Solved Slow startup & page loading - lots of .exes running overtime...

Michael Neal

Posts: 20   +0
Hi. Within the last 10 days I've experienced noticeable slowing at startup and page loading. The logs will reveal all, but I have far more than usual number of exes running maxed-out cpu usage for extended periods. This was made somewhat better by turning off win, real, java, etc. auto updates- all of 'em I could except for Avast. There may be some significance to my switching back to IE after a massive Firefox update about the time this started (there should be an icon for red herrings). Logs wouldn't show it , but I rousted the dust bunnies from processor as well. Here, I hope, are the logs:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.28.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: MICHAEL6MASTER [administrator]
5/28/2012 3:20:32 PM
mbam-log-2012-05-28 (15-20-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226845
Time elapsed: 9 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: eb3c6bf41b3d00f8168e8d6767a1e6d3 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files\Outlook Express\itrci.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
(end)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Michael at 16:01:54 on 2012-05-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1989 [GMT -7:00]
.
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: BitDefender Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://search.yahoo.com/web?fr=yfp-t-701
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: ebay.com\shiptrack
Trusted Zone: ebay.com\signin
Trusted Zone: live365.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\www.update
Trusted Zone: pb.com\ibdswebp11-ext
Trusted Zone: windowsupdate.com\download
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096585577562
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249583461656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\xnmo7rrc.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-2 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-2 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-2 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-2 44768]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-8-6 111312]
S2 gupdate1c9d97b56fbbab4;Google Update Service (gupdate1c9d97b56fbbab4);c:\program files\google\update\GoogleUpdate.exe [2009-5-20 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 253088]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-6-25 183880]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 153448]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-3-10 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-20 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 129976]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2008-2-17 56576]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2008-10-8 136832]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2008-2-17 19584]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys --> c:\windows\system32\drivers\vmwvusb.sys [?]
.
=============== Created Last 30 ================
.
2012-05-26 02:10:02 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-05-26 02:09:51 -------- d-----w- c:\program files\Security Task Manager
2012-05-08 21:24:35 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 21:24:31 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-08 21:24:31 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-02 17:59:33 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-02 17:59:07 41184 ----a-w- c:\windows\avastSS.scr
2012-05-02 17:49:44 -------- d-----w- c:\program files\AVAST Software
2012-05-02 17:49:44 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2012-04-20 22:49:12 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
2012-04-20 22:44:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-20 22:44:28 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 18:31:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-01 18:31:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-01 18:31:21 0 ----a-w- c:\windows\system32\REN23.tmp
2012-04-01 18:31:21 0 ----a-w- c:\windows\system32\REN22.tmp
2012-04-01 18:31:21 0 ----a-w- c:\windows\system32\REN21.tmp
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2008-11-08 20:48:57 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2008-05-12 18:36:15 29920512 ----a-w- c:\program files\tunebite.exe
2006-08-30 21:12:48 13905464 ----a-w- c:\program files\snagit.exe
2006-03-07 01:34:01 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
2005-04-06 22:16:24 2513056 ----a-w- c:\program files\spywareblastersetup33.exe
2004-12-08 05:17:39 2247855 ----a-w- c:\program files\spywareblastersetup.exe
2004-11-22 20:51:57 6792848 ----a-w- c:\program files\modelpressreader.exe
2004-11-22 18:15:59 24632128 ----a-w- c:\program files\modelpresspublisher.exe
.
