TechSpot

Lots of blue screens

By glhglh
Aug 23, 2010
  1. i've tried to follow the virus instructions,

    Scan virus' using Symantec, Clean.

    Each time i tried TCH, crash.

    Malwares: Clean
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/21/2010 11:48:19 PM
    mbam-log-2010-08-21 (23-48-19).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 255471
    Time elapsed: 1 hour(s), 12 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    each time i try to run gmer, the computer crashes
    I've tried about 10 times, running as administrator, unchecking devices, all of the above, always a crash.



    DSS:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by administrator at 22:24:27.53 on Sun 08/22/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1362 [GMT -7:00]

    AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\TightVNC\WinVNC.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\PrnPack.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\administrator.HEDRICK\Desktop\Virus Programs\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.msn.com
    uDefault_Page_URL = hxxp://www.msn.com
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [InCD] c:\program files\ahead\incd\InCD.exe
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [PrintPack dispatcher] "c:\windows\system32\spool\drivers\w32x86\3\PrnPack.exe" /server
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [SignIn] "c:\program files\microsoft online services\sign in\SignIn.exe" /autorun
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\raidma~1.lnk - c:\program files\ite\ite it8212 ata raid controller\RaidMgr.exe
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {0f420c1e-9ed6-4da5-8b91-eddde887a1dc} - c:\windows\system32\spool\drivers\w32x86\3\\Print602.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {A156A7A7-14A2-4282-B487-8E25AB68D608} - {E2AC7314-3101-4d2b-B4AB-AD381381717F} - c:\windows\system32\Print602.dll
    DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://gowithcrm.iosourcing.com/Citrix/ICAWEB/en/ica32/wficat.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131483673491
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} - hxxp://www.fisbonds.com/fisbonds/schwab/saxfile.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://gowithcrm.webex.com/client/T27L/event/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-11-8 24971]
    R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [1979-12-31 10240]
    R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-30 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-30 108392]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-18 47640]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-30 1775344]
    R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-11-8 1275584]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 102448]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100822.007\NAVENG.SYS [2010-8-22 85424]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100822.007\NAVEX15.SYS [2010-8-22 1362608]
    S2 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec client security\symantec antivirus\smclu\setup\smcinst.exe --> c:\program files\symantec client security\symantec antivirus\smclu\setup\smcinst.exe [?]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
    S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2005-11-8 258560]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    S4 vsdatant;vsdatant;a --> a [?]

    =============== Created Last 30 ================

    2010-08-21 22:15:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-21 22:15:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-21 22:15:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-21 22:14:01 0 d-----w- c:\documents and settings\administrator.hedrick\Insurance
    2010-08-18 20:12:02 423656 ----a-w- c:\windows\system32\deployJava1.dll

    ==================== Find3M ====================

    2010-06-30 22:55:48 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-06-30 22:55:48 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-06-30 22:55:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-06-30 22:55:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-09 18:24:11 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-06-09 18:24:06 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-06-09 18:24:05 87424 ----a-w- c:\windows\system32\LMIinit.dll

    ============= FINISH: 22:24:59.32 ===============
    and other dss attached.

    Any ideas about why all the blue screens?
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download BlueScreenView (in Zip file)
    No installation required.
    Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

    ===============================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Reply

    When i started, my daughter said the computer was crashing about 4 to 7 times a day. i assumed blue screen. but it has been freezing up. not blue screen.

    following your directions, bluescreenview, nothing happened, blank on top and bottom. nothing to save.

    mbrcheck, i tried to run it about 5 times. each time, it froze the computer.

    I'll post the combofix.txt file below.
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt


    When done, try to run MBRCheck one more time.
    If still problems...

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  5. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    results of Combofix and boot kit remover

    Here are the results.

    just after combofix started, i got a application error.

    "pev.exe application error. the instruction @ 0x0050005c reverrenced memory at 0x0050005c could not be read. OK to terminate program cancel to debug"

    i cancelled, and combofix continued to run.
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Bootkit Remover log looks good :)

    Combofix log is clean too :)

    How is computer doing?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    =======================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Questions

    i'll follow the instructions in a few minutes. just a small question.

    did the PEG problem mean there was a problem with the boot record, or a problem with the ram. i put a ram checker on and it is running now, but will be done in a minute.

    did the book kit remover remove something?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    My instructions clearly say:
    There was nothing wrong with your MBR.
     
  9. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    otl

    Sorry, thought because ramtest is pre boot, and just a test, it would not hurt. stopped it.

    ran otl. did not get and "extra.txt" file (ran otl twice, only an OTL.txt).

    I take it that you want a cut and paste, so here is the log, but because it is so big, i will post it in three sections:

    section 1

    OTL logfile created on: 8/24/2010 11:38:36 AM - Run 10
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Betty Mc Niel\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 467.51 Gb Total Space | 445.77 Gb Free Space | 95.35% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive M: | 465.64 Gb Total Space | 234.91 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
    Drive S: | 465.64 Gb Total Space | 234.91 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
    Drive W: | 465.64 Gb Total Space | 234.91 Gb Free Space | 50.45% Space Free | Partition Type: NTFS

