiJackThis.lnk
[2010/11/30 22:21:32 | 003,982,986 | R--- | M] () -- C:\Documents and Settings\Tom\Desktop\ComboFix.exe
[2010/11/26 17:40:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/24 23:56:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/23 19:02:05 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\bootkit_remover.rar
[2010/11/20 17:52:34 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\tdsskiller.zip
[2010/11/17 18:29:09 | 1072,513,024 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/11/17 07:24:00 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tom\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2010/11/20 17:52:29 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\tdsskiller.zip
[2010/09/22 17:39:52 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\LaunchHomeCenter.log
[2010/04/17 23:33:42 | 000,000,894 | -HS- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\JH40y5L
[2010/04/17 23:33:42 | 000,000,894 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\JH40y5L
[2010/04/08 21:55:02 | 000,012,160 | -HS- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\6e6301sD6p
[2010/04/08 21:55:02 | 000,012,160 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6e6301sD6p
[2010/04/02 22:07:03 | 000,014,174 | -HS- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\Wv7V1mEL4UH
[2010/04/02 22:07:03 | 000,014,174 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Wv7V1mEL4UH
[2010/03/28 20:56:42 | 000,014,574 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\TA45p2
[2010/03/28 20:56:42 | 000,014,574 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\TA45p2
[2010/03/25 21:07:03 | 000,014,658 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\3121143946
[2010/03/25 21:07:03 | 000,014,658 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3121143946
[2010/03/25 16:43:22 | 000,014,484 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\2Q757bFxJ7S
[2010/03/25 16:43:22 | 000,014,484 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2Q757bFxJ7S
[2009/04/26 22:43:26 | 000,683,520 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/04/26 22:43:26 | 000,238,080 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/04/26 22:43:26 | 000,145,609 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/04/26 22:43:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/04/26 22:43:26 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/26 22:43:25 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/04/26 22:43:25 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/04/26 22:43:25 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/04/26 22:43:25 | 000,485,888 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/04/26 22:43:25 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/04/26 22:43:25 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2009/04/26 22:43:25 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/04/26 22:43:25 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/04/26 22:43:25 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/04/26 22:43:25 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/04/26 22:43:25 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/01/14 06:54:31 | 000,000,267 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/17 20:01:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/03/04 19:46:14 | 003,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2007/03/04 19:46:14 | 000,706,048 | ---- | C] () -- C:\WINDOWS\System32\libmcl-3.1.1.dll
[2007/03/04 19:46:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2006/12/09 13:37:21 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/09 13:31:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/12/03 00:03:52 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.SimImages
[2006/11/25 10:41:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/07 10:25:48 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/01/07 10:25:48 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/01/06 16:30:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/01/06 13:16:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\filter.drv
[2005/10/30 16:50:02 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2005/10/14 01:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 01:56:50 | 000,791,742 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 01:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/13 21:17:32 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/10 18:29:58 | 000,000,062 | ---- | C] () -- C:\WINDOWS\DpxCalendar.INI
[2005/08/10 18:21:59 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2005/07/18 20:10:35 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2005/06/26 15:38:08 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/06/26 15:27:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\Id3lib.dll
[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/06/06 22:10:38 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/05/14 18:13:46 | 000,000,266 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2005/04/16 13:55:25 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\fusioncache.dat
[2005/02/03 09:10:25 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\AdobeDLM.log
[2005/02/03 09:10:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\dm.ini
[2004/12/04 09:18:12 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/12/04 09:17:28 | 000,043,517 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2004/12/04 09:17:28 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/12/04 09:17:16 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/12/04 09:17:16 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2004/12/04 09:16:05 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/12/03 19:59:20 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/12/03 19:59:19 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/12/03 15:07:01 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/03 13:34:50 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\FASTWiz.html
[2004/12/03 13:32:08 | 000,020,551 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\FASTWiz.log
[2004/12/03 13:29:50 | 000,025,853 | R--- | C] () -- C:\WINDOWS\System32\sk98nt4.ini
[2004/12/03 13:29:50 | 000,025,853 | R--- | C] () -- C:\WINDOWS\System32\InstInfo.ini
[2004/12/03 13:29:01 | 000,003,983 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/12/03 13:29:00 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/12/03 08:11:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/27 04:13:54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004/01/27 04:13:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2002/05/15 16:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/05/04 06:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002/04/28 23:00:52 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2001/12/03 15:50:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 15:50:20 | 000,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2000/07/07 05:49:30 | 000,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 15:28:12 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 15:24:10 | 000,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1994/11/17 23:00:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2010/05/31 17:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/08 21:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/18 15:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/06/26 06:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/09/22 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2005/10/15 19:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
[2010/09/22 17:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2005/10/09 07:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2010/05/29 23:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/18 15:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Shield Deluxe
[2007/01/21 16:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 06:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/18 23:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 07:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 05:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/19 12:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\BitTorrent
[2008/06/22 20:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\eMule
[2005/10/15 19:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\ESPN
[2005/07/18 20:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FUJIFILM
[2006/02/26 19:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\GetBot
[2010/09/26 07:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\OpenOffice.org
[2005/05/15 15:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Opera
[2005/08/16 17:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Rstynls30
[2010/11/24 18:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Temp
[2010/04/18 15:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\The Shield Deluxe
[2007/01/21 16:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Viewpoint