============= FINISH: 16:03:40.40 ===============

DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/30/2004 1:39:53 PM
System Uptime: 5/28/2012 3:32:11 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 3059/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 237.637 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BDSELFPR\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BDSELFPR\0000
Service:
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BDVEDISK\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BDVEDISK\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Acronis True Image Home
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Reader 9
Adobe Reader 9.1.3
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
AeroFly Professional Deluxe
AeroFly Professional Deluxe AddOn FMT Magazin
AFPD Import Wizard
AGEIA PhysX v2.4.4
AiO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CCleaner
CenturyLink Share and Store v2.2.1.20422
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
CVA MAP Assistance
CVA MAP Spring 10
Dell ResourceCD
DesignPro 5.0 Limited Edition
DivX Codec
DivX Converter
DivX Player
DivX Web Player
European Air War
FMS
Foxit PDF Editor
GIMP 2.4.2
Glary Utilities 2.45.0.1486
Google Earth
Google SketchUp
Google SketchUp 6
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP PSC & OfficeJet 5.3.B
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 31
JumpStart Typing
LEGO® MINDSTORMS® NXT - English Language Pack
LEGO® MINDSTORMS® NXT Driver
LEGO® MINDSTORMS® NXT Software v1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Math Blaster Ages 9-12
Math Blaster PreAlgebra
Maxtor MaxBlast
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
MyConnection PC Lite Edition
Nero - Burning Rom
NVIDIA Windows 2000/XP Display Drivers
NWEA NTE Administration Tool
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.1
Picasa 3
PixiePack Codec Pack
PL-2303 USB-to-Serial
PreReq
QFolder
QuickTime
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Red Baron 3D
Revo Uninstaller 1.93
RollerCoaster Tycoon 2
Rosetta Stone Ltd Services
Safari
Scan
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Sophos Windows Shortcut Exploit Protection Tool
SoundMAX
Spybot - Search & Destroy
SpywareBlaster 4.4
Tile Print
TopWinEn
Turbo Lister 2
Uniblue System Tweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
VisualRoute Lite Edition
VoiceOver Kit
WD Diagnostics
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XFLR5 v2.01
XtremaLog 1.0.1
.
==== Event Viewer Messages From Past Week ========
.
5/25/2012 7:21:36 PM, error: Service Control Manager [7034] - The BitDefender Desktop Update Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2012 5:58:30 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
5/21/2012 5:52:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
.
==== End Of File ===========================
Thankyou.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================

I still need GMER log.

You're running two AV programs, Avast and BitDefender.
You must uninstall one of them.
Your choice.
 
Thanks for your time. I uninstalled BD, oh, perhaps 2 years ago. I've been removing remenants with several program (revo, BD uninstaller, etc.) removal programs ever since. They all seem to be missing some kernel that allowed them to digest the fragments- I assumed they needed at least the uninstall portion of those programs re-installed to work- so I gave up. There's probably some norton left in there as well. Here's the GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-28 20:25:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e MAXTOR_STM3320620AS rev.3.AAE
Running: s10rebfp.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\kxtdikoc.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAEAED28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAEAED0F9]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAEB8AD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
 
Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-28 20:25:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e MAXTOR_STM3320620AS rev.3.AAE
Running: s10rebfp.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\kxtdikoc.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAEAED28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAEAED0F9]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAEB8AD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-28 20:45:47
-----------------------------
20:45:47.921 OS Version: Windows 5.1.2600 Service Pack 3
20:45:47.921 Number of processors: 2 586 0x209
20:45:47.921 ComputerName: MICHAEL6MASTER UserName: Michael
20:45:49.593 Initialize success
20:45:49.750 AVAST engine defs: 12052801
20:46:06.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:46:06.281 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
20:46:06.296 Disk 0 MBR read successfully
20:46:06.296 Disk 0 MBR scan
20:46:06.296 Disk 0 Windows XP default MBR code
20:46:06.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
20:46:06.296 Disk 0 scanning sectors +625137345
20:46:06.343 Disk 0 scanning C:\WINDOWS\system32\drivers
20:46:14.593 Service scanning
20:46:26.062 Modules scanning
20:46:40.781 Disk 0 trace - called modules:
20:46:40.796 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:46:40.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab87ab8]
20:46:40.796 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ac08d98]
20:46:41.421 AVAST engine scan C:\WINDOWS
20:46:47.703 AVAST engine scan C:\WINDOWS\system32
20:49:25.812 AVAST engine scan C:\WINDOWS\system32\drivers
20:49:49.718 AVAST engine scan C:\Documents and Settings\Michael
21:18:57.203 AVAST engine scan C:\Documents and Settings\All Users
21:43:46.546 Scan finished successfully
21:44:24.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat"
21:44:24.687 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-28 20:25:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e MAXTOR_STM3320620AS rev.3.AAE
Running: s10rebfp.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\kxtdikoc.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAEAED28E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAEAED0F9]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAEB8AD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-28 20:45:47