    Computer Name: ADB10-05
    Current User Name: bettym
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/24 11:26:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\OTL.exe
    PRC - [2010/06/30 15:51:38 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/06/30 15:51:35 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/06/30 15:51:28 | 001,831,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2010/06/30 15:51:28 | 001,447,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/06/30 15:51:22 | 001,775,344 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2010/06/09 11:25:01 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/06/09 11:24:00 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    PRC - [2009/07/13 12:06:15 | 000,558,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/19 18:08:58 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    PRC - [2008/01/11 19:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    PRC - [2007/05/03 11:04:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2006/09/08 12:21:18 | 002,543,616 | ---- | M] (Software602 a.s.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\PrnPack.exe
    PRC - [2005/11/15 20:44:14 | 001,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    PRC - [2005/11/15 20:42:22 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    PRC - [2005/10/20 10:54:16 | 000,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
    PRC - [2005/06/10 02:21:01 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
    PRC - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
    PRC - [2005/04/12 02:15:29 | 001,383,936 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
    PRC - [2004/06/30 17:59:24 | 000,724,992 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
    PRC - [2003/08/01 19:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) -- C:\Program Files\TightVNC\WinVNC.exe
    PRC - [2000/06/01 09:41:08 | 000,090,112 | ---- | M] () -- C:\ivupdate\IVM.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/24 11:26:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\OTL.exe
    MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcLU\Setup\smcinst.exe -- (Smcinst)
    SRV - [2010/06/30 15:51:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/06/30 15:51:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/06/30 15:51:28 | 001,831,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/06/30 15:51:28 | 000,345,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/06/30 15:51:22 | 001,775,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/06/09 11:25:01 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/07/13 12:06:15 | 000,558,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2008/03/19 18:08:58 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
    SRV - [2007/05/03 11:04:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2005/10/20 10:54:16 | 000,126,976 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB)
    SRV - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
    SRV - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
    SRV - [2003/08/01 19:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) [Auto | Running] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BETTYM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/13 17:58:21 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100823.050\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/07/13 17:58:21 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100823.050\NAVENG.SYS -- (NAVENG)
    DRV - [2010/06/30 15:55:48 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/06/30 15:51:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2010/06/30 15:51:40 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/06/30 15:51:40 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/06/30 15:51:40 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/06/30 15:51:32 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2010/06/30 15:51:08 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2010/06/09 11:24:11 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
    DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/02/03 02:59:54 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3114r.sys -- (si3114r)
    DRV - [2008/11/25 01:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
    DRV - [2008/11/25 01:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
    DRV - [2008/11/25 01:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
    DRV - [2008/11/25 01:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
    DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/09/29 04:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/05/12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
    DRV - [2005/04/12 11:07:50 | 000,099,456 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
    DRV - [2005/04/12 11:07:30 | 000,029,056 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
    DRV - [2005/04/12 02:07:25 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
    DRV - [2004/08/18 16:21:00 | 000,189,568 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2004/06/01 11:19:44 | 000,024,971 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid)
    DRV - [2004/05/26 07:08:00 | 000,007,296 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
    DRV - [2004/05/20 20:47:22 | 000,258,560 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrv8ka51.sys -- (W8100XP)
    DRV - [2004/03/17 17:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
    DRV - [2002/09/09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/08/23 15:02:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
    O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [PrintPack dispatcher] C:\WINDOWS\System32\spool\drivers\w32x86\3\PrnPack.exe (Software602 a.s.)
    O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)
    O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe (Integrated Technology Express, Inc.)
    O4 - Startup: C:\Documents and Settings\Betty Mc Niel\Start Menu\Programs\Startup\IVM.lnk = C:\ivupdate\IVM.exe ()
     
  10. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    otl section 2

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\spool\drivers\w32x86\3\\Print602.dll ()
    O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\spool\drivers\w32x86\3\\Print602.dll ()
    O9 - Extra Button: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\system32\Print602.dll (Software602 a.s.)
    O9 - Extra 'Tools' menuitem : Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\system32\Print602.dll (Software602 a.s.)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: logmein.com ([secure] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoftonline.com ([]https in Local intranet)
    O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://gowithcrm.iosourcing.com/Citrix/ICAWEB/en/ica32/wficat.cab (Citrix ICA Client)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131483673491 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} http://www.fisbonds.com/fisbonds/schwab/saxfile.cab (SAXFile FileDownload ActiveX Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://gowithcrm.webex.com/client/T27L/event/ieatgpc.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hedrick.local
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/11/08 10:17:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Error starting restore point: System Restore is disabled.
    Error closing restore point: System Restore is disabled.