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1

< End of report >

Rstynls · Dec 9, 2010

Logs continued

Extras Log:

OTL Extras logfile created on: 12/9/2010 7:55:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 495.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.57 Gb Total Space | 155.93 Gb Free Space | 69.75% Space Free | Partition Type: NTFS

Computer Name: GAME-MACHINE | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Files\Mozilla Firefox 4.0 Beta 6\firefox.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Files\Mozilla Firefox 4.0 Beta 6\firefox.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1EE39B32-BA05-433C-BC0D-35797518A3A5}" = EverQuest II
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28FA3609-B6E2-4BCA-B089-F5122AC417C5}" = Belkin N Wireless USB Adapter Setup
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA380EE-FD98-4C4A-A2F4-6332C93CE6A6}" = MidiNotate Musician
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F02C4F5-0FE6-42E0-B440-0E5D3F939790}" = DataPilot USB Driver Pack
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}" = Pixia
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-5464-3428-7E8A450000A7}" = Spelling Dictionaries For Adobe Reader Package
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B58436F5-EEC6-4005-A1B7-26597CD4B644}" = DataPilot
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}" = Master Cook Deluxe
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF59708F-60F4-11D5-866A-00A0D2183227}" = On2 VP3 Video for Windows Codec
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4831EF4-0B03-436A-9230-C01C182D9284}" = USB Universal Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3ComNicUnInstall" = 3Com NIC Diagnostics
"3ivx D4 4.5.1" = 3ivx D4 4.5.1 (remove only)
"AC3Filter" = AC3Filter (remove only)
"ACDSee" = ACDSee
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"AKoff Music Composer" = AKoff Music Composer
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"avast5" = avast! Free Antivirus
"AVI to MPEG Converter" = AVI to MPEG Converter
"AVIcodec" = AVIcodec (remove only)
"CleanUp!" = CleanUp!
"CodInstl" = Intel A/V Codecs V2.0
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DIVXCodec" = DivX Codec 3.1alpha release
"EQ2MAP Updater" = EQ2MAP Updater 0.9.7
"ESET Online Scanner" = ESET Online Scanner v3
"ESPN RunTime" = ESPN RunTime
"FavOrg" = FavOrg
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Forte Agent" = Forté Agent
"GetBot" = GetBot
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4F02C4F5-0FE6-42E0-B440-0E5D3F939790}" = DataPilot USB Driver Pack
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"InstallShield_{B58436F5-EEC6-4005-A1B7-26597CD4B644}" = DataPilot
"InstallShield_{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}" = MasterCook Deluxe
"InstallShield_{F4831EF4-0B03-436A-9230-C01C182D9284}" = USB Universal Driver
"Lexmark Z25-Z35" = Lexmark Z25-Z35
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"MP3 WAV Converter 2.68" = MP3 WAV Converter 2.68
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SimilarImages" = SimilarImages
"SkillJam SecurePlayer" = SkillJam SecurePlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster 4.1
"SysInfo" = Creative System Information
"The Blocklist Manager_is1" = BLM 2.5.3
"TVAnts 1.0" = TVAnts 1.0
"VCW VicMan's Photo Editor_is1" = VCW VicMan's Photo Editor 7.9
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ESPN Java Check" = ESPN Java Check
"Red Swoosh" = Red Swoosh

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2010 9:19:50 PM | Computer Name = GAME-MACHINE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 11/20/2010 9:19:51 PM | Computer Name = GAME-MACHINE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 11/20/2010 9:33:00 PM | Computer Name = GAME-MACHINE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/20/2010 9:34:30 PM | Computer Name = GAME-MACHINE | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