-----------------------------
20:45:47.921 OS Version: Windows 5.1.2600 Service Pack 3
20:45:47.921 Number of processors: 2 586 0x209
20:45:47.921 ComputerName: MICHAEL6MASTER UserName: Michael
20:45:49.593 Initialize success
20:45:49.750 AVAST engine defs: 12052801
20:46:06.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:46:06.281 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
20:46:06.296 Disk 0 MBR read successfully
20:46:06.296 Disk 0 MBR scan
20:46:06.296 Disk 0 Windows XP default MBR code
20:46:06.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
20:46:06.296 Disk 0 scanning sectors +625137345
20:46:06.343 Disk 0 scanning C:\WINDOWS\system32\drivers
20:46:14.593 Service scanning
20:46:26.062 Modules scanning
20:46:40.781 Disk 0 trace - called modules:
20:46:40.796 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:46:40.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab87ab8]
20:46:40.796 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ac08d98]
20:46:41.421 AVAST engine scan C:\WINDOWS
20:46:47.703 AVAST engine scan C:\WINDOWS\system32
20:49:25.812 AVAST engine scan C:\WINDOWS\system32\drivers
20:49:49.718 AVAST engine scan C:\Documents and Settings\Michael
21:18:57.203 AVAST engine scan C:\Documents and Settings\All Users
21:43:46.546 Scan finished successfully
21:44:24.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat"
21:44:24.687 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"

Sorry, called away:


.\debug.cpp(238) : Debug log started at 29.05.2012 - 03:40:18
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00229000 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x80700000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf75a8000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7597000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf75f7000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf7607000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf74d8000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf7617000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf74c0000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf7627000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7637000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf74a0000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf745b000 0x00045000 "bdfsfltr.sys"
.\debug.cpp(256) : 0xf7647000 0x0000a000 "PxHelp20.sys"
.\debug.cpp(256) : 0xf7444000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf7b52000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf7417000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf7837000 0x00060000 "timntr.sys"
.\debug.cpp(256) : 0xf7717000 0x00006000 "symlcbrd.sys"
.\debug.cpp(256) : 0xf796b000 0x0001c000 "snapman.sys"
.\debug.cpp(256) : 0xf7951000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf7657000 0x0000b000 "agp440.sys"
.\debug.cpp(256) : 0xba1fe000 0x00009000 "\SystemRoot\System32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb845f000 0x00135000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb844b000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf775f000 0x00006000 "\SystemRoot\System32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb8427000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf7767000 0x00008000 "\SystemRoot\System32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xba1ee000 0x0000f000 "\SystemRoot\system32\DRIVERS\IntelC53.sys"
.\debug.cpp(256) : 0xb8404000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xb82dd000 0x00127000 "\SystemRoot\system32\DRIVERS\IntelC51.sys"
.\debug.cpp(256) : 0xb8248000 0x00095000 "\SystemRoot\system32\DRIVERS\IntelC52.sys"
.\debug.cpp(256) : 0xf776f000 0x00006000 "\SystemRoot\system32\DRIVERS\mohfilt.sys"
.\debug.cpp(256) : 0xf7777000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xb8220000 0x00028000 "\SystemRoot\System32\DRIVERS\e100b325.sys"
.\debug.cpp(256) : 0xf777f000 0x00007000 "\SystemRoot\System32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xba1de000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf7787000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba1ce000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xba685000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xb820c000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xba1be000 0x0000b000 "\SystemRoot\System32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba1ae000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba19e000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf778f000 0x00006000 "\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xb817e000 0x0008e000 "\SystemRoot\system32\drivers\smwdm.sys"
.\debug.cpp(256) : 0xb815a000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba18e000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xf79cd000 0x00002000 "\SystemRoot\system32\drivers\aeaudio.sys"
.\debug.cpp(256) : 0xb8137000 0x00023000 "\SystemRoot\system32\drivers\windrvr6.sys"
.\debug.cpp(256) : 0xf7aa0000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba17e000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xba67d000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8120000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf7687000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf7697000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xb85dc000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb810f000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf76a7000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xb85d4000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xb85cc000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf76b7000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xb85c4000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xb80f5000 0x0001a000 "\SystemRoot\system32\DRIVERS\bdfndisf.sys"
.\debug.cpp(256) : 0xf79cf000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb8097000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb9bd1000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf76d7000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf76e7000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf79dd000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba6d5000 0x00004000 "\SystemRoot\system32\drivers\MODEMCSA.sys"