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/24 11:26:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\OTL.exe
    [2010/08/24 10:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/08/23 14:55:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/23 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
    [2010/08/23 14:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty Mc Niel\Desktop\Virus Programs 2
    [2010/08/23 09:31:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Betty Mc Niel\Recent
    [2010/08/23 08:56:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
    [2010/08/22 17:29:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/08/21 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/08/18 13:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/08/18 13:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/07/28 09:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty Mc Niel\Desktop\Archive
    [2010/07/28 07:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2010/06/30 15:51:48 | 000,107,848 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
    [2010/06/30 15:51:47 | 000,049,480 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
    [2010/06/30 15:51:46 | 000,042,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WPSDRVnt.sys
    [2010/06/30 15:51:40 | 000,320,560 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
    [2010/06/30 15:51:40 | 000,281,648 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
    [2010/06/30 15:51:40 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
    [2010/06/30 15:51:32 | 000,050,064 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\Teefer2.sys
    [2010/05/27 12:03:22 | 004,169,728 | ---- | C] (Amyuni Technologies
    http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
    [2010/05/27 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/08/24 11:26:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\OTL.exe
    [2010/08/24 11:23:23 | 000,013,746 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/24 11:22:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/24 11:22:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/24 11:21:23 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Betty Mc Niel\NTUSER.DAT
    [2010/08/24 11:21:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Betty Mc Niel\ntuser.ini
    [2010/08/24 10:12:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/23 19:13:56 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/08/23 15:02:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/23 14:55:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/23 10:13:32 | 000,021,701 | ---- | M] () -- C:\Data BGM\Portfolio Export.csv
    [2010/08/23 09:32:23 | 000,001,836 | ---- | M] () -- C:\Data BGM\cc_20100823_093208.reg
    [2010/08/23 09:25:52 | 000,570,390 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/23 09:25:52 | 000,487,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/23 09:25:52 | 000,082,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/23 09:08:44 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Administrative Tools.lnk
    [2010/08/21 14:58:09 | 000,036,994 | ---- | M] () -- C:\Data BGM\cc_20100821_145755.reg
    [2010/08/20 13:08:20 | 000,018,033 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\90615783 5.pdf
    [2010/08/20 12:34:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2010/08/20 07:19:04 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/18 12:50:59 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\http.doc
    [2010/08/13 03:14:06 | 000,370,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/02 08:51:19 | 000,005,127 | ---- | M] () -- C:\Data BGM\Position Export.csv
    [2010/07/29 08:37:02 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
    [2010/07/28 07:20:11 | 000,207,644 | ---- | M] () -- C:\Data BGM\cc_20100728_071955.reg
    [2010/07/22 12:50:24 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\2010 Cash Trading.xls.lnk
    [2010/07/22 12:49:39 | 000,001,240 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\2010 Tax Trading.xls.lnk
    [2010/06/30 15:55:48 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/06/30 15:55:48 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/06/30 15:55:48 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/06/30 15:55:48 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/06/30 15:55:44 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Symantec Endpoint Protection.lnk
    [2010/06/30 15:51:48 | 000,107,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
    [2010/06/30 15:51:47 | 000,049,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
    [2010/06/30 15:51:46 | 000,042,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WPSDRVnt.sys
    [2010/06/30 15:51:40 | 000,320,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
    [2010/06/30 15:51:40 | 000,281,648 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
    [2010/06/30 15:51:40 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
    [2010/06/30 15:51:40 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.cat
    [2010/06/30 15:51:40 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.cat
    [2010/06/30 15:51:40 | 000,001,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.inf
    [2010/06/30 15:51:40 | 000,001,422 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.inf
    [2010/06/30 15:51:39 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.cat
    [2010/06/30 15:51:39 | 000,001,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.inf
    [2010/06/30 15:51:32 | 000,050,064 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\Teefer2.sys
    [2010/06/09 11:24:11 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
    [2010/06/09 11:24:06 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
    [2010/06/09 11:24:05 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
    [2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys
    [2010/05/28 12:43:59 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Portfolio Export Betty M Daily.xls.lnk
    [2010/05/28 12:31:42 | 000,107,520 | ---- | M] () -- C:\Data BGM\Cash balances temp.xls
    [2010/05/27 11:59:16 | 000,001,038 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PortfolioCenter.lnk
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
  11. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    otl section 3

    ========== Files Created - No Company Name ==========

    [2010/08/23 10:47:38 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\WordPad.lnk
    [2010/08/23 09:32:09 | 000,001,836 | ---- | C] () -- C:\Data BGM\cc_20100823_093208.reg
    [2010/08/23 09:08:44 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Administrative Tools.lnk
    [2010/08/21 14:57:56 | 000,036,994 | ---- | C] () -- C:\Data BGM\cc_20100821_145755.reg
    [2010/08/20 13:08:20 | 000,018,033 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\90615783 5.pdf
    [2010/08/18 12:50:59 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\http.doc
    [2010/07/28 07:19:57 | 000,207,644 | ---- | C] () -- C:\Data BGM\cc_20100728_071955.reg
    [2010/07/22 12:48:16 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\2010 Cash Trading.xls.lnk
    [2010/07/22 12:47:00 | 000,001,240 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\2010 Tax Trading.xls.lnk
    [2010/06/30 15:51:40 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.cat
    [2010/06/30 15:51:40 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.cat
    [2010/06/30 15:51:40 | 000,001,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.inf
    [2010/06/30 15:51:40 | 000,001,422 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.inf
    [2010/06/30 15:51:39 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.cat
    [2010/06/30 15:51:39 | 000,001,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.inf
    [2010/06/24 03:06:42 | 000,201,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/05/28 12:43:59 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Portfolio Export Betty M Daily.xls.lnk
    [2010/05/28 12:31:42 | 000,107,520 | ---- | C] () -- C:\Data BGM\Cash balances temp.xls
    [2010/05/27 11:59:16 | 000,001,038 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PortfolioCenter.lnk
    [2010/02/05 16:00:56 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_regtlb.dll
    [2009/12/08 13:35:59 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/31 13:41:31 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2009/01/27 12:39:12 | 000,005,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    [2007/07/18 12:24:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2006/12/06 10:42:47 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
    [2006/04/26 14:10:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2006/03/16 14:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2006/03/02 15:41:17 | 000,013,910 | ---- | C] () -- C:\WINDOWS\HYS.INI
    [2006/01/20 13:16:29 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\fusioncache.dat
    [2005/12/13 19:11:52 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\$_hpcst$.hpc
    [2005/11/17 12:20:51 | 000,000,033 | ---- | C] () -- C:\WINDOWS\schwabcd.ini
    [2005/11/08 16:40:53 | 000,001,230 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\FASTWiz.html
    [2005/11/08 16:37:56 | 000,030,685 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\FASTWiz.log
    [2005/11/08 11:52:23 | 000,000,649 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/11/08 10:32:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
    [2005/11/08 10:31:43 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
    [2005/11/08 10:31:42 | 000,007,100 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2005/11/08 10:31:40 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/09/26 17:34:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
    [2001/08/10 16:37:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