Error - 11/20/2010 9:57:15 PM | Computer Name = GAME-MACHINE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041F from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/22/2010 3:02:49 AM | Computer Name = GAME-MACHINE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041F from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/23/2010 10:51:44 PM | Computer Name = GAME-MACHINE | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

Error - 11/26/2010 9:23:05 PM | Computer Name = GAME-MACHINE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041F from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/26/2010 9:34:37 PM | Computer Name = GAME-MACHINE | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

Error - 12/1/2010 2:24:30 AM | Computer Name = GAME-MACHINE | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

[ System Events ]
Error - 12/9/2010 1:38:23 AM | Computer Name = GAME-MACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 12/9/2010 1:38:23 AM | Computer Name = GAME-MACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/9/2010 1:38:23 AM | Computer Name = GAME-MACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 12/9/2010 1:38:23 AM | Computer Name = GAME-MACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/9/2010 11:46:17 PM | Computer Name = GAME-MACHINE | Source = iviVD | ID = 262153
Description = The device, \Device\Scsi\iviVD1, did not respond within the timeout
period.

Error - 12/9/2010 11:46:58 PM | Computer Name = GAME-MACHINE | Source = Service Control Manager | ID = 7000
Description = The PfModNT service failed to start due to the following error: %%2

Error - 12/9/2010 11:46:59 PM | Computer Name = GAME-MACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 12/9/2010 11:46:59 PM | Computer Name = GAME-MACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 12/9/2010 11:46:59 PM | Computer Name = GAME-MACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/9/2010 11:46:59 PM | Computer Name = GAME-MACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

< End of report >

Bobbye · Dec 12, 2010

OTL Custom Scan Fixes

Run OTL

Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

Code:

:OTL
DRV - (catchme) -- C:\DOCUME~1\Tom\LOCALS~1\Temp\catchme.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = Reg Error: Unknown registry data type
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
FF - prefs.js..browser.search.selectedEngine: "Search"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {E3BB3F2A-8F67-4B96-A432-8190258C0FD1} - No CLSID value found.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
[2010/11/20 17:54:11 | 001,339,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tom\Desktop\TDSSKiller.exe
[2010/11/20 17:52:34 | 001,224,671 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\tdsskiller.zip
[2010/11/17 18:29:09 | 1072,513,024 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/11/17 07:24:00 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Tom\Desktop\TDSSKiller.exe
[2010/11/20 17:52:29 | 001,224,671 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\tdsskiller.zip
[2010/04/18 15:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\The Shield Deluxe
[2007/01/21 16:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Viewpoint
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F085C8A1
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
regfile [merge] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Viewpoint Manager" 
"ViewpointMediaPlayer" =-
:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run uninterrupted, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please let me know how the system is doing after you run this.

Bobbye · Dec 16, 2010

Please let me know status. I'll be closing this thread in one more day if there is no reply.

Rstynls · Dec 17, 2010

Status

Sorry, been out of town since Sunday, just got back. Will work on it as soon as I get settled. Thanks

Rstynls · Dec 19, 2010

Looks like OTL is getting stuck on something.

At bottom of program says "Processing Registry data regfile [merge] -- Reg Error: Key error...." Tried 3 times, 3rd time I let it go for 4 hours.

Do you want to change the code, or just want a new OTL log as it is now.

On side note, overall, computer seems to be running fine.

Bobbye · Dec 20, 2010

If the original problems have been resolved, you can remove all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.

Double click OTCleanIt.exe.

Click the CleanUp! button.

If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

Go to Start > All Programs > Accessories > System Tools

Click "System Restore".

Choose "Create a Restore Point" on the first screen then click "Next".

Give the Restore Point a name> click "Create".

Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

TechSpot

[Solved] Being redirected, can't Windows Update or post to this site

Bobbye Helper on the Fringe

Rstynls Newcomer, in training

Rstynls Newcomer, in training

Rstynls Newcomer, in training

Bobbye Helper on the Fringe

Rstynls Newcomer, in training

Bobbye Helper on the Fringe

Rstynls Newcomer, in training

Bobbye Helper on the Fringe

Rstynls Newcomer, in training

Bobbye Helper on the Fringe

Rstynls Newcomer, in training

Rstynls Newcomer, in training

Bobbye Helper on the Fringe

Bobbye Helper on the Fringe

Rstynls Newcomer, in training

Rstynls Newcomer, in training

Bobbye Helper on the Fringe