Slow startup & page loading - lots of .exes running overtime...

Solved
By Michael Neal
May 28, 2012
  1. Hi. Within the last 10 days I've experienced noticeable slowing at startup and page loading. The logs will reveal all, but I have far more than usual number of exes running maxed-out cpu usage for extended periods. This was made somewhat better by turning off win, real, java, etc. auto updates- all of 'em I could except for Avast. There may be some significance to my switching back to IE after a massive Firefox update about the time this started (there should be an icon for red herrings). Logs wouldn't show it , but I rousted the dust bunnies from processor as well. Here, I hope, are the logs:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.05.28.04
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Michael :: MICHAEL6MASTER [administrator]
    5/28/2012 3:20:32 PM
    mbam-log-2012-05-28 (15-20-32).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 226845
    Time elapsed: 9 minute(s), 31 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    Registry Values Detected: 1
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: eb3c6bf41b3d00f8168e8d6767a1e6d3 -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Program Files\Outlook Express\itrci.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    (end)

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
    Run by Michael at 16:01:54 on 2012-05-28
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1989 [GMT -7:00]
    .
    AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: BitDefender Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Page = hxxp://search.yahoo.com/web?fr=yfp-t-701
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-explorer: NoThemesTab = 0 (0x0)
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    uPolicies-system: NoColorChoice = 0 (0x0)
    uPolicies-system: NoSizeChoice = 0 (0x0)
    uPolicies-system: NoVisualStyleChoice = 0 (0x0)
    uPolicies-system: NoDispSettingsPage = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    Trusted Zone: ebay.com\shiptrack
    Trusted Zone: ebay.com\signin
    Trusted Zone: live365.com\www
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: microsoft.com\*.windowsupdate
    Trusted Zone: microsoft.com\office
    Trusted Zone: microsoft.com\www.update
    Trusted Zone: pb.com\ibdswebp11-ext
    Trusted Zone: windowsupdate.com\download
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096585577562
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249583461656
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\xnmo7rrc.default\
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-2 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-2 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-2 20696]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-2 44768]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-8-6 111312]
    S2 gupdate1c9d97b56fbbab4;Google Update Service (gupdate1c9d97b56fbbab4);c:\program files\google\update\GoogleUpdate.exe [2009-5-20 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 253088]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-6-25 183880]
    S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 153448]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-20 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 129976]
    S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2008-2-17 56576]
    S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-10-8 136832]
    S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2008-2-17 19584]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
    S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys --> c:\windows\system32\drivers\vmwvusb.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-05-26 02:10:02 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
    2012-05-26 02:09:51 -------- d-----w- c:\program files\Security Task Manager
    2012-05-08 21:24:35 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-08 21:24:31 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-05-08 21:24:31 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    2012-05-02 17:59:33 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-05-02 17:59:07 41184 ----a-w- c:\windows\avastSS.scr
    2012-05-02 17:49:44 -------- d-----w- c:\program files\AVAST Software
    2012-05-02 17:49:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    .
    ==================== Find3M ====================
    .
    2012-04-20 22:49:12 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
    2012-04-20 22:44:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-20 22:44:28 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-11 13:14:41 2148352 ------w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35:51 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-01 18:31:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-04-01 18:31:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-01 18:31:21 0 ----a-w- c:\windows\system32\REN23.tmp
    2012-04-01 18:31:21 0 ----a-w- c:\windows\system32\REN22.tmp
    2012-04-01 18:31:21 0 ----a-w- c:\windows\system32\REN21.tmp
    2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
    2008-11-08 20:48:57 27024112 ----a-w- c:\program files\PowerPointViewer.exe
    2008-05-12 18:36:15 29920512 ----a-w- c:\program files\tunebite.exe
    2006-08-30 21:12:48 13905464 ----a-w- c:\program files\snagit.exe
    2006-03-07 01:34:01 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
    2005-04-06 22:16:24 2513056 ----a-w- c:\program files\spywareblastersetup33.exe
    2004-12-08 05:17:39 2247855 ----a-w- c:\program files\spywareblastersetup.exe
    2004-11-22 20:51:57 6792848 ----a-w- c:\program files\modelpressreader.exe
    2004-11-22 18:15:59 24632128 ----a-w- c:\program files\modelpresspublisher.exe
    .
    ============= FINISH: 16:03:40.40 ===============

    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/30/2004 1:39:53 PM
    System Uptime: 5/28/2012 3:32:11 PM (1 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0F4491
    Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 3059/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 237.637 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\LEGACY_BDSELFPR\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_BDSELFPR\0000
    Service:
    .
    Class GUID:
    Description:
    Device ID: ROOT\LEGACY_BDVEDISK\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_BDVEDISK\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Acronis True Image Home
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Illustrator 10
    Adobe Photoshop 7.0
    Adobe Reader 9
    Adobe Reader 9.1.3
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.5
    AeroFly Professional Deluxe
    AeroFly Professional Deluxe AddOn FMT Magazin
    AFPD Import Wizard
    AGEIA PhysX v2.4.4
    AiO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities ZoomBrowser EX
    CCleaner
    CenturyLink Share and Store v2.2.1.20422
    Compatibility Pack for the 2007 Office system
    Core FTP LE 2.1
    CVA MAP Assistance
    CVA MAP Spring 10
    Dell ResourceCD
    DesignPro 5.0 Limited Edition
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    European Air War
    FMS
    Foxit PDF Editor
    GIMP 2.4.2
    Glary Utilities 2.45.0.1486
    Google Earth
    Google SketchUp
    Google SketchUp 6
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    HP PSC & OfficeJet 5.3.B
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) PRO Network Connections Drivers
    IrfanView (remove only)
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Jasc Paint Shop Pro 8
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 31
    JumpStart Typing
    LEGO® MINDSTORMS® NXT - English Language Pack
    LEGO® MINDSTORMS® NXT Driver
    LEGO® MINDSTORMS® NXT Software v1.0
    Malwarebytes Anti-Malware version 1.61.0.1400
    Math Blaster Ages 9-12
    Math Blaster PreAlgebra
    Maxtor MaxBlast
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Excel Viewer 2003
    Microsoft Office File Validation Add-In
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    MSXML4 Parser
    MyConnection PC Lite Edition
    Nero - Burning Rom
    NVIDIA Windows 2000/XP Display Drivers
    NWEA NTE Administration Tool
    Octoshape add-in for Adobe Flash Player
    OpenOffice.org 3.1
    Picasa 3
    PixiePack Codec Pack
    PL-2303 USB-to-Serial
    PreReq
    QFolder
    QuickTime
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Red Baron 3D
    Revo Uninstaller 1.93
    RollerCoaster Tycoon 2
    Rosetta Stone Ltd Services
    Safari
    Scan
    Security Task Manager 1.8d
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Sophos Windows Shortcut Exploit Protection Tool
    SoundMAX
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    Tile Print
    TopWinEn
    Turbo Lister 2
    Uniblue System Tweaker
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951978)
    VisualRoute Lite Edition
    VoiceOver Kit
    WD Diagnostics
    WebFldrs XP
    Windows 7 Upgrade Advisor
    Windows Backup Utility
    Windows Genuine Advantage v1.3.0254.0
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    XFLR5 v2.01
    XtremaLog 1.0.1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/25/2012 7:21:36 PM, error: Service Control Manager [7034] - The BitDefender Desktop Update Service service terminated unexpectedly. It has done this 1 time(s).
    5/23/2012 5:58:30 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    5/21/2012 5:52:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    .
    ==== End Of File ===========================
    Thankyou.
  2. Broni

    Broni Malware Annihilator Posts: 46,150   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================

    I still need GMER log.