.\debug.cpp(256) : 0xb85bc000 0x00005000 "\SystemRoot\System32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0xf79e3000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba5c3000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf79e5000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xb85ac000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf79e7000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf79e9000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb85a4000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xb859c000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba6c1000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xaede6000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xaed8d000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf7587000 0x0000c000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0xaed3f000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xaed17000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xf7577000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xb8594000 0x00007000 "\SystemRoot\System32\Drivers\AswRdr.SYS"
.\debug.cpp(256) : 0xaecf5000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf7567000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xaecca000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xba6a9000 0x00004000 "\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS"
.\debug.cpp(256) : 0xaebba000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf7547000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xaeb69000 0x00051000 "\SystemRoot\System32\Drivers\aswSP.SYS"
.\debug.cpp(256) : 0xaeaa7000 0x0009a000 "\SystemRoot\System32\Drivers\aswSnx.SYS"
.\debug.cpp(256) : 0xf77f7000 0x00008000 "\SystemRoot\System32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xf7507000 0x0000b000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"
.\debug.cpp(256) : 0xaeb65000 0x00003000 "\SystemRoot\System32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xba7a0000 0x00009000 "\SystemRoot\System32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf77ff000 0x00007000 "\SystemRoot\System32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xaee29000 0x00004000 "\SystemRoot\system32\DRIVERS\usbscan.sys"
.\debug.cpp(256) : 0xaea54000 0x00007000 "\SystemRoot\System32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xaea4c000 0x00006000 "\SystemRoot\system32\DRIVERS\HPZius12.sys"
.\debug.cpp(256) : 0xba720000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xadd31000 0x00021000 "\SystemRoot\system32\DRIVERS\SaiH0461.sys"
.\debug.cpp(256) : 0xba710000 0x0000d000 "\SystemRoot\system32\DRIVERS\HPZid412.sys"
.\debug.cpp(256) : 0xaee1d000 0x00003000 "\SystemRoot\System32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xaee19000 0x00004000 "\SystemRoot\system32\DRIVERS\HPZipr12.sys"
.\debug.cpp(256) : 0xadcf1000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xf7a07000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c7000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xaed7d000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xaea44000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7aa2000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x0032f000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbf341000 0x00047000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xad856000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
.\debug.cpp(256) : 0xaea34000 0x00008000 "\SystemRoot\system32\DRIVERS\tifsfilt.sys"
.\debug.cpp(256) : 0xad7e2000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xad664000 0x00016000 "\SystemRoot\System32\Drivers\aswMon2.SYS"
.\debug.cpp(256) : 0xad37f000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xad5d4000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xad2dc000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xf7995000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xac883000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xac73b000 0x00058000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xac984000 0x0000a000 "\SystemRoot\System32\DRIVERS\secdrv.sys"
.\debug.cpp(256) : 0xabed1000 0x00019000 "\??\C:\DOCUME~1\Michael\LOCALS~1\Temp\kxtdikoc.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IntelCatawbaDsp"
.\debug.cpp(400) : Destination "\Device\IntelCatawbaDsp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
.\debug.cpp(400) : Destination "\Device\aswSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D2&SUBSYS_01741028&REV_02#3&172e68dd&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
.\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{5E04B66B-F5DB-475B-A23C-28892930ED3E}"
.\debug.cpp(400) : Destination "\Device\INTELPRO_{5E04B66B-F5DB-475B-A23C-28892930ED3E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1783a42a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MdmPerfMon2"
.\debug.cpp(400) : Destination "\Device\MdmPerfMon2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EF05428A-FE66-4BAF-B067-5DB83AE2B906}"
.\debug.cpp(400) : Destination "\Device\{EF05428A-FE66-4BAF-B067-5DB83AE2B906}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&32c7f5a4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\snapman"
.\debug.cpp(400) : Destination "\Device\snapman"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"
.\debug.cpp(400) : Destination "\Device\aswMon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TIFSFManager"
.\debug.cpp(400) : Destination "\Device\TIFSFManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MOH Intel(R) 537EP V9x DF PCI Modem"
.\debug.cpp(400) : Destination "\Device\MOH Intel(R) 537EP V9x DF PCI Modem"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\OMCI"
.\debug.cpp(400) : Destination "\Device\OMCI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{276BCA54-109C-49A8-B418-5091070D7634}"
.\debug.cpp(400) : Destination "\Device\{276BCA54-109C-49A8-B418-5091070D7634}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7AE77076-0421-48E1-98FF-270734CADBA6}"
.\debug.cpp(400) : Destination "\Device\{7AE77076-0421-48E1-98FF-270734CADBA6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{49FB9869-4B01-4C57-B996-737501CD9676}"
.\debug.cpp(400) : Destination "\Device\{49FB9869-4B01-4C57-B996-737501CD9676}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4BBF7B28-39E0-481A-818D-4D5D6BDE518F}"