    ========== LOP Check ==========

    [2010/01/14 09:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2010/03/18 11:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2008/01/18 13:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Schwab Performance Technologies
    [2009/06/24 12:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/05/12 11:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\EPSON
    [2009/08/06 13:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\ICAClient
    [2010/08/18 11:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Juniper Networks
    [2009/09/11 09:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Quicken WillMaker
    [2008/04/18 08:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue
    [2009/08/06 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\webex
    [2010/02/11 12:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Xerox

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/03/18 11:12:06 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2005/11/08 10:17:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/09/22 18:30:14 | 000,021,162 | ---- | M] () -- C:\AVSCAN-20090922-164912-C8313140.LOG
    [2005/12/21 16:20:06 | 000,271,360 | ---- | M] () -- C:\BETTYM.pst
    [2009/09/23 12:30:21 | 000,000,282 | ---- | M] () -- C:\Boot.bak
    [2010/08/23 14:55:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/08/24 10:15:21 | 000,026,086 | ---- | M] () -- C:\ComboFix 8-24.txt
    [2005/11/08 10:17:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/11/08 10:17:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2005/11/08 10:17:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/03/19 07:38:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/24 11:22:22 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2006/01/16 11:26:57 | 000,000,096 | ---- | M] () -- C:\pcs.xml
    [2005/11/08 16:50:36 | 000,017,590 | ---- | M] () -- C:\PkgClnup.log

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2010/06/09 11:24:09 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [2010/06/30 15:51:47 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
    [2010/06/30 15:51:48 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2009/02/09 04:32:10 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/02/02 15:39:25 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2009/02/09 04:32:10 | 033,292,288 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/02/09 04:32:10 | 004,980,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
    [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You didn't say:
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (Reg Error: Key error.)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://gowithcrm.webex.com/client/T...nt/ieatgpc.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
      [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2008/04/18 08:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  13. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Thank you, it seems to be running OK, but i don't know till my daughter returns

    here is the otl runfix log:
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {03A89EFD-E023-A200-A22D-45F77558EB4C}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03A89EFD-E023-A200-A22D-45F77558EB4C}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03A89EFD-E023-A200-A22D-45F77558EB4C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03A89EFD-E023-A200-A22D-45F77558EB4C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03A89EFD-E023-A200-A22D-45F77558EB4C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03A89EFD-E023-A200-A22D-45F77558EB4C}\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\WINDOWS\Downloaded Program Files\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\WINDOWS\System32\dllcache\SET89.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET8A.tmp deleted successfully.
    C:\WINDOWS\System32\SET87.tmp deleted successfully.
    C:\WINDOWS\System32\SET88.tmp deleted successfully.
    C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue\Registry Booster2 folder moved successfully.
    C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: administrator.HEDRICK
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 294871 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 615 bytes

    User: All Users

    User: benjamin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Betty Mc Niel
    ->Temp folder emptied: 1001261 bytes
    ->Temporary Internet Files folder emptied: 4370670 bytes
    ->Java cache emptied: 129485 bytes
    ->Flash cache emptied: 1330 bytes

    User: bettyh

    User: bettym
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: hannahh
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: QBDataServiceUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: __sbs_netsetup__
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1776 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 20535 bytes

    Total Files Cleaned = 6.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: administrator.HEDRICK
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: benjamin
    ->Flash cache emptied: 0 bytes

    User: Betty Mc Niel
    ->Flash cache emptied: 0 bytes

    User: bettyh

    User: bettym

    User: Default User

    User: hannahh
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: QBDataServiceUser

    User: __sbs_netsetup__

    Total Flash Files Cleaned = 0.00 mb

    Error: Unable to interpret <[Reboot]Then click the Run Fix bu> in the current context!

    OTL by OldTimer - Version 3.2.10.0 log created on 08242010_185829

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\DWEFQ0MG\msn_com[1].htm moved successfully.
    C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\DWEFQ0MG\Sync[1].htm moved successfully.
    C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\CBD42NH4\ads[2].htm moved successfully.
    C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\CBD42NH4\Include[1].htm moved successfully.
    C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\CBD42NH4\sh21[1].html moved successfully.
    C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\CBD42NH4\topic152193[1].html moved successfully.
    C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...

    and the security check log:
    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Symantec Endpoint Protection Client
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    HijackThis 2.0.2
    CCleaner (remove only)
    Java(TM) 6 Update 21
    Adobe Flash Player
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    Betty Mc Niel Desktop Virus Programs 2 SecurityCheck.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````

    i think i need to start another reply to add anything else.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    So far, all looks good :)
     
  15. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    tfc

    when i ran the otl run fix a while ago, it hung up on the reboot (before closing). I left it that way for an hour, then manually turned it off and on. the otl log then appeared on opening.

    when i ran the tfc, i got the message to reboot, and the computer did the same thing. this time i only waited 15 minutes.

    i'll run the kasperov, that will take a couple of hours i think.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Those hiccups are not unusual.

    Kaspersky may take even longer.
     
  17. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Kasperov

    I ran Kasperov twice, but each time, it just rebooted at the end, with no logs.

    is there a place with the log?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    It shouldn't take too long.
     
  19. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    kaspersky froze computer several times

    i tried Kaspersky several times. i could see that there were three items found, then a freeze.

    i'm trying the Eset Now.
     
  20. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    freeze again

    last night, i tried several times the eset.

    a coupleof times, it froze at 35%. i then ran Housecall online, if found nothing.

    tried Eset again this morning, i froze at 87%.

    the screen froze while reviewing c:\windows\installer\86a51b1.msp

    I googled that msp file, but didn't find anything.

    i'l going to try the kaspersky again now.
     