    You're running two AV programs, Avast and BitDefender.
    You must uninstall one of them.
    Your choice.
  3. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    Thanks for your time. I uninstalled BD, oh, perhaps 2 years ago. I've been removing remenants with several program (revo, BD uninstaller, etc.) removal programs ever since. They all seem to be missing some kernel that allowed them to digest the fragments- I assumed they needed at least the uninstall portion of those programs re-installed to work- so I gave up. There's probably some norton left in there as well. Here's the GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-05-28 20:25:30
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e MAXTOR_STM3320620AS rev.3.AAE
    Running: s10rebfp.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\kxtdikoc.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAEAED28E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAEAED0F9]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAEB8AD92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    ---- EOF - GMER 1.0.15 ----
  4. Broni

    Broni Malware Annihilator Posts: 46,150   +251

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-05-28 20:25:30
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e MAXTOR_STM3320620AS rev.3.AAE
    Running: s10rebfp.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\kxtdikoc.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAEAED28E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAEAED0F9]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAEB8AD92]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    ---- EOF - GMER 1.0.15 ----


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-28 20:45:47
    -----------------------------
    20:45:47.921 OS Version: Windows 5.1.2600 Service Pack 3
    20:45:47.921 Number of processors: 2 586 0x209
    20:45:47.921 ComputerName: MICHAEL6MASTER UserName: Michael
    20:45:49.593 Initialize success
    20:45:49.750 AVAST engine defs: 12052801
    20:46:06.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    20:46:06.281 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
    20:46:06.296 Disk 0 MBR read successfully
    20:46:06.296 Disk 0 MBR scan
    20:46:06.296 Disk 0 Windows XP default MBR code
    20:46:06.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
    20:46:06.296 Disk 0 scanning sectors +625137345
    20:46:06.343 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:46:14.593 Service scanning
    20:46:26.062 Modules scanning
    20:46:40.781 Disk 0 trace - called modules:
    20:46:40.796 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    20:46:40.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab87ab8]
    20:46:40.796 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ac08d98]
    20:46:41.421 AVAST engine scan C:\WINDOWS
    20:46:47.703 AVAST engine scan C:\WINDOWS\system32
    20:49:25.812 AVAST engine scan C:\WINDOWS\system32\drivers
    20:49:49.718 AVAST engine scan C:\Documents and Settings\Michael
    21:18:57.203 AVAST engine scan C:\Documents and Settings\All Users
    21:43:46.546 Scan finished successfully
    21:44:24.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat"
    21:44:24.687 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"
  6. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    Sorry, called away:


    .\debug.cpp(238) : Debug log started at 29.05.2012 - 03:40:18
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x00229000 "\WINDOWS\system32\ntoskrnl.exe"
    .\debug.cpp(256) : 0x80700000 0x00020d00 "\WINDOWS\system32\hal.dll"
    .\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
    .\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0xf75a8000 0x0002e000 "ACPI.sys"
    .\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
    .\debug.cpp(256) : 0xf7597000 0x00011000 "pci.sys"
    .\debug.cpp(256) : 0xf75f7000 0x0000a000 "isapnp.sys"
    .\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
    .\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
    .\debug.cpp(256) : 0xf7607000 0x0000b000 "MountMgr.sys"
    .\debug.cpp(256) : 0xf74d8000 0x0001f000 "ftdisk.sys"
    .\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
    .\debug.cpp(256) : 0xf7617000 0x0000d000 "VolSnap.sys"
    .\debug.cpp(256) : 0xf74c0000 0x00018000 "atapi.sys"
    .\debug.cpp(256) : 0xf7627000 0x00009000 "disk.sys"
    .\debug.cpp(256) : 0xf7637000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0xf74a0000 0x00020000 "fltmgr.sys"
    .\debug.cpp(256) : 0xf745b000 0x00045000 "bdfsfltr.sys"
    .\debug.cpp(256) : 0xf7647000 0x0000a000 "PxHelp20.sys"
    .\debug.cpp(256) : 0xf7444000 0x00017000 "KSecDD.sys"
    .\debug.cpp(256) : 0xf7b52000 0x0008d000 "Ntfs.sys"
    .\debug.cpp(256) : 0xf7417000 0x0002d000 "NDIS.sys"
    .\debug.cpp(256) : 0xf7837000 0x00060000 "timntr.sys"
    .\debug.cpp(256) : 0xf7717000 0x00006000 "symlcbrd.sys"
    .\debug.cpp(256) : 0xf796b000 0x0001c000 "snapman.sys"
    .\debug.cpp(256) : 0xf7951000 0x0001a000 "Mup.sys"
    .\debug.cpp(256) : 0xf7657000 0x0000b000 "agp440.sys"
    .\debug.cpp(256) : 0xba1fe000 0x00009000 "\SystemRoot\System32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0xb845f000 0x00135000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
    .\debug.cpp(256) : 0xb844b000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0xf775f000 0x00006000 "\SystemRoot\System32\DRIVERS\usbuhci.sys"
    .\debug.cpp(256) : 0xb8427000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0xf7767000 0x00008000 "\SystemRoot\System32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0xba1ee000 0x0000f000 "\SystemRoot\system32\DRIVERS\IntelC53.sys"
    .\debug.cpp(256) : 0xb8404000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0xb82dd000 0x00127000 "\SystemRoot\system32\DRIVERS\IntelC51.sys"
    .\debug.cpp(256) : 0xb8248000 0x00095000 "\SystemRoot\system32\DRIVERS\IntelC52.sys"
    .\debug.cpp(256) : 0xf776f000 0x00006000 "\SystemRoot\system32\DRIVERS\mohfilt.sys"
    .\debug.cpp(256) : 0xf7777000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
    .\debug.cpp(256) : 0xb8220000 0x00028000 "\SystemRoot\System32\DRIVERS\e100b325.sys"
    .\debug.cpp(256) : 0xf777f000 0x00007000 "\SystemRoot\System32\DRIVERS\fdc.sys"
    .\debug.cpp(256) : 0xba1de000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0xf7787000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0xba1ce000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"
    .\debug.cpp(256) : 0xba685000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"
    .\debug.cpp(256) : 0xb820c000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"
    .\debug.cpp(256) : 0xba1be000 0x0000b000 "\SystemRoot\System32\DRIVERS\imapi.sys"
    .\debug.cpp(256) : 0xba1ae000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0xba19e000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
    .\debug.cpp(256) : 0xf778f000 0x00006000 "\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys"
    .\debug.cpp(256) : 0xb817e000 0x0008e000 "\SystemRoot\system32\drivers\smwdm.sys"
    .\debug.cpp(256) : 0xb815a000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0xba18e000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0xf79cd000 0x00002000 "\SystemRoot\system32\drivers\aeaudio.sys"
    .\debug.cpp(256) : 0xb8137000 0x00023000 "\SystemRoot\system32\drivers\windrvr6.sys"
    .\debug.cpp(256) : 0xf7aa0000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
    .\debug.cpp(256) : 0xba17e000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0xba67d000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0xb8120000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0xf7687000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0xf7697000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0xb85dc000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0xb810f000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
    .\debug.cpp(256) : 0xf76a7000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
    .\debug.cpp(256) : 0xb85d4000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
    .\debug.cpp(256) : 0xb85cc000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
    .\debug.cpp(256) : 0xf76b7000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0xb85c4000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0xb80f5000 0x0001a000 "\SystemRoot\system32\DRIVERS\bdfndisf.sys"
    .\debug.cpp(256) : 0xf79cf000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0xb8097000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
    .\debug.cpp(256) : 0xb9bd1000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0xf76d7000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0xf76e7000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0xf79dd000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0xba6d5000 0x00004000 "\SystemRoot\system32\drivers\MODEMCSA.sys"
    .\debug.cpp(256) : 0xb85bc000 0x00005000 "\SystemRoot\System32\DRIVERS\flpydisk.sys"
    .\debug.cpp(256) : 0xf79e3000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0xba5c3000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0xf79e5000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0xb85ac000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0xf79e7000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
    .\debug.cpp(256) : 0xf79e9000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0xb85a4000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0xb859c000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0xba6c1000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
    .\debug.cpp(256) : 0xaede6000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
    .\debug.cpp(256) : 0xaed8d000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
    .\debug.cpp(256) : 0xf7587000 0x0000c000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
    .\debug.cpp(256) : 0xaed3f000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
    .\debug.cpp(256) : 0xaed17000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0xf7577000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0xb8594000 0x00007000 "\SystemRoot\System32\Drivers\AswRdr.SYS"
    .\debug.cpp(256) : 0xaecf5000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
    .\debug.cpp(256) : 0xf7567000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0xaecca000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0xba6a9000 0x00004000 "\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS"
    .\debug.cpp(256) : 0xaebba000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0xf7547000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
    .\debug.cpp(256) : 0xaeb69000 0x00051000 "\SystemRoot\System32\Drivers\aswSP.SYS"
    .\debug.cpp(256) : 0xaeaa7000 0x0009a000 "\SystemRoot\System32\Drivers\aswSnx.SYS"
    .\debug.cpp(256) : 0xf77f7000 0x00008000 "\SystemRoot\System32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0xf7507000 0x0000b000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"
    .\debug.cpp(256) : 0xaeb65000 0x00003000 "\SystemRoot\System32\DRIVERS\hidusb.sys"
    .\debug.cpp(256) : 0xba7a0000 0x00009000 "\SystemRoot\System32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0xf77ff000 0x00007000 "\SystemRoot\System32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0xaee29000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
    .\debug.cpp(256) : 0xaea54000 0x00007000 "\SystemRoot\System32\DRIVERS\usbprint.sys"
    .\debug.cpp(256) : 0xaea4c000 0x00006000 "\SystemRoot\system32\DRIVERS\HPZius12.sys"
    .\debug.cpp(256) : 0xba720000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
    .\debug.cpp(256) : 0xadd31000 0x00021000 "\SystemRoot\system32\DRIVERS\SaiH0461.sys"
    .\debug.cpp(256) : 0xba710000 0x0000d000 "\SystemRoot\system32\DRIVERS\HPZid412.sys"
    .\debug.cpp(256) : 0xaee1d000 0x00003000 "\SystemRoot\System32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0xaee19000 0x00004000 "\SystemRoot\system32\DRIVERS\HPZipr12.sys"
    .\debug.cpp(256) : 0xadcf1000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
    .\debug.cpp(256) : 0xf7a07000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
    .\debug.cpp(256) : 0xbf800000 0x001c7000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0xaed7d000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0xaea44000 0x00005000 "\SystemRoot\System32\watchdog.sys"
    .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
    .\debug.cpp(256) : 0xf7aa2000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
    .\debug.cpp(256) : 0xbf012000 0x0032f000 "\SystemRoot\System32\nv4_disp.dll"
    .\debug.cpp(256) : 0xbf341000 0x00047000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0xad856000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
    .\debug.cpp(256) : 0xaea34000 0x00008000 "\SystemRoot\system32\DRIVERS\tifsfilt.sys"
    .\debug.cpp(256) : 0xad7e2000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0xad664000 0x00016000 "\SystemRoot\System32\Drivers\aswMon2.SYS"
    .\debug.cpp(256) : 0xad37f000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
    .\debug.cpp(256) : 0xad5d4000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
    .\debug.cpp(256) : 0xad2dc000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
    .\debug.cpp(256) : 0xf7995000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
    .\debug.cpp(256) : 0xac883000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
    .\debug.cpp(256) : 0xac73b000 0x00058000 "\SystemRoot\System32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xac984000 0x0000a000 "\SystemRoot\System32\DRIVERS\secdrv.sys"
    .\debug.cpp(256) : 0xabed1000 0x00019000 "\??\C:\DOCUME~1\Michael\LOCALS~1\Temp\kxtdikoc.sys"
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IntelCatawbaDsp"
    .\debug.cpp(400) : Destination "\Device\IntelCatawbaDsp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
    .\debug.cpp(400) : Destination "\Device\aswSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D2&SUBSYS_01741028&REV_02#3&172e68dd&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
    .\debug.cpp(400) : Destination "\Device\Ip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
    .\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{5E04B66B-F5DB-475B-A23C-28892930ED3E}"
    .\debug.cpp(400) : Destination "\Device\INTELPRO_{5E04B66B-F5DB-475B-A23C-28892930ED3E}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1783a42a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MdmPerfMon2"
    .\debug.cpp(400) : Destination "\Device\MdmPerfMon2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
    .\debug.cpp(400) : Destination "\Device\IPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EF05428A-FE66-4BAF-B067-5DB83AE2B906}"
    .\debug.cpp(400) : Destination "\Device\{EF05428A-FE66-4BAF-B067-5DB83AE2B906}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&32c7f5a4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000035"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\snapman"
    .\debug.cpp(400) : Destination "\Device\snapman"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
    .\debug.cpp(400) : Destination "\Device\NDProxy"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"
    .\debug.cpp(400) : Destination "\Device\aswMon"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TIFSFManager"
    .\debug.cpp(400) : Destination "\Device\TIFSFManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MOH Intel(R) 537EP V9x DF PCI Modem"
    .\debug.cpp(400) : Destination "\Device\MOH Intel(R) 537EP V9x DF PCI Modem"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
    .\debug.cpp(400) : Destination "\Device\ParallelVdm0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\OMCI"
    .\debug.cpp(400) : Destination "\Device\OMCI"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{276BCA54-109C-49A8-B418-5091070D7634}"
    .\debug.cpp(400) : Destination "\Device\{276BCA54-109C-49A8-B418-5091070D7634}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7AE77076-0421-48E1-98FF-270734CADBA6}"
    .\debug.cpp(400) : Destination "\Device\{7AE77076-0421-48E1-98FF-270734CADBA6}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{49FB9869-4B01-4C57-B996-737501CD9676}"
    .\debug.cpp(400) : Destination "\Device\{49FB9869-4B01-4C57-B996-737501CD9676}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
    .\debug.cpp(400) : Destination "\Device\Serial0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4BBF7B28-39E0-481A-818D-4D5D6BDE518F}"
    .\debug.cpp(400) : Destination "\Device\{4BBF7B28-39E0-481A-818D-4D5D6BDE518F}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\kxtdikoc"
    .\debug.cpp(400) : Destination "\Device\kxtdikoc"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
    .\debug.cpp(400) : Destination "\Device\Usbscan0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0424&Pid_2504#5&118eca50&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
    .\debug.cpp(400) : Destination "\Device\537"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSnx"
    .\debug.cpp(400) : Destination "\Device\aswSnx"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&14e44c3b&1&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\FloppyPDO0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
    .\debug.cpp(400) : Destination "\Device\PSched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
    .\debug.cpp(400) : Destination "\Device\IPNAT"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24DD&SUBSYS_01741028&REV_02#3&172e68dd&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WINDRVR6"
    .\debug.cpp(400) : Destination "\Device\WINDRVR6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02#3&172e68dd&0&FD#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
    .\debug.cpp(400) : Destination "\Device\ASWTDI"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswWalkStack"
    .\debug.cpp(400) : Destination "\Device\aswWalkStack"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c018#6&bd06434&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1582A9A-BD6A-4190-AC62-8A32284B27EB}"
    .\debug.cpp(400) : Destination "\Device\{C1582A9A-BD6A-4190-AC62-8A32284B27EB}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D9E86487-B259-4AB4-A579-F2563C3F8258}"
    .\debug.cpp(400) : Destination "\Device\{D9E86487-B259-4AB4-A579-F2563C3F8258}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AcroVBus"
    .\debug.cpp(400) : Destination "\Device\AcroVBus"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination "\Device\VideoPdo0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&271b048a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bdfndisf_Arp"
    .\debug.cpp(400) : Destination "\Device\Bdfndisf_Arp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a9961a5-12d7-11d9-843e-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature6A7FB14FOffset7E00Length4A85AD0400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5152ab20-4994-11d9-b8ec-000cf1e03ba8}"
    .\debug.cpp(400) : Destination "\Device\Floppy0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
    .\debug.cpp(400) : Destination "\Device\sysaudio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5E04B66B-F5DB-475B-A23C-28892930ED3E}"
    .\debug.cpp(400) : Destination "\Device\{5E04B66B-F5DB-475B-A23C-28892930ED3E}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&19e79502&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilterStub"
    .\debug.cpp(400) : Destination "\Device\DsdaFilterStub"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP_Open"
    .\debug.cpp(400) : Destination "\Device\aswSP_Open"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02#3&172e68dd&0&FD#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IntelCatawbaAfe"
    .\debug.cpp(400) : Destination "\Device\IntelCatawbaAfe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2fa24548&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D7&SUBSYS_01741028&REV_02#3&172e68dd&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D4&SUBSYS_01741028&REV_02#3&172e68dd&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c018#7&326ebf40&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000006e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX216E_____________________PD01____#5&33fcab6&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_4f11&MI_00#6&1496e74&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\00000067"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a9961a3-12d7-11d9-843e-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{43E2CB42-4315-4DE4-8051-AFDC4E5E5458}"
    .\debug.cpp(400) : Destination "\Device\{43E2CB42-4315-4DE4-8051-AFDC4E5E5458}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"
    .\debug.cpp(400) : Destination "\Device\AavmKer4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000034"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX216E_____________________PD01____#5&33fcab6&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
    .\debug.cpp(400) : Destination "\Device\USNTracker"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Handler"
    .\debug.cpp(400) : Destination "\Device\aswSP_Handler"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_4f11#CN82TF509004CY#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
    .\debug.cpp(400) : Destination "\Device\Floppy0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMAXTOR_STM3320620AS_____________________3.AAE___#5&2fdfe383&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NdisWanIp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IntelCatawbaSound"
    .\debug.cpp(400) : Destination "\Device\IntelCatawbaSound"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bdfndisf"
    .\debug.cpp(400) : Destination "\Device\Bdfndisf"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1080&SUBSYS_10001028&REV_04#4&1c660dd6&0&08F0#{4d36e978-e325-11ce-bfc1-08002be10318}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02#3&172e68dd&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02#3&172e68dd&0&FD#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000037"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
    .\debug.cpp(400) : Destination "\Device\ParTechInc0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
    .\debug.cpp(400) : Destination "\Device\NdisTapi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
    .\debug.cpp(400) : Destination "\Device\IPMULTICAST"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
    .\debug.cpp(400) : Destination "\Device\Parallel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
    .\debug.cpp(400) : Destination "\Device\ParTechInc1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
    .\debug.cpp(400) : Destination "\Device\LanmanRedirector"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1506bb2e&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1080&SUBSYS_10001028&REV_04#4&1c660dd6&0&08F0#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
    .\debug.cpp(400) : Destination "\Device\ParTechInc2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmwdmDev"
    .\debug.cpp(400) : Destination "\Device\Smwdm0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_4f11&MI_01#6&1496e74&0&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
    .\debug.cpp(400) : Destination "\Device\00000068"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Intel(R) 537EP V9x DF PCI Modem"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\FtControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
    .\debug.cpp(400) : Destination "\Device\ASWRDR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
    .\debug.cpp(400) : Destination "\Device\aswSP_Avar"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c018#7&326ebf40&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000006e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DOT4#Vid_03f0&Pid_4f11&MI_02&DOT4&PRINT_HPZ#8&280b66be&0&0#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
    .\debug.cpp(400) : Destination "\Device\HPZID412PRINT_HPZ1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24DE&SUBSYS_01741028&REV_02#3&172e68dd&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_BDFNDISFMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX216E_____________________PD01____#5&33fcab6&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1050&SUBSYS_01741028&REV_02#4&1c660dd6&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_BDFNDISFMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\symlcbrd"
    .\debug.cpp(400) : Destination "\Device\SymantecBiosReader"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;
  7. Broni