.\debug.cpp(400) : Destination "\Device\{4BBF7B28-39E0-481A-818D-4D5D6BDE518F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kxtdikoc"
.\debug.cpp(400) : Destination "\Device\kxtdikoc"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Usbscan0"
.\debug.cpp(400) : Destination "\Device\Usbscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0424&Pid_2504#5&118eca50&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\537"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSnx"
.\debug.cpp(400) : Destination "\Device\aswSnx"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&14e44c3b&1&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24DD&SUBSYS_01741028&REV_02#3&172e68dd&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WINDRVR6"
.\debug.cpp(400) : Destination "\Device\WINDRVR6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02#3&172e68dd&0&FD#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) : Destination "\Device\ASWTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswWalkStack"
.\debug.cpp(400) : Destination "\Device\aswWalkStack"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c018#6&bd06434&0&4#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1582A9A-BD6A-4190-AC62-8A32284B27EB}"
.\debug.cpp(400) : Destination "\Device\{C1582A9A-BD6A-4190-AC62-8A32284B27EB}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D9E86487-B259-4AB4-A579-F2563C3F8258}"
.\debug.cpp(400) : Destination "\Device\{D9E86487-B259-4AB4-A579-F2563C3F8258}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AcroVBus"
.\debug.cpp(400) : Destination "\Device\AcroVBus"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&271b048a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bdfndisf_Arp"
.\debug.cpp(400) : Destination "\Device\Bdfndisf_Arp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a9961a5-12d7-11d9-843e-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature6A7FB14FOffset7E00Length4A85AD0400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5152ab20-4994-11d9-b8ec-000cf1e03ba8}"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5E04B66B-F5DB-475B-A23C-28892930ED3E}"
.\debug.cpp(400) : Destination "\Device\{5E04B66B-F5DB-475B-A23C-28892930ED3E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&19e79502&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DsdaFilterStub"
.\debug.cpp(400) : Destination "\Device\DsdaFilterStub"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP_Open"
.\debug.cpp(400) : Destination "\Device\aswSP_Open"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02#3&172e68dd&0&FD#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IntelCatawbaAfe"
.\debug.cpp(400) : Destination "\Device\IntelCatawbaAfe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2fa24548&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D7&SUBSYS_01741028&REV_02#3&172e68dd&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D4&SUBSYS_01741028&REV_02#3&172e68dd&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c018#7&326ebf40&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX216E_____________________PD01____#5&33fcab6&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_4f11&MI_00#6&1496e74&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7a9961a3-12d7-11d9-843e-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{43E2CB42-4315-4DE4-8051-AFDC4E5E5458}"
.\debug.cpp(400) : Destination "\Device\{43E2CB42-4315-4DE4-8051-AFDC4E5E5458}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"
.\debug.cpp(400) : Destination "\Device\AavmKer4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX216E_____________________PD01____#5&33fcab6&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
.\debug.cpp(400) : Destination "\Device\USNTracker"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Handler"
.\debug.cpp(400) : Destination "\Device\aswSP_Handler"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_4f11#CN82TF509004CY#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMAXTOR_STM3320620AS_____________________3.AAE___#5&2fdfe383&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IntelCatawbaSound"
.\debug.cpp(400) : Destination "\Device\IntelCatawbaSound"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Bdfndisf"
.\debug.cpp(400) : Destination "\Device\Bdfndisf"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1080&SUBSYS_10001028&REV_04#4&1c660dd6&0&08F0#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02#3&172e68dd&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24D5&SUBSYS_01741028&REV_02#3&172e68dd&0&FD#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1506bb2e&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1080&SUBSYS_10001028&REV_04#4&1c660dd6&0&08F0#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SmwdmDev"
.\debug.cpp(400) : Destination "\Device\Smwdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_4f11&MI_01#6&1496e74&0&0001#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Intel(R) 537EP V9x DF PCI Modem"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
.\debug.cpp(400) : Destination "\Device\ASWRDR"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
.\debug.cpp(400) : Destination "\Device\aswSP_Avar"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c018#7&326ebf40&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000006e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DOT4#Vid_03f0&Pid_4f11&MI_02&DOT4&PRINT_HPZ#8&280b66be&0&0#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\HPZID412PRINT_HPZ1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24DE&SUBSYS_01741028&REV_02#3&172e68dd&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_BDFNDISFMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX216E_____________________PD01____#5&33fcab6&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1050&SUBSYS_01741028&REV_02#4&1c660dd6&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_BDFNDISFMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\symlcbrd"
.\debug.cpp(400) : Destination "\Device\SymantecBiosReader"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-05-29.01 - Michael 05/29/2012 18:05:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1881 [GMT -7:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\f7129022-a000-4847-db07-470265a73c4f