  21. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    Critical Kaspersky report

    I finally got a critical area kaspersky report:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Thursday, August 26, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Thursday, August 26, 2010 11:44:19
    Records in database: 4156785
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - Critical areas:
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    C:\Documents and Settings\Betty Mc Niel\Start Menu\Programs\Startup
    C:\Program Files
    C:\WINDOWS

    Scan statistics:
    Objects scanned: 55819
    Threats found: 2
    Infected objects found: 5
    Suspicious objects found: 0
    Scan duration: 01:47:15


    File name / Threat / Threats count
    WinVNC.exe\WinVNC.exe/WinVNC.exe\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
    C:\Program Files\TightVNC\WinVNC.exe/C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
    C:\Program Files\TightVNC\VNCHOOKS.DLL/C:\Program Files\TightVNC\VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
    C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
    C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1

    Selected area has been scanned.

    My daughter needs to do some homework, but i'll run the whole computer this afternoon.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Another option....this one should be quick...

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
     
  23. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    bit defender freeze

    bitdefender froze three times on the downloading of the latest virus definitions.

    the bar showed 100%, but it never went further.

    i also tried Kaspersky again this morning, nothing.

    so i went further back.

    here is a log on the bootkit remover. is there anything here?

    .\debug.cpp(238) : Debug log started at 27.08.2010 - 14:33:14
    .\boot_cleaner.cpp(675) : Bootkit Remover
    .\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
    .\boot_cleaner.cpp(677) : www.esagelab.com
    .\boot_cleaner.cpp(681) : Program version: 1.1.0.0
    .\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x00228000 "\WINDOWS\system32\ntoskrnl.exe"
    .\debug.cpp(256) : 0x806ff000 0x00020d00 "\WINDOWS\system32\hal.dll"
    .\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
    .\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0xf75a8000 0x0002e000 "ACPI.sys"
    .\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
    .\debug.cpp(256) : 0xf7597000 0x00011000 "pci.sys"
    .\debug.cpp(256) : 0xf75f7000 0x0000a000 "isapnp.sys"
    .\debug.cpp(256) : 0xf7607000 0x00010000 "ohci1394.sys"
    .\debug.cpp(256) : 0xf7617000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
    .\debug.cpp(256) : 0xf7a4f000 0x00001000 "PCIIde.sys"
    .\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\System32\Drivers\PCIIDEX.SYS"
    .\debug.cpp(256) : 0xf798b000 0x00002000 "intelide.sys"
    .\debug.cpp(256) : 0xf7627000 0x0000b000 "MountMgr.sys"
    .\debug.cpp(256) : 0xf74d8000 0x0001f000 "ftdisk.sys"
    .\debug.cpp(256) : 0xf798d000 0x00002000 "dmload.sys"
    .\debug.cpp(256) : 0xf74b2000 0x00026000 "dmio.sys"
    .\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
    .\debug.cpp(256) : 0xf7637000 0x0000d000 "VolSnap.sys"
    .\debug.cpp(256) : 0xf749a000 0x00018000 "atapi.sys"
    .\debug.cpp(256) : 0xf7483000 0x00017000 "si3114r.sys"
    .\debug.cpp(256) : 0xf746b000 0x00018000 "\WINDOWS\system32\drivers\SCSIPORT.SYS"
    .\debug.cpp(256) : 0xf7717000 0x00006000 "iteraid.sys"
    .\debug.cpp(256) : 0xf7435000 0x00036000 "Si3114r5.sys"
    .\debug.cpp(256) : 0xf789b000 0x00003000 "SiWinAcc.sys"
    .\debug.cpp(256) : 0xf7647000 0x00009000 "disk.sys"
    .\debug.cpp(256) : 0xf7657000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0xf7415000 0x00020000 "fltmgr.sys"
    .\debug.cpp(256) : 0xf7880000 0x00017000 "KSecDD.sys"
    .\debug.cpp(256) : 0xf7b52000 0x0008d000 "Ntfs.sys"
    .\debug.cpp(256) : 0xf7853000 0x0002d000 "NDIS.sys"
    .\debug.cpp(256) : 0xf798f000 0x00002000 "SiRemFil.sys"
    .\debug.cpp(256) : 0xf7839000 0x0001a000 "Mup.sys"
    .\debug.cpp(256) : 0xb9b19000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0xb93b6000 0x0028a000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
    .\debug.cpp(256) : 0xb93a2000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0xb937a000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
    .\debug.cpp(256) : 0xb934b000 0x0002f000 "\SystemRoot\system32\DRIVERS\yk51x86.sys"
    .\debug.cpp(256) : 0xf7767000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
    .\debug.cpp(256) : 0xb9327000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0xf776f000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0xb9b09000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
    .\debug.cpp(256) : 0xf7777000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
    .\debug.cpp(256) : 0xb9313000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
    .\debug.cpp(256) : 0xf79b5000 0x00002000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"
    .\debug.cpp(256) : 0xb9af9000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0xf777f000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0xb9ae9000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
    .\debug.cpp(256) : 0xba7c0000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
    .\debug.cpp(256) : 0xb9ad9000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
    .\debug.cpp(256) : 0xb9ac9000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0xb9ab9000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
    .\debug.cpp(256) : 0xb92f0000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0xb9b98000 0x00008000 "\SystemRoot\System32\DRIVERS\InCDPass.sys"
    .\debug.cpp(256) : 0xb9b90000 0x00007000 "\SystemRoot\System32\Drivers\incdrm.SYS"
    .\debug.cpp(256) : 0xba538000 0x00001000 "\SystemRoot\system32\DRIVERS\lmimirr.sys"
    .\debug.cpp(256) : 0xba537000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
    .\debug.cpp(256) : 0xb9aa9000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0xba7b4000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0xb8a13000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0xba790000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0xba780000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0xb9680000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0xb8a02000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
    .\debug.cpp(256) : 0xba770000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
    .\debug.cpp(256) : 0xb9670000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
    .\debug.cpp(256) : 0xb9668000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
    .\debug.cpp(256) : 0xb8952000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
    .\debug.cpp(256) : 0xba760000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0xb9660000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0xb8934000 0x0001e000 "\SystemRoot\system32\DRIVERS\teefer2.sys"
    .\debug.cpp(256) : 0xf79bf000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0xb88d6000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
    .\debug.cpp(256) : 0xf7937000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0xb6525000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0xad386000 0x0013b000 "\SystemRoot\system32\drivers\cmudax.sys"
    .\debug.cpp(256) : 0xad362000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0xb6311000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0xb5543000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0xf79ed000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0xb649a000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
    .\debug.cpp(256) : 0xa8c18000 0x0004a000 "\SystemRoot\System32\Drivers\SRTSP.SYS"
    .\debug.cpp(256) : 0xa8acc000 0x0014c000 "\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.048\NAVEX15.SYS"
    .\debug.cpp(256) : 0xa8aa7000 0x00025000 "\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS"
    .\debug.cpp(256) : 0xa8a93000 0x00014000 "\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.048\NAVENG.SYS"
    .\debug.cpp(256) : 0xb6389000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