    Broni Malware Annihilator Posts: 46,150   +251

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    ComboFix 12-05-29.01 - Michael 05/29/2012 18:05:24.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1881 [GMT -7:00]
    Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\f7129022-a000-4847-db07-470265a73c4f
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\VCREDI~3.EXE
    c:\documents and settings\Michael\System
    c:\documents and settings\Michael\System\win_qs7.jqx
    c:\documents and settings\Michael\WINDOWS
    c:\windows\system32\pthreadVC.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-26 02:10 . 2012-05-26 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-05-26 02:09 . 2012-05-26 02:09 -------- d-----w- c:\program files\Security Task Manager
    2012-05-08 21:24 . 2012-05-08 21:24 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-08 21:24 . 2012-05-08 21:24 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-08 21:24 . 2012-05-08 21:24 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
    2012-05-02 17:59 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-05-02 17:59 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-05-02 17:59 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-05-02 17:59 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-05-02 17:59 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-05-02 17:59 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-05-02 17:59 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-05-02 17:59 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-05-02 17:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-05-02 17:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-05-02 17:49 . 2012-05-02 17:58 -------- d-----w- c:\program files\AVAST Software
    2012-05-02 17:49 . 2012-05-02 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-20 22:49 . 2012-04-20 22:49 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
    2012-04-20 22:44 . 2012-04-20 22:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-20 22:44 . 2011-06-28 17:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-11 13:14 . 2003-07-16 20:39 2148352 ------w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12 . 2003-07-16 20:51 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35 . 2002-08-29 01:04 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-04-04 22:56 . 2009-11-07 00:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-01 18:31 . 2012-04-01 18:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-04-01 18:31 . 2010-06-06 17:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN23.tmp
    2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN22.tmp
    2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN21.tmp
    2012-03-01 11:01 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2008-11-08 20:48 . 2008-11-08 20:48 27024112 ----a-w- c:\program files\PowerPointViewer.exe
    2008-05-12 18:36 . 2008-05-12 18:36 29920512 ----a-w- c:\program files\tunebite.exe
    2006-08-30 21:12 . 2006-08-30 21:12 13905464 ----a-w- c:\program files\snagit.exe
    2006-03-07 01:34 . 2006-03-07 01:34 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
    2005-04-06 22:16 . 2005-04-06 22:15 2513056 ----a-w- c:\program files\spywareblastersetup33.exe
    2004-12-08 05:17 . 2004-12-08 05:17 2247855 ----a-w- c:\program files\spywareblastersetup.exe
    2004-11-22 20:51 . 2004-11-22 20:51 6792848 ----a-w- c:\program files\modelpressreader.exe
    2004-11-22 18:15 . 2004-11-22 18:15 24632128 ----a-w- c:\program files\modelpresspublisher.exe
    2012-05-08 21:24 . 2011-11-14 16:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
    @="{E85A1ED4-8717-4EA5-ADAD-1D498B9DA370}"
    [HKEY_CLASSES_ROOT\CLSID\{E85A1ED4-8717-4EA5-ADAD-1D498B9DA370}]
    2010-06-16 22:18 2378632 ----a-w- c:\program files\CenturyLink Share and Store\AGSIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
    @="{280809E2-EDA4-4DE2-916F-0F281B773538}"
    [HKEY_CLASSES_ROOT\CLSID\{280809E2-EDA4-4DE2-916F-0F281B773538}]
    2010-06-16 22:18 2378632 ----a-w- c:\program files\CenturyLink Share and Store\AGSIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-17 4800512]
    "nwiz"="nwiz.exe" [2007-12-05 1626112]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-29 273528]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
    2006-12-26 21:55 40960 ----a-w- c:\windows\NCLAUNCH.EXe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Documents and Settings\\Michael\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:UDP"= 5353:UDP:Bonjour Port 5353
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2012 10:59 AM 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2012 10:59 AM 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2012 10:59 AM 20696]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [8/6/2009 4:34 PM 111312]
    R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [10/8/2008 12:36 PM 136832]
    S2 gupdate1c9d97b56fbbab4;Google Update Service (gupdate1c9d97b56fbbab4);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2009 11:46 AM 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/20/2012 3:44 PM 253088]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [6/25/2009 4:04 PM 183880]
    S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [6/29/2009 2:12 PM 153448]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 4:55 PM 39424]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2009 11:46 AM 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 2:24 PM 129976]
    S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2/17/2008 6:17 PM 56576]
    S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2/17/2008 6:17 PM 19584]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
    S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys --> c:\windows\system32\Drivers\vmwvusb.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 22:44]
    .
    2012-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
    .
    2012-05-30 c:\windows\Tasks\GlaryInitialize.job
    - c:\start menu\Programs\Glary Utilities\initialize.exe [2011-11-04 01:59]
    .
    2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 18:46]
    .
    2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 18:46]
    .
    2012-05-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
    .
    2012-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1604221776-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
    .
    2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    Trusted Zone: ebay.com\shiptrack
    Trusted Zone: ebay.com\signin
    Trusted Zone: live365.com\www
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: microsoft.com\*.windowsupdate
    Trusted Zone: microsoft.com\office
    Trusted Zone: microsoft.com\www.update
    Trusted Zone: pb.com\ibdswebp11-ext
    Trusted Zone: windowsupdate.com\download
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\xnmo7rrc.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime Alternative\qttask.exe
    AddRemove-HijackThis - e:\repair kit\Virus Removal\HijackThis.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-29 18:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(1168)
    c:\windows\system32\relog_ap.dll
    .
    - - - - - - - > 'explorer.exe'(2952)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-29 18:34:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-30 01:34
    ComboFix2.txt 2009-11-07 00:04
    .
    Pre-Run: 255,118,319,616 bytes free
    Post-Run: 255,773,925,376 bytes free
    .
    - - End Of File - - 4D685273BF4D1B43FF274BDB432DECE3
  9. Broni

    Broni Malware Annihilator Posts: 46,150   +251

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    SecCenter::
    {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    {4055920F-2E99-48A8-A270-4243D2B8F242}
    