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\VCREDI~3.EXE
c:\documents and settings\Michael\System
c:\documents and settings\Michael\System\win_qs7.jqx
c:\documents and settings\Michael\WINDOWS
c:\windows\system32\pthreadVC.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-26 02:10 . 2012-05-26 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-05-26 02:09 . 2012-05-26 02:09 -------- d-----w- c:\program files\Security Task Manager
2012-05-08 21:24 . 2012-05-08 21:24 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 21:24 . 2012-05-08 21:24 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 21:24 . 2012-05-08 21:24 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-02 17:59 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-02 17:59 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-02 17:59 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-02 17:59 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-02 17:59 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-02 17:59 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-05-02 17:59 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-05-02 17:59 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-05-02 17:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-02 17:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-02 17:49 . 2012-05-02 17:58 -------- d-----w- c:\program files\AVAST Software
2012-05-02 17:49 . 2012-05-02 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-20 22:49 . 2012-04-20 22:49 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
2012-04-20 22:44 . 2012-04-20 22:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-20 22:44 . 2011-06-28 17:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2003-07-16 20:39 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2003-07-16 20:51 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2002-08-29 01:04 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2009-11-07 00:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 18:31 . 2012-04-01 18:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-01 18:31 . 2010-06-06 17:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN23.tmp
2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN22.tmp
2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN21.tmp
2012-03-01 11:01 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2008-11-08 20:48 . 2008-11-08 20:48 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2008-05-12 18:36 . 2008-05-12 18:36 29920512 ----a-w- c:\program files\tunebite.exe
2006-08-30 21:12 . 2006-08-30 21:12 13905464 ----a-w- c:\program files\snagit.exe
2006-03-07 01:34 . 2006-03-07 01:34 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
2005-04-06 22:16 . 2005-04-06 22:15 2513056 ----a-w- c:\program files\spywareblastersetup33.exe
2004-12-08 05:17 . 2004-12-08 05:17 2247855 ----a-w- c:\program files\spywareblastersetup.exe
2004-11-22 20:51 . 2004-11-22 20:51 6792848 ----a-w- c:\program files\modelpressreader.exe
2004-11-22 18:15 . 2004-11-22 18:15 24632128 ----a-w- c:\program files\modelpresspublisher.exe
2012-05-08 21:24 . 2011-11-14 16:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
@="{E85A1ED4-8717-4EA5-ADAD-1D498B9DA370}"
[HKEY_CLASSES_ROOT\CLSID\{E85A1ED4-8717-4EA5-ADAD-1D498B9DA370}]
2010-06-16 22:18 2378632 ----a-w- c:\program files\CenturyLink Share and Store\AGSIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
@="{280809E2-EDA4-4DE2-916F-0F281B773538}"
[HKEY_CLASSES_ROOT\CLSID\{280809E2-EDA4-4DE2-916F-0F281B773538}]
2010-06-16 22:18 2378632 ----a-w- c:\program files\CenturyLink Share and Store\AGSIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-17 4800512]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-29 273528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
2006-12-26 21:55 40960 ----a-w- c:\windows\NCLAUNCH.EXe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Michael\\Application Data\\Macromedia\\Flash Player\\"=
"c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2012 10:59 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2012 10:59 AM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2012 10:59 AM 20696]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [8/6/2009 4:34 PM 111312]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [10/8/2008 12:36 PM 136832]
S2 gupdate1c9d97b56fbbab4;Google Update Service (gupdate1c9d97b56fbbab4);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2009 11:46 AM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/20/2012 3:44 PM 253088]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [6/25/2009 4:04 PM 183880]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [6/29/2009 2:12 PM 153448]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 4:55 PM 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2009 11:46 AM 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 2:24 PM 129976]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2/17/2008 6:17 PM 56576]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2/17/2008 6:17 PM 19584]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys --> c:\windows\system32\Drivers\vmwvusb.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 22:44]
.
2012-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-05-30 c:\windows\Tasks\GlaryInitialize.job
- c:\start menu\Programs\Glary Utilities\initialize.exe [2011-11-04 01:59]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 18:46]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 18:46]
.
2012-05-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
.
2012-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1604221776-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: ebay.com\shiptrack
Trusted Zone: ebay.com\signin
Trusted Zone: live365.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\www.update
Trusted Zone: pb.com\ibdswebp11-ext
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\xnmo7rrc.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime Alternative\qttask.exe
AddRemove-HijackThis - e:\repair kit\Virus Removal\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-29 18:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1168)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-05-29 18:34:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 01:34
ComboFix2.txt 2009-11-07 00:04
.