    .\debug.cpp(256) : 0xf7527000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0xb5dba000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0xb6385000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0xb5db2000 0x00006000 "\SystemRoot\system32\DRIVERS\point32.sys"
    .\debug.cpp(256) : 0xb9a99000 0x0000a000 "\SystemRoot\System32\Drivers\SRTSPX.SYS"
    .\debug.cpp(256) : 0xf79b1000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0xf7a99000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0xf79b3000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0xa90c3000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0xb7fcb000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
    .\debug.cpp(256) : 0xb7fc9000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0xb5583000 0x00003000 "\SystemRoot\System32\Drivers\InCDrec.SYS"
    .\debug.cpp(256) : 0xa8a5a000 0x00019000 "\SystemRoot\System32\Drivers\InCDfs.SYS"
    .\debug.cpp(256) : 0xa90bb000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0xa8ea3000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0xac7a2000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
    .\debug.cpp(256) : 0xa8a47000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
    .\debug.cpp(256) : 0xa89ee000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
    .\debug.cpp(256) : 0xb9739000 0x0000e000 "\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys"
    .\debug.cpp(256) : 0xa89c6000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0xa89a4000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
    .\debug.cpp(256) : 0xa897e000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
    .\debug.cpp(256) : 0xb9729000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0xa8914000 0x0006a000 "\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys"
    .\debug.cpp(256) : 0xb96f9000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0xb96c9000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
    .\debug.cpp(256) : 0xa88e9000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0xa8879000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0xb79d0000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
    .\debug.cpp(256) : 0xa881b000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
    .\debug.cpp(256) : 0xa87fe000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
    .\debug.cpp(256) : 0xb9709000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
    .\debug.cpp(256) : 0xb899e000 0x00004000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
    .\debug.cpp(256) : 0xa87c8000 0x00036000 "\SystemRoot\System32\Drivers\dump_Si3114r5.sys"
    .\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0xb8986000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0xf781f000 0x00005000 "\SystemRoot\System32\watchdog.sys"
    .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
    .\debug.cpp(256) : 0xb58e5000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
    .\debug.cpp(256) : 0xbf012000 0x00045000 "\SystemRoot\System32\ati2dvag.dll"
    .\debug.cpp(256) : 0xbf057000 0x0007a000 "\SystemRoot\System32\ati2cqag.dll"
    .\debug.cpp(256) : 0xbf0d1000 0x0006c000 "\SystemRoot\System32\atikvmag.dll"
    .\debug.cpp(256) : 0xbf13d000 0x0002e000 "\SystemRoot\System32\atiok3x2.dll"
    .\debug.cpp(256) : 0xbf16b000 0x002fd000 "\SystemRoot\System32\ati3duag.dll"
    .\debug.cpp(256) : 0xbf468000 0x00186000 "\SystemRoot\System32\ativvaxx.dll"
    .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0xa6588000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0xa63bb000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
    .\debug.cpp(256) : 0xf79e1000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
    .\debug.cpp(256) : 0xf79a1000 0x00002000 "\??\C:\WINDOWS\system32\drivers\EIO.sys"
    .\debug.cpp(256) : 0xb7fbf000 0x00002000 "\??\C:\Program Files\LogMeIn\x86\RaInfo.sys"
    .\debug.cpp(256) : 0xa62ec000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xf76e7000 0x0000a000 "\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys"
    .\debug.cpp(256) : 0xa6275000 0x00027000 "\??\C:\WINDOWS\system32\drivers\WpsHelper.sys"
    .\debug.cpp(256) : 0xa60b5000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
    .\debug.cpp(256) : 0xa5f42000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
    .\debug.cpp(256) : 0xa5d71000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
    .\debug.cpp(256) : 0xf77a7000 0x00006000 "\SystemRoot\System32\Drivers\TDTCP.SYS"
    .\debug.cpp(256) : 0xa2f38000 0x00023000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
    .\debug.cpp(256) : 0xa0f9a000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination="\Device\CdRom0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination="\Device\Scsi\iteraid1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination="\Device\Ndis"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\InCDfs"
    .\debug.cpp(400) : Destination="\DosDevices\BsUDF"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination="\Device\Video0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265C&SUBSYS_80A61043&REV_03#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination="\Device\Video1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\0000003a"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
    .\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
    .\debug.cpp(400) : Destination="\Device\Ip"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
    .\debug.cpp(400) : Destination="\Device\SymEvent"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination="\Device\Video2"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
    .\debug.cpp(400) : Destination="\Device\IPSEC"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Teefer2"
    .\debug.cpp(400) : Destination="\Device\Teefer2"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination="\Device\Video3"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&2d2d400&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
    .\debug.cpp(400) : Destination="\Device\00000068"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\00000039"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
    .\debug.cpp(400) : Destination="\Device\ATKACPI"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
    .\debug.cpp(400) : Destination="\Device\Scsi\Si3114r51"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
    .\debug.cpp(400) : Destination="\Device\NDProxy"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_434D&DEV_4980&SUBSYS_813D1043&REV_0900#4&3ab10393&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination="\Device\00000074"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination="\Device\Video4"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_008c&Col01#6&105281ca&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination="\Device\0000007b"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{84DC4018-F68A-4017-A998-6E9539BF2003}"
    .\debug.cpp(400) : Destination="\Device\{84DC4018-F68A-4017-A998-6E9539BF2003}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsCommunicationDevice"
    .\debug.cpp(400) : Destination="\Device\LMIRFS\Communication"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
    .\debug.cpp(400) : Destination="\Device\ParallelVdm0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
    .\debug.cpp(400) : Destination="\Device\Video5"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265A&SUBSYS_80A61043&REV_03#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
    .\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2939380C-DC92-44FC-A481-7985B745FF56}"
    .\debug.cpp(400) : Destination="\Device\{2939380C-DC92-44FC-A481-7985B745FF56}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination="\Device\WMIDataDevice"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
    .\debug.cpp(400) : Destination="\Device\Serial0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2d2d400&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination="\Device\0000006c"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e8d7f014-f69b-11dd-af99-806d6172696f}"
    .\debug.cpp(400) : Destination="\Device\Floppy0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination="\Device\NamedPipe"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\POINT32FILTER"
    .\debug.cpp(400) : Destination="\Device\Point32Filter"