    DDS::
    Trusted Zone: ebay.com\shiptrack
    Trusted Zone: ebay.com\signin
    Trusted Zone: live365.com\www
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: microsoft.com\*.windowsupdate
    Trusted Zone: microsoft.com\office
    Trusted Zone: microsoft.com\www.update
    Trusted Zone: pb.com\ibdswebp11-ext
    Trusted Zone: windowsupdate.com\download
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  10. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    ComboFix 12-05-29.01 - Michael 05/29/2012 19:00:23.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2020 [GMT -7:00]
    Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Michael\Desktop\Security Maintenance\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-26 02:10 . 2012-05-26 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-05-26 02:09 . 2012-05-26 02:09 -------- d-----w- c:\program files\Security Task Manager
    2012-05-08 21:24 . 2012-05-08 21:24 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-08 21:24 . 2012-05-08 21:24 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-08 21:24 . 2012-05-08 21:24 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
    2012-05-02 17:59 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-05-02 17:59 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-05-02 17:59 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-05-02 17:59 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-05-02 17:59 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-05-02 17:59 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-05-02 17:59 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-05-02 17:59 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-05-02 17:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-05-02 17:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
    2012-05-02 17:49 . 2012-05-02 17:58 -------- d-----w- c:\program files\AVAST Software
    2012-05-02 17:49 . 2012-05-02 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-20 22:49 . 2012-04-20 22:49 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
    2012-04-20 22:44 . 2012-04-20 22:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-20 22:44 . 2011-06-28 17:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-11 13:14 . 2003-07-16 20:39 2148352 ------w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:12 . 2003-07-16 20:51 1862272 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 12:35 . 2002-08-29 01:04 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-04-04 22:56 . 2009-11-07 00:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-01 18:31 . 2012-04-01 18:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-04-01 18:31 . 2010-06-06 17:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN23.tmp
    2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN22.tmp
    2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN21.tmp
    2012-03-01 11:01 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2008-11-08 20:48 . 2008-11-08 20:48 27024112 ----a-w- c:\program files\PowerPointViewer.exe
    2008-05-12 18:36 . 2008-05-12 18:36 29920512 ----a-w- c:\program files\tunebite.exe
    2006-08-30 21:12 . 2006-08-30 21:12 13905464 ----a-w- c:\program files\snagit.exe
    2006-03-07 01:34 . 2006-03-07 01:34 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
    2005-04-06 22:16 . 2005-04-06 22:15 2513056 ----a-w- c:\program files\spywareblastersetup33.exe
    2004-12-08 05:17 . 2004-12-08 05:17 2247855 ----a-w- c:\program files\spywareblastersetup.exe
    2004-11-22 20:51 . 2004-11-22 20:51 6792848 ----a-w- c:\program files\modelpressreader.exe
    2004-11-22 18:15 . 2004-11-22 18:15 24632128 ----a-w- c:\program files\modelpresspublisher.exe
    2012-05-08 21:24 . 2011-11-14 16:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
    @="{E85A1ED4-8717-4EA5-ADAD-1D498B9DA370}"
    [HKEY_CLASSES_ROOT\CLSID\{E85A1ED4-8717-4EA5-ADAD-1D498B9DA370}]
    2010-06-16 22:18 2378632 ----a-w- c:\program files\CenturyLink Share and Store\AGSIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
    @="{280809E2-EDA4-4DE2-916F-0F281B773538}"
    [HKEY_CLASSES_ROOT\CLSID\{280809E2-EDA4-4DE2-916F-0F281B773538}]
    2010-06-16 22:18 2378632 ----a-w- c:\program files\CenturyLink Share and Store\AGSIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-17 4800512]
    "nwiz"="nwiz.exe" [2007-12-05 1626112]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-29 273528]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
    2006-12-26 21:55 40960 ----a-w- c:\windows\NCLAUNCH.EXe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Documents and Settings\\Michael\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:UDP"= 5353:UDP:Bonjour Port 5353
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2012 10:59 AM 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2012 10:59 AM 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2012 10:59 AM 20696]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [8/6/2009 4:34 PM 111312]
    R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [10/8/2008 12:36 PM 136832]
    S2 gupdate1c9d97b56fbbab4;Google Update Service (gupdate1c9d97b56fbbab4);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2009 11:46 AM 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/20/2012 3:44 PM 253088]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [6/25/2009 4:04 PM 183880]
    S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [6/29/2009 2:12 PM 153448]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 4:55 PM 39424]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2009 11:46 AM 133104]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 2:24 PM 129976]
    S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2/17/2008 6:17 PM 56576]
    S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2/17/2008 6:17 PM 19584]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
    S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys --> c:\windows\system32\Drivers\vmwvusb.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 22:44]
    .
    2012-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
    .
    2012-05-30 c:\windows\Tasks\GlaryInitialize.job
    - c:\start menu\Programs\Glary Utilities\initialize.exe [2011-11-04 01:59]
    .
    2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 18:46]
    .
    2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 18:46]
    .
    2012-05-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
    .
    2012-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1604221776-839522115-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
    .
    2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\xnmo7rrc.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-29 19:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(1168)
    c:\windows\system32\relog_ap.dll
    .
    - - - - - - - > 'explorer.exe'(2468)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-05-29 19:15:35
    ComboFix-quarantined-files.txt 2012-05-30 02:15
    ComboFix2.txt 2012-05-30 01:34
    ComboFix3.txt 2009-11-07 00:04
    .
    Pre-Run: 255,760,076,800 bytes free
    Post-Run: 255,739,625,472 bytes free
    .
    - - End Of File - - 52C20F801CA504955960488A787A9C6C
  11. Broni

    Broni Malware Annihilator Posts: 46,150   +251

    Looks good.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    OTL logfile created on: 5/29/2012 7:50:21 PM - Run 1
    OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Michael\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 78.87% Memory free
    3.09 Gb Paging File | 2.81 Gb Available in Paging File | 90.87% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 238.22 Gb Free Space | 79.91% Space Free | Partition Type: NTFS

    Computer Name: MICHAEL6MASTER | User Name: Michael | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/29 19:48:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
    PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/10/29 12:01:16 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/03/08 11:23:35 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    PRC - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/20 09:03:02 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/29 10:59:52 | 001,763,328 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12052901\algo.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/11/03 09:46:01 | 000,094,720 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2010\framework.dll
    MOD - [2009/01/15 13:45:34 | 000,181,248 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\txmlutil.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/05/08 14:24:31 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/20 15:44:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/03/08 11:23:35 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV - [2010/04/01 11:40:51 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
    SRV - [2009/11/03 09:45:04 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
    SRV - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
    SRV - [2009/07/14 14:36:00 | 000,066,056 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
    SRV - [2008/07/29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2008/04/13 17:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
    SRV - [2008/04/13 17:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
    SRV - [2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
    SRV - [2008/04/13 17:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
    SRV - [2008/04/13 17:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
    SRV - [2007/04/20 09:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\vmwvusb.sys -- (vmwvusb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
    DRV - [2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/06 16:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/06 16:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/03/06 15:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/05/04 10:16:53 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2010/05/04 10:16:44 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
    DRV - [2010/02/26 11:57:10 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
    DRV - [2009/09/22 09:51:26 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
    DRV - [2009/08/25 13:10:52 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/07/24 12:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2009/05/07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
    DRV - [2008/04/13 12:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
    DRV - [2008/04/13 11:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2008/04/13 11:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
    DRV - [2008/04/13 11:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
    DRV - [2008/04/13 11:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
    DRV - [2008/03/26 11:47:30 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiH0461.sys -- (SaiH0461)
    DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
    DRV - [2008/02/11 19:31:12 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
    DRV - [2007/12/05 11:12:23 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
    DRV - [2007/12/05 11:12:23 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2007/12/05 11:12:15 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
    DRV - [2006/08/14 03:52:49 | 000,035,328 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
    DRV - [2006/08/14 03:52:44 | 000,013,824 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
    DRV - [2006/03/10 16:55:18 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM)
    DRV - [2004/07/26 12:54:48 | 000,056,576 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0109.sys -- (SaiH0109)
    DRV - [2004/07/26 12:54:24 | 000,019,584 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiU0109.sys -- (SaiU0109)
    DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
    DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
    DRV - [2003/08/10 14:17:58 | 000,256,568 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
    DRV - [2003/07/16 13:27:04 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
    DRV - [2003/07/16 13:25:07 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
    DRV - [2003/07/16 13:23:47 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
    DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
    DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes,DefaultScope = {E61188EB-9D0E-4B77-A474-FA1AD3768641}
    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{9052741B-A5DA-474C-AFAE-F0BF43879692}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{D449E059-9CF2-42C9-A537-CE9E710470FE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{D7B76925-83F6-4F4C-9524-EDDC212AD7DE}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF
    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{E598C113-004C-4A3C-A1C8-F3BED563F7D2}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{E61188EB-9D0E-4B77-A474-FA1AD3768641}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=FP-tab-web-t340&ei=UTF-8&meta=vc=
    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/29 12:02:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/02 10:59:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/08 14:24:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/11/14 09:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
    [2012/05/25 19:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xnmo7rrc.default\extensions
    [2012/05/09 14:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xnmo7rrc.default\extensions\staged
    [2012/05/08 14:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHAEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XNMO7RRC.DEFAULT\EXTENSIONS\CROSSRIDERAPP2258@CROSSRIDER.COM
    [2012/05/02 10:59:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/04/01 11:31:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2012/05/08 14:24:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/10 22:46:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/10 22:46:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/05/29 18:23:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096585577562 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249583461656 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.com/players/play365.cab (Live365Player Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E04B66B-F5DB-475B-A23C-28892930ED3E}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/09/30 13:35:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  13. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: VIDC.JDCT - jl_jdct.drv File not found
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/29 19:47:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
    [2012/05/29 18:01:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/05/29 18:01:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/05/29 18:01:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/05/29 17:30:46 | 004,530,590 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
    [2012/05/25 20:39:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
    [2012/05/25 19:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2012/05/25 19:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
    [2012/05/25 19:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2012/05/08 14:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/05/08 14:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
    [2012/05/02 10:59:35 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/05/02 10:59:35 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/05/02 10:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2012/05/02 10:59:34 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/05/02 10:59:34 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/05/02 10:59:33 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/05/02 10:59:33 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/05/02 10:59:33 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/05/02 10:59:32 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/05/02 10:59:07 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/05/02 10:59:06 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/05/02 10:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/05/02 10:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/05/29 19:50:19 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1604221776-839522115-1004.job
    [2012/05/29 19:50:19 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
    [2012/05/29 19:48:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
    [2012/05/29 19:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/29 19:39:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/05/29 18:23:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/05/29 18:23:06 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2012/05/29 18:23:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/29 18:20:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/05/29 18:00:05 | 004,530,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
    [2012/05/29 15:52:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/05/29 15:04:24 | 000,000,309 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Virus and Malware Removal - TechSpot Forums.url
    [2012/05/29 15:04:08 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Windows Error Reporting.url
    [2012/05/29 13:13:07 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job
    [2012/05/28 16:45:13 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Office Outlook 2003 (2).lnk
    [2012/05/28 11:17:20 | 000,005,050 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\How to Clear a Used iPad eHow.com.url
    [2012/05/27 20:48:52 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Google.url
    [2012/05/27 20:25:40 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Yahoo! Search - Web Search.url
    [2012/05/27 11:49:53 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\eBay Search Advanced Search.url
    [2012/05/25 19:19:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2012/05/25 18:40:22 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\craigslist portland, OR classifieds for jobs, apartments, personals, for sale, services, community, and events.url
    [2012/05/25 12:56:54 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Everything You Need To Know About Wireless Bridging and Repeating - Part 1 WDS - Ex. 1 Bridge w-WDS enabled router - SmallNetBuilder.url
    [2012/05/24 17:31:40 | 000,016,108 | -H-- | M] () -- C:\Documents and Settings\Michael\Application Data\Thumbs.ini
    [2012/05/24 10:40:23 | 000,002,704 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\CFL bulbs - Page 2 - Digital Grin Photography Forum.url
    [2012/05/23 21:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/05/22 14:58:32 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Gorge Net Classifieds.url
    [2012/05/21 21:00:26 | 000,017,156 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\My eBay Selling Items I'm Selling.url
    [2012/05/21 09:34:36 | 000,001,781 | ---- | M] () -- C:\Custom.dic
    [2012/05/18 20:27:18 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\4T65E Do-It-Yourself Shift Kit Instructions and Install Guide.url
    [2012/05/13 11:12:11 | 000,000,799 | -H-- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2012/05/13 11:12:10 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/05/13 11:12:10 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/05/11 11:53:46 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/05/09 21:29:49 | 000,000,822 | -H-- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/05/02 10:59:33 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/05/29 15:04:08 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Windows Error Reporting.url
    [2012/05/28 17:47:27 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Virus and Malware Removal - TechSpot Forums.url
    [2012/05/28 11:17:20 | 000,005,050 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\How to Clear a Used iPad eHow.com.url
    [2012/05/27 20:41:12 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
    [2012/05/25 12:56:54 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Everything You Need To Know About Wireless Bridging and Repeating - Part 1 WDS - Ex. 1 Bridge w-WDS enabled router - SmallNetBuilder.url
    [2012/05/24 10:40:23 | 000,002,704 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\CFL bulbs - Page 2 - Digital Grin Photography Forum.url
    [2012/05/18 20:27:18 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\4T65E Do-It-Yourself Shift Kit Instructions and Install Guide.url
    [2012/05/09 21:22:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
    [2012/02/15 15:08:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/04 17:08:25 | 000,102,236 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
    [2012/01/04 17:08:25 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
    [2011/11/28 03:06:53 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\oaukdi.sys
    [2010/07/27 15:28:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll

    ========== LOP Check ==========

    [2007/12/04 18:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2010/11/17 11:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2012/05/02 10:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2007/09/12 07:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
    [2010/12/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2008/05/20 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
    [2010/01/31 19:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2012/01/04 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
    [2008/01/02 11:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
    [2006/03/25 20:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
    [2008/05/12 11:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
    [2010/09/22 13:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
    [2008/02/17 18:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
    [2012/05/25 19:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2011/09/20 17:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Share and Store
    [2007/10/06 23:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2006/08/30 14:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2010/05/02 09:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/11 09:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/07/24 09:51:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
    [2008/10/06 15:48:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
    [2009/08/14 16:33:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A2AEA530-E10C-4267-AF8E-5F478C1AC8FD}
    [2011/09/09 14:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp
    [2011/05/04 17:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
    [2007/12/04 18:40:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Acronis
    [2010/07/21 15:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AMS
    [2009/08/18 11:22:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\BitDefender
    [2009/12/22 12:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/10/07 19:33:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\CoreFTP
    [2005/02/09 11:18:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\CyberScrub
    [2012/05/28 11:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GlarySoft
    [2011/10/22 19:25:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\gtk-2.0
    [2007/11/26 00:33:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Jasc
    [2008/10/02 10:02:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
    [2010/09/09 11:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
    [2009/10/29 23:20:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Registry Mechanic
    [2008/05/12 11:52:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\RTPlayer
    [2006/11/05 22:49:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\SmartDraw
    [2009/07/25 21:11:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\System Tweaker
    [2011/05/03 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Temp
    [2010/03/22 10:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\TestTaker
    [2012/04/26 15:32:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\ThumbsPlus
    [2009/01/18 14:54:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Tunebite
    [2008/11/29 23:41:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Uniblue
    [2005/07/12 08:57:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\WeatherBug
    [2008/10/07 13:49:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search
    [2012/05/29 18:23:06 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
    [2012/05/29 13:13:07 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2008/09/16 18:55:34 | 000,000,035 | ---- | M] () -- C:\aa.txt
    [1997/06/10 17:42:38 | 000,434,176 | ---- | M] () -- C:\ADL.DLL
    [1997/06/10 17:42:38 | 000,008,611 | ---- | M] () -- C:\ADL_MSGS.ENG
    [2009/08/07 10:04:47 | 000,000,016 | ---- | M] () -- C:\asdict.dat
    [2004/09/30 13:35:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/08/18 11:06:25 | 012,783,765 | ---- | M] () -- C:\BdUninstallTool2009.08.18-11.04.22.log
    [2009/08/18 11:06:25 | 000,312,744 | ---- | M] () -- C:\BdUninstallTool2009.08.18-11.04.22.reg
    [2009/09/11 20:50:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/05/25 19:19:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2012/05/29 19:15:36 | 000,014,689 | ---- | M] () -- C:\ComboFix.txt
    [2004/09/30 13:35:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2012/05/21 09:34:36 | 000,001,781 | ---- | M] () -- C:\Custom.dic
    [2012/05/15 14:14:41 | 006,453,368 | ---- | M] () -- C:\immudebug.log
    [2009/08/08 13:37:18 | 000,000,437 | ---- | M] () -- C:\InstallHelper.log
    [2004/09/30 13:35:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/11/07 12:11:36 | 000,011,744 | ---- | M] () -- C:\JavaRa.log
    [1997/06/10 17:42:40 | 000,216,721 | ---- | M] () -- C:\LGSAPI.DLL
    [1997/06/10 17:42:40 | 000,139,392 | ---- | M] () -- C:\LGSAUDIO.DLL
    [1997/06/10 17:42:40 | 000,324,592 | ---- | M] () -- C:\LGSGRAPH.DLL
    [1997/06/10 17:42:42 | 000,463,232 | ---- | M] () -- C:\LGSINTER.DLL
    [1997/06/10 17:42:42 | 000,202,201 | ---- | M] () -- C:\LGSIOBJS.DLL
    [1997/06/10 17:42:44 | 000,357,474 | ---- | M] () -- C:\LGSKERNL.DLL
    [1997/06/10 17:42:44 | 000,096,448 | ---- | M] () -- C:\LGSMDBW.DLL
    [1997/06/10 17:42:44 | 000,115,440 | ---- | M] () -- C:\LGSMMDB.DLL
    [1997/06/10 17:42:46 | 000,391,472 | ---- | M] () -- C:\LGSTEXT.DLL
    [2009/01/18 14:54:13 | 000,002,093 | ---- | M] () -- C:\Log.txt
    [2004/09/30 13:35:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [1997/06/04 10:22:46 | 000,000,329 | ---- | M] () -- C:\MSREG.INI
    [1997/06/17 12:14:32 | 000,013,024 | ---- | M] () -- C:\MSREG16.DLL
    [1997/06/16 02:02:00 | 000,012,640 | ---- | M] () -- C:\MSRUN16.EXE
    [1997/06/23 16:34:24 | 000,484,512 | ---- | M] () -- C:\NGMAG.EXE
    [2004/09/30 18:43:18 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/16 16:10:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/05/29 18:20:33 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [1997/06/10 17:42:46 | 000,093,184 | ---- | M] (Pegasus Imaging Corp.) -- C:\PICN1113.DLL
    [1997/06/10 17:42:46 | 000,049,240 | ---- | M] (Pegasus Imaging Corp.) -- C:\PICW13.DLL
    [2007/04/04 08:57:52 | 000,000,207 | ---- | M] () -- C:\quicklaunch_log_.txt
    [2009/06/30 11:16:33 | 000,001,825 | ---- | M] () -- C:\radio365Quicklaunch.txt
    [1997/06/11 11:01:32 | 000,013,384 | ---- | M] () -- C:\README.TXT
    [2010/09/09 11:19:25 | 000,005,875 | ---- | M] () -- C:\scramble.log
    [2004/10/01 14:28:01 | 000,000,168 | ---- | M] () -- C:\setupfax.log
    [2007/10/19 06:29:34 | 000,002,170 | ---- | M] () -- C:\smbios.bin
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/09/30 13:35:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 16:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2006/07/26 16:07:58 | 000,598,016 | ---- | M] () -- C:\WINDOWS\JZRPA.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2007/04/26 18:52:32 | 000,034,780 | ---- | M] () -- C:\Program Files\about.htm
    [2007/01/09 15:28:54 | 000,123,016 | ---- | M] () -- C:\Program Files\appendx.htm
    [2004/11/22 11:15:59 | 024,632,128 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\modelpresspublisher.exe
    [2004/11/22 13:51:57 | 006,792,848 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\modelpressreader.exe
    [2008/11/08 13:48:57 | 027,024,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer.exe
    [1998/10/18 19:10:08 | 000,027,987 | ---- | M] () -- C:\Program Files\readme.rtf
    [2006/11/17 12:18:32 | 000,003,774 | ---- | M] () -- C:\Program Files\rotating.htm
    [2006/12/21 17:58:32 | 000,043,486 | ---- | M] () -- C:\Program Files\setup.htm
    [2006/08/30 14:12:48 | 013,905,464 | ---- | M] () -- C:\Program Files\snagit.exe
    [2006/11/17 12:18:54 | 000,020,903 | ---- | M] () -- C:\Program Files\solve.htm
    [2004/12/07 22:17:39 | 002,247,855 | ---- | M] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup.exe
    [2005/04/06 15:16:24 | 002,513,056 | ---- | M] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup33.exe
    [2006/03/06 18:34:01 | 002,566,736 | ---- | M] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup351.exe
    [2006/11/17 12:18:58 | 000,005,832 | ---- | M] () -- C:\Program Files\stand.htm
    [2008/05/12 11:36:15 | 029,920,512 | ---- | M] (RapidSolution Software AG) -- C:\Program Files\tunebite.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/09/30 05:54:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/09/30 05:54:41 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/09/30 05:54:41 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/16 16:19:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2004/09/30 18:58:43 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/09/30 13:44:35 | 000,000,079 | -H-- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/05/29 18:00:05 | 004,530,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
    [2012/05/29 19:48:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
    [2012/04/25 16:24:24 | 018,327,145 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\thmpls70sp12230.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/05/29 19:39:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/05/23 21:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2003/07/16 13:36:49 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/05/29 18:23:06 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2012/05/29 18:23:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/29 19:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/29 19:50:19 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
    [2012/05/29 19:50:19 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1604221776-839522115-1004.job
    [2012/05/29 19:15:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2012/05/29 13:13:07 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2009/01/04 13:45:41 | 004,698,400 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\vrle.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/09/30 18:58:43 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Michael\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/05/29 19:50:14 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Michael\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2003/07/16 13:32:13 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2003/07/16 13:38:45 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2003/07/16 13:38:46 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2003/07/16 13:40:43 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-11 14:16:14