Pre-Run: 255,118,319,616 bytes free
Post-Run: 255,773,925,376 bytes free
.
- - End Of File - - 4D685273BF4D1B43FF274BDB432DECE3
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
SecCenter::
{6C4BB89C-B0ED-4F41-A29C-4373888923BB}
{4055920F-2E99-48A8-A270-4243D2B8F242}

DDS::
Trusted Zone: ebay.com\shiptrack
Trusted Zone: ebay.com\signin
Trusted Zone: live365.com\www
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\www.update
Trusted Zone: pb.com\ibdswebp11-ext
Trusted Zone: windowsupdate.com\download

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-05-29.01 - Michael 05/29/2012 19:00:23.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2020 [GMT -7:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\Security Maintenance\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-26 02:10 . 2012-05-26 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-05-26 02:09 . 2012-05-26 02:09 -------- d-----w- c:\program files\Security Task Manager
2012-05-08 21:24 . 2012-05-08 21:24 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 21:24 . 2012-05-08 21:24 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 21:24 . 2012-05-08 21:24 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-02 17:59 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-02 17:59 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-02 17:59 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-02 17:59 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-02 17:59 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-02 17:59 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-05-02 17:59 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-05-02 17:59 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-05-02 17:59 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-02 17:59 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-02 17:49 . 2012-05-02 17:58 -------- d-----w- c:\program files\AVAST Software
2012-05-02 17:49 . 2012-05-02 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-20 22:49 . 2012-04-20 22:49 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd
2012-04-20 22:44 . 2012-04-20 22:44 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-20 22:44 . 2011-06-28 17:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2003-07-16 20:39 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2003-07-16 20:51 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2002-08-29 01:04 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2009-11-07 00:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 18:31 . 2012-04-01 18:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-01 18:31 . 2010-06-06 17:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN23.tmp
2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN22.tmp
2012-04-01 18:31 . 2012-04-01 18:31 0 ----a-w- c:\windows\system32\REN21.tmp
2012-03-01 11:01 . 2003-07-16 20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2003-07-16 20:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2003-07-16 20:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2008-11-08 20:48 . 2008-11-08 20:48 27024112 ----a-w- c:\program files\PowerPointViewer.exe
2008-05-12 18:36 . 2008-05-12 18:36 29920512 ----a-w- c:\program files\tunebite.exe
2006-08-30 21:12 . 2006-08-30 21:12 13905464 ----a-w- c:\program files\snagit.exe
2006-03-07 01:34 . 2006-03-07 01:34 2566736 ----a-w- c:\program files\spywareblastersetup351.exe
2005-04-06 22:16 . 2005-04-06 22:15 2513056 ----a-w- c:\program files\spywareblastersetup33.exe
2004-12-08 05:17 . 2004-12-08 05:17 2247855 ----a-w- c:\program files\spywareblastersetup.exe
2004-11-22 20:51 . 2004-11-22 20:51 6792848 ----a-w- c:\program files\modelpressreader.exe
2004-11-22 18:15 . 2004-11-22 18:15 24632128 ----a-w- c:\program files\modelpresspublisher.exe
2012-05-08 21:24 . 2011-11-14 16:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
@="{E85A1ED4-8717-4EA5-ADAD-1D498B9DA370}"
[HKEY_CLASSES_ROOT\CLSID\{E85A1ED4-8717-4EA5-ADAD-1D498B9DA370}]
2010-06-16 22:18 2378632 ----a-w- c:\program files\CenturyLink Share and Store\AGSIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
@="{280809E2-EDA4-4DE2-916F-0F281B773538}"
[HKEY_CLASSES_ROOT\CLSID\{280809E2-EDA4-4DE2-916F-0F281B773538}]
2010-06-16 22:18 2378632 ----a-w- c:\program files\CenturyLink Share and Store\AGSIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-17 4800512]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-29 273528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 12:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
2006-12-26 21:55 40960 ----a-w- c:\windows\NCLAUNCH.EXe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Documents and Settings\\Michael\\Application Data\\Macromedia\\Flash Player\\"=
"c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2012 10:59 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2012 10:59 AM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2012 10:59 AM 20696]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [8/6/2009 4:34 PM 111312]
R3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [10/8/2008 12:36 PM 136832]
S2 gupdate1c9d97b56fbbab4;Google Update Service (gupdate1c9d97b56fbbab4);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2009 11:46 AM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/20/2012 3:44 PM 253088]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [6/25/2009 4:04 PM 183880]
S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [6/29/2009 2:12 PM 153448]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 4:55 PM 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/20/2009 11:46 AM 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/8/2012 2:24 PM 129976]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2/17/2008 6:17 PM 56576]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2/17/2008 6:17 PM 19584]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys --> c:\windows\system32\Drivers\vmwvusb.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 22:44]
.