    this will take two or three.
     
  24. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    #2

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e8d7f016-f69b-11dd-af99-806d6172696f}"
    .\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination="\Device\Mup"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{98191838-ce21-11da-af2f-806d6172696f}"
    .\debug.cpp(400) : Destination="\Device\CdRom0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureD770D770Offset7E00Length74E0DD4E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{50894BD2-4719-42B0-B21F-241749E8170D}"
    .\debug.cpp(400) : Destination="\Device\{50894BD2-4719-42B0-B21F-241749E8170D}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\BBDRVCHANNEL"
    .\debug.cpp(400) : Destination="\Device\BBDrvDevice"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
    .\debug.cpp(400) : Destination="\Device\PSched"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
    .\debug.cpp(400) : Destination="\Device\IPNAT"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_045e&Pid_008c#5&3ad6b64d&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination="\Device\USBPDO-5"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
    .\debug.cpp(400) : Destination="\Device\NAVEX15"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{83FA092B-3CCB-4364-A9AA-B84CD95C3634}"
    .\debug.cpp(400) : Destination="\Device\{83FA092B-3CCB-4364-A9AA-B84CD95C3634}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination="\Device\USBFDO-0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCD_PSEUDO_DEVICE"
    .\debug.cpp(400) : Destination="\Device\INCD_PSEUDO_DEVICE"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination="\Device\Tcp"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&17adc842&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination="\Device\USBPDO-0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5B60&SUBSYS_002A1043&REV_00#4&37ad8b77&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