    < >

    < >

    ========== Files - Unicode (All) ==========
    [2011/05/20 21:33:38 | 000,000,416 | ---- | M] ()(C:\Documents and Settings\Michael\Desktop\Get Cash For Men's Gold Rings GoldFellow?.url) -- C:\Documents and Settings\Michael\Desktop\Get Cash For Men's Gold Rings GoldFellow�.url
    [2011/05/20 21:33:38 | 000,000,416 | ---- | C] ()(C:\Documents and Settings\Michael\Desktop\Get Cash For Men's Gold Rings GoldFellow?.url) -- C:\Documents and Settings\Michael\Desktop\Get Cash For Men's Gold Rings GoldFellow�.url

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Log.txt:SummaryInformation
    < End of report >
  14. Broni

    Broni Malware Annihilator Posts: 46,150   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2011/03/08 11:23:35 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
      MOD - [2009/11/03 09:46:01 | 000,094,720 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2010\framework.dll
      MOD - [2009/01/15 13:45:34 | 000,181,248 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\txmlutil.dll
      SRV - [2011/03/08 11:23:35 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
      SRV - [2010/04/01 11:40:51 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
      SRV - [2009/11/03 09:45:04 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
      DRV - [2010/05/04 10:16:53 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
      DRV - [2010/05/04 10:16:44 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
      DRV - [2010/02/26 11:57:10 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
      DRV - [2009/09/22 09:51:26 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
      DRV - [2009/07/24 12:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
      DRV - [2009/05/07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
      DRV - [2008/02/11 19:31:12 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O15 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..Trusted Domains: ([]msn in My Computer)
      O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
      [2011/11/28 03:06:53 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\oaukdi.sys
      [2010/12/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
      [2009/08/18 11:22:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\BitDefender
      [2009/10/29 23:20:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Registry Mechanic
      @Alternate Data Stream - 88 bytes -> C:\Log.txt:SummaryInformation
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Common Files\BitDefender
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  15. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    After running OTL And getting the log, I cant get online. Repeated restarts and router and adapter reboots have no effect. Repair connection says it cant query the TCP/IP settings.
  16. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    OTL Extras logfile created on: 5/29/2012 7:50:21 PM - Run 1
    OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Michael\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 78.87% Memory free
    3.09 Gb Paging File | 2.81 Gb Available in Paging File | 90.87% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 238.22 Gb Free Space | 79.91% Space Free | Partition Type: NTFS

    Computer Name: MICHAEL6MASTER | User Name: Michael | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Documents and Settings\Michael\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Michael\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
    "C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe" = C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe:*:Disabled:LogMeIn Rescue Calling Card -- (LogMeIn, Inc.)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
    "C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
    "{06EA5F57-9903-40A5-9DA3-1841ABC81E6F}" = CVA MAP Assistance
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
    "{14F5F230-BE3A-4b06-A022-2DF20F9010FE}_is1" = CenturyLink Share and Store v2.2.1.20422
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E4153AF-3D74-4062-8812-B1FDCE6B1F37}" = LEGO® MINDSTORMS® NXT - English Language Pack
    "{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
    "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
    "{4246326C-E861-43CA-B47D-2357454385F9}" = LEGO® MINDSTORMS® NXT Software v1.0
    "{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
    "{54171711-61B7-4B0E-A209-12FF5B3BD183}" = Sophos Windows Shortcut Exploit Protection Tool
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
    "{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
    "{81A60A13-224D-4637-8203-3EAC03B121A4}" = Maxtor MaxBlast
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
    "{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
    "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B99E9D4E-5C08-4EAC-A2F0-24AEEBDE76FB}" = NWEA NTE Administration Tool
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
    "{C603C9F2-0600-4D6F-A669-7B2B63AF14D6}" = AeroFly Professional Deluxe AddOn FMT Magazin
    "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
    "{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
    "{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA}" = LEGO® MINDSTORMS® NXT Driver
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{EAFE958E-7922-4E92-B0DC-369E5938D41C}" = AFPD Import Wizard
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4
    "avast" = avast! Free Antivirus
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Core FTP LE 2.1" = Core FTP LE 2.1
    "CSCLIB" = Canon Camera Support Core Library
    "EOS Utility" = Canon Utilities EOS Utility
    "European Air War" = European Air War
    "FMS" = FMS
    "Foxit PDF Editor" = Foxit PDF Editor
    "Glary Utilities_is1" = Glary Utilities 2.45.0.1486
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
    "InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "IrfanView" = IrfanView (remove only)
    "JumpStart Typing" = JumpStart Typing
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Math Blaster Ages 9-12" = Math Blaster Ages 9-12
    "Math Blaster PreAlgebra" = Math Blaster PreAlgebra
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyConnection PC Lite Edition" = MyConnection PC Lite Edition
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "Picasa 3" = Picasa 3
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 12.0" = RealPlayer
    "Red Baron 3D" = Red Baron 3D
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "Revo Uninstaller" = Revo Uninstaller 1.93
    "Security Task Manager" = Security Task Manager 1.8d
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "ST6UNST #1" = Tile Print
    "System Tweaker_is1" = Uniblue System Tweaker
    "TopWinEn" = TopWinEn
    "VisualRoute Lite Edition" = VisualRoute Lite Edition
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGimp-2.0_is1" = GIMP 2.4.2
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XFLR5_is1" = XFLR5 v2.01
    "XtremaLog_is1" = XtremaLog 1.0.1
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CVA MAP Spring 10" = CVA MAP Spring 10
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/21/2012 8:57:36 PM | Computer Name = MICHAEL6MASTER | Source = Application Error | ID = 1001
    Description = Fault bucket 1993019161.

    Error - 5/22/2012 12:04:21 PM | Computer Name = MICHAEL6MASTER | Source = Microsoft Office 11 | ID = 1000
    Description = Faulting application outlook.exe, version 11.0.8326.0, stamp 4c1c2372,
    faulting module mso.dll, version 11.0.8341.0, stamp 4e29b116, debug? 0, fault address
    0x000035e0.

    Error - 5/22/2012 7:27:54 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/22/2012 7:27:59 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 5/25/2012 9:27:30 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/25/2012 9:27:40 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 5/27/2012 11:37:15 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/27/2012 11:37:20 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 5/29/2012 4:48:34 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/29/2012 5:57:02 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    [ System Events ]
    Error - 5/29/2012 12:01:34 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 5/29/2012 12:01:45 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 5/29/2012 12:01:52 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 5/29/2012 12:02:04 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 5/29/2012 12:02:06 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 5/29/2012 12:02:06 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort1.

    Error - 5/29/2012 12:02:08 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 5/29/2012 12:02:10 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 5/29/2012 12:17:56 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
    period.

    Error - 5/29/2012 2:59:52 PM | Computer Name = MICHAEL6MASTER | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.


    < End of report >
  17. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    All processes killed
    ========== OTL ==========
    Process livesrv.exe killed successfully!
    Service LIVESRV stopped successfully!
    Service LIVESRV deleted successfully!
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe moved successfully.
    Service scan stopped successfully!
    Service scan deleted successfully!
    C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll moved successfully.
    Service Arrakis3 stopped successfully!
    Service Arrakis3 deleted successfully!
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe moved successfully.
    Service bdftdif stopped successfully!
    Service bdftdif deleted successfully!
    C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys moved successfully.
    Error: Unable to stop service Bdfndisf!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bdfndisf deleted successfully.
    C:\WINDOWS\system32\drivers\bdfndisf.sys moved successfully.
    Service bdfm stopped successfully!
    Service bdfm deleted successfully!
    C:\WINDOWS\system32\drivers\bdfm.sys moved successfully.
    Service Profos stopped successfully!
    Service Profos deleted successfully!
    C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys moved successfully.
    Error: Unable to stop service bdfsfltr!
    Unable to delete service\driver key bdfsfltr.
    File move failed. C:\WINDOWS\system32\drivers\bdfsfltr.sys scheduled to be moved on reboot.
    Service Trufos stopped successfully!
    Service Trufos deleted successfully!
    C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys moved successfully.
    Service symlcbrd stopped successfully!
    Service symlcbrd deleted successfully!
    C:\WINDOWS\system32\drivers\symlcbrd.sys moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    C:\WINDOWS\system32\drivers\oaukdi.sys moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\DTrace folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Temp folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\BitDefender folder moved successfully.
    C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles\Logs\my_documents folder moved successfully.
    C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles\Logs\device_detection folder moved successfully.
    C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles\Logs\contextual folder moved successfully.
    C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles\Logs folder moved successfully.
    C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles folder moved successfully.
    C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop folder moved successfully.
    C:\Documents and Settings\Michael\Application Data\BitDefender folder moved successfully.
    C:\Documents and Settings\Michael\Application Data\Registry Mechanic folder moved successfully.
    ADS C:\Log.txt:SummaryInformation deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Common Files\BitDefender\Setup Information\{E182458E-5796-4736-97A3-3EEC01D1D2D6} folder moved successfully.
    C:\Program Files\Common Files\BitDefender\Setup Information folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_16144\Plugins folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_16144 folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_16143\Plugins folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_16143 folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Firewall folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\www folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\tmp folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\log folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\cache\ui-cache\en\default folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\cache\ui-cache\en folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\cache\ui-cache folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\cache folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\etc folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin folder moved successfully.
    C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server folder moved successfully.
    C:\Program Files\Common Files\BitDefender folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 49219 bytes

    User: Michael
    ->Temp folder emptied: 13246471 bytes
    ->Temporary Internet Files folder emptied: 26456181 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 49708531 bytes
    ->Flash cache emptied: 959386 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 65603 bytes

    %systemdrive% .tmp files removed: 125 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 44 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 86.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: Guest

    User: LocalService

    User: Michael
    ->Java cache emptied: 0 bytes

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest

    User: LocalService

    User: Michael
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.44.0 log created on 05292012_204432
    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\system32\drivers\bdfsfltr.sys scheduled to be moved on reboot.
    File\Folder C:\Documents and Settings\Michael\Local Settings\Temp\fla1F.tmp not found!
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\W0AC46OO\dpsync[1].html moved successfully.
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\W0AC46OO\dpsync[2].html moved successfully.
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\W0AC46OO\slow-startup-page-loading-lots-of-exes-running-overtime[1].htm moved successfully.
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\TLDJEPCX\videoplayback[1].flv moved successfully.
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\QF4GF7W3\load[1].htm moved successfully.
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\PFD19GJ0\dpsync[1].html moved successfully.
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\PFD19GJ0\PugTracker[1].htm moved successfully.
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\PFD19GJ0\up[1].html moved successfully.
    C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
    Registry entries deleted on Reboot...
  18. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    I'm online with the bad computer again, without going back to a restore point. Did the java update- I never saw any foist to uncheck. Removed the old iterations. Somehow my post are out of the order I uploaded them in, having had to split up the logs. This computer is still reluctant to move from one task to the next. Security check, farbar,etc. are next,...:

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    SpywareBlaster 4.4
    Spybot - Search & Destroy
    CCleaner
    JavaFX 2.1.0
    Java(TM) 6 Update 31
    Java(TM) 7 Update 4
    Java 2 Runtime Environment, SE v1.4.2_03
    Out of date Java installed!
    Adobe Flash Player 11.2.202.233
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````


    Farbar Service Scanner Version: 27-05-2012
    Ran by Michael (administrator) on 29-05-2012 at 23:58:25
    Running from "C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\2OEDB294"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    **** End of log ****
     
  19. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    Startup took a long time this morning. Internet connectivity icons are missing fron the tray but I can connect. TFT and ECT went badly. TFT did its own very lengthy restart and never reported and I had to make avast allow it to run normally. ECT encountered a "2002 error". I closed down to await feedback on re-running whatever needs it.
  20. Broni

    Broni Malware Annihilator Posts: 46,150   +251

    Uninstall:
    JavaFX 2.1.0
    Java(TM) 6 Update 31
    Java 2 Runtime Environment, SE v1.4.2_03

    Try to run TFC from safe mode.

    What exactly happened with Eset scan?
  21. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    Java Update won't remove- "fatal error". Java Runtime won't remove- "error applying transforms-verify specified paths are valid". The control panel took several tries to open up.
    Re Eset scan- Iclicked OK on the error msg.- the whole thing went away. I shut down.
    I will try to run TFC again.
  22. Broni

    Broni Malware Annihilator Posts: 46,150   +251

    Leave Java alone.

    Use different browser to run Eset.
  23. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    Eset has been running in Firefox for about 80min. with 38 percent done in step 3. Avast enabled itself, despite being "permeanently disabled" a few mins ago. I re-disabled it. TFC appearently did its job last night as it only removed a few megs this morn.
  24. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    Eset, after a 5 hour scan, didn't find any threats.
  25. Michael Neal

    Michael Neal Newcomer, in training Topic Starter Posts: 20

    Lest I forget- and my own memory is corrupt and was never much better than an 8bit Commodore to begin with- I back up to an eBook via Acronis whenever something significant happens on this computer. Do I need to wipe that and start over once we're clean? I looked at some other treads here and it seems that, once clean, a post mortem and, the "plan from bleeping computer to keep-it -that-way", are a good way of finding out what you're doing wrong or right. And also, to thank you again for your help


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.