    .\debug.cpp(369) : Device "\GLOBAL??\BsUDF"
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination="\Device\VideoPdo0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination="\Device\USBFDO-1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\0000003f"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
    .\debug.cpp(400) : Destination="\Device\EraserCtrlDrv"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination="\DosDevices\LPT1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"
    .\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination="\Device\USBFDO-2"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1283&DEV_8212&SUBSYS_813A1043&REV_13#4&23c0b1c&0&20F0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination="\Device\CdRom0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
    .\debug.cpp(400) : Destination="\Device\sysaudio"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination="\Device\FsWrap"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination="\Device\USBFDO-3"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\0000003e"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\0000003c"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_008c&Col03#6&105281ca&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination="\Device\0000007d"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B82FB3A8-25CE-4154-9F75-B8C1E61AFB0E}"
    .\debug.cpp(400) : Destination="\Device\{B82FB3A8-25CE-4154-9F75-B8C1E61AFB0E}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination="\Device\USBFDO-4"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a9f41a2c-4f9e-11da-8cc1-806d6172696f}"
    .\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{ff6f7dc2-5030-11da-ba9d-806d6172696f}"
    .\debug.cpp(400) : Destination="\Device\Floppy0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX320EE____________________RYK4____#3032353032313930303031303738353620202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
    .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX320EE____________________RYK4____#3032353032313930303031303738353620202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2659&SUBSYS_80A61043&REV_03#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination="\Device\00000051"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination="\Device\00000050"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination="\GLOBAL??"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
    .\debug.cpp(400) : Destination="\Device\NAVENG"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
    .\debug.cpp(400) : Destination="\Device\0000006e"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
    .\debug.cpp(400) : Destination="\Device\SRTSPX"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AEE21A7F-8945-4954-AE4B-898EFC3010C7}"
    .\debug.cpp(400) : Destination="\Device\{AEE21A7F-8945-4954-AE4B-898EFC3010C7}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1006d8fa&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination="\Device\USBPDO-4"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_434D&DEV_4980&SUBSYS_813D1043&REV_0900#4&3ab10393&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination="\Device\00000074"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpsHelper"
    .\debug.cpp(400) : Destination="\Device\WpsHelper"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination="\Device\0000004b"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_008c&Col02#6&105281ca&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination="\Device\0000007c"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIInfo"
    .\debug.cpp(400) : Destination="\Device\LMIInfo"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\InCDfsComm"
    .\debug.cpp(400) : Destination="\Device\InCDfsComm"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
    .\debug.cpp(400) : Destination="\Device\ARP1394"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&28e3d985&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination="\Device\USBPDO-3"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination="\Device\00000002"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_434D&DEV_4980&SUBSYS_813D1043&REV_0900#4&3ab10393&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination="\Device\00000074"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D5D4EF17-8250-46EE-9ACE-DE91B2CC622A}"
    .\debug.cpp(400) : Destination="\Device\{D5D4EF17-8250-46EE-9ACE-DE91B2CC622A}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WPS"
    .\debug.cpp(400) : Destination="\Device\WPS"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
    .\debug.cpp(400) : Destination="\Device\0000006e"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MrwR00000000"
    .\debug.cpp(400) : Destination="\Device\MrwR00000000"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&2b61a575&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
    .\debug.cpp(400) : Destination="\Device\Parallel0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination="\Device\MountPointManager"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\00000038"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#8dacf11d800#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\0000006f"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
    .\debug.cpp(400) : Destination="\Device\DmControl\DmConfig"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination="\Device\WANARP"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_434D&DEV_4980&SUBSYS_813D1043&REV_0900#4&3ab10393&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination="\Device\00000074"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination="\Device\00000004"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
    .\debug.cpp(400) : Destination="\Device\DmControl\DmTrace"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
    .\debug.cpp(400) : Destination="\Device\Floppy0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6D6098ED-C9D0-46DE-9CDB-6480B49973F1}"
    .\debug.cpp(400) : Destination="\Device\{6D6098ED-C9D0-46DE-9CDB-6480B49973F1}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination="\Device\NdisWanIp"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination="\Device\00000003"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
    .\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_008c&Col01#6&105281ca&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination="\Device\0000007b"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265B&SUBSYS_80A61043&REV_03#3&11583659&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&559926a&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination="\Device\FloppyPDO0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
    .\debug.cpp(400) : Destination="\Device\1394BUS0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX320EE____________________RYK4____#3032353032313930303031303738353620202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"
    .\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&23e7fcf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination="\Device\USBPDO-1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4362&SUBSYS_81421043&REV_15#4&2065177b&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\0000003b"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
    .\debug.cpp(400) : Destination="\Device\ParTechInc0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
    .\debug.cpp(400) : Destination="\Device\00000046"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsDevice"
    .\debug.cpp(400) : Destination="\Device\LMIRFS\Control"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
    .\debug.cpp(400) : Destination="\Device\NdisTapi"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination="\Device\NdisWan"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
    .\debug.cpp(400) : Destination="\Device\NamedPipe\Spooler\LPT1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
    .\debug.cpp(400) : Destination="\Device\IPMULTICAST"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
    .\debug.cpp(400) : Destination="\Device\ParTechInc1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
    .\debug.cpp(400) : Destination="\Device\DmLoader"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
    .\debug.cpp(400) : Destination="\Device\LanmanRedirector"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EIO"
    .\debug.cpp(400) : Destination="\Device\EIO"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
    .\debug.cpp(400) : Destination="\Device\ParTechInc2"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCDPASS_REAL_DEVICE00000000"
    .\debug.cpp(400) : Destination="\Device\INCDPASS_REAL_DEVICE00000000"

    one more
     
  25. glhglh

    glhglh TS Guru Topic Starter Posts: 504

    #3

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1095&DEV_3114&SUBSYS_81361043&REV_02#4&23c0b1c&0&28F0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination="\Device\FtControl"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
    .\debug.cpp(400) : Destination="\Device\SRTSP"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination="\Device\MailSlot"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_SiImage&Prod_&Rev_0000#5&23d7da25&0&0100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination="\Device\Scsi\Si3114r51Port4Path0Target10Lun0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination="\DosDevices\COM1"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5B70&SUBSYS_002B1043&REV_00#4&37ad8b77&0&0108#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination="\Device\Ide\IdePort2"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination=""

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination="\Device\Ndisuio"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination="\Device\00000042"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e8d7f015-f69b-11dd-af99-806d6172696f}"
    .\debug.cpp(400) : Destination="\Device\CdRom0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination="\Device\Null"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\00000043"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination="\Device\00000045"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination="\Device\0000004c"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8023&SUBSYS_808B1043&REV_00#4&23c0b1c&0&18F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1"
    .\debug.cpp(400) : Destination="\Device\Parallel0"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination="\Device\00000041"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2b857f1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination="\Device\USBPDO-2"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{96569E7B-B3A1-45E3-B293-A9C0906EC098}"
    .\debug.cpp(400) : Destination="\Device\{96569E7B-B3A1-45E3-B293-A9C0906EC098}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CD604AB4-117D-4A58-86D1-A43DFCB95466}"
    .\debug.cpp(400) : Destination="\Device\{CD604AB4-117D-4A58-86D1-A43DFCB95466}"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
    .\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2658&SUBSYS_80A61043&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
    .\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

    .\debug.cpp(451) : **********************************************
    .\boot_cleaner.cpp(1077) : System volume is \\.\C:
    .\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    .\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
    .\boot_cleaner.cpp(1151) :
    .\boot_cleaner.cpp(1152) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1153) : --------------------------------------------
    .\boot_cleaner.cpp(1197) : 467 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1203) :
    .\boot_cleaner.cpp(1242) : Done;
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...