2012-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-05-30 c:\windows\Tasks\GlaryInitialize.job
- c:\start menu\Programs\Glary Utilities\initialize.exe [2011-11-04 01:59]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 18:46]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 18:46]
.
2012-05-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
.
2012-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1604221776-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\xnmo7rrc.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-29 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1168)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2468)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-29 19:15:35
ComboFix-quarantined-files.txt 2012-05-30 02:15
ComboFix2.txt 2012-05-30 01:34
ComboFix3.txt 2009-11-07 00:04
.
Pre-Run: 255,760,076,800 bytes free
Post-Run: 255,739,625,472 bytes free
.
- - End Of File - - 52C20F801CA504955960488A787A9C6C
 
Looks good.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 5/29/2012 7:50:21 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 78.87% Memory free
3.09 Gb Paging File | 2.81 Gb Available in Paging File | 90.87% Paging File free
Paging file location(s): C:\pagefile.sys 756 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 238.22 Gb Free Space | 79.91% Space Free | Partition Type: NTFS

Computer Name: MICHAEL6MASTER | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/29 19:48:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/29 12:01:16 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/08 11:23:35 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/20 09:03:02 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/29 10:59:52 | 001,763,328 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12052901\algo.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/03 09:46:01 | 000,094,720 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2010\framework.dll
MOD - [2009/01/15 13:45:34 | 000,181,248 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\txmlutil.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/08 14:24:31 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 15:44:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/03/08 11:23:35 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2010/04/01 11:40:51 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/11/03 09:45:04 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2009/07/14 14:36:00 | 000,066,056 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2008/07/29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 17:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 17:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 17:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 17:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/04/20 09:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\vmwvusb.sys -- (vmwvusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 16:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 16:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 15:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/04 10:16:53 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/05/04 10:16:44 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/02/26 11:57:10 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/09/22 09:51:26 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/08/25 13:10:52 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/07/24 12:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/05/07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2008/04/13 12:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 11:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 11:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 11:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 11:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/03/26 11:47:30 | 000,136,832 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SaiH0461.sys -- (SaiH0461)
DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/02/11 19:31:12 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/12/05 11:12:23 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2007/12/05 11:12:23 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/12/05 11:12:15 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2006/08/14 03:52:49 | 000,035,328 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2006/08/14 03:52:44 | 000,013,824 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2006/03/10 16:55:18 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM)
DRV - [2004/07/26 12:54:48 | 000,056,576 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0109.sys -- (SaiH0109)
DRV - [2004/07/26 12:54:24 | 000,019,584 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiU0109.sys -- (SaiU0109)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/08/10 14:17:58 | 000,256,568 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2003/07/16 13:27:04 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2003/07/16 13:25:07 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/07/16 13:23:47 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes,DefaultScope = {E61188EB-9D0E-4B77-A474-FA1AD3768641}
IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{9052741B-A5DA-474C-AFAE-F0BF43879692}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{D449E059-9CF2-42C9-A537-CE9E710470FE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{D7B76925-83F6-4F4C-9524-EDDC212AD7DE}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF
IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{E598C113-004C-4A3C-A1C8-F3BED563F7D2}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\SearchScopes\{E61188EB-9D0E-4B77-A474-FA1AD3768641}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=FP-tab-web-t340&ei=UTF-8&meta=vc=
IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/29 12:02:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/02 10:59:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/08 14:24:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/14 09:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2012/05/25 19:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xnmo7rrc.default\extensions
[2012/05/09 14:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\xnmo7rrc.default\extensions\staged
[2012/05/08 14:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MICHAEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XNMO7RRC.DEFAULT\EXTENSIONS\CROSSRIDERAPP2258@CROSSRIDER.COM
[2012/05/02 10:59:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/01 11:31:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/05/08 14:24:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/10 22:46:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/10 22:46:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/29 18:23:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096585577562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249583461656 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.com/players/play365.cab (Live365Player Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E04B66B-F5DB-475B-A23C-28892930ED3E}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/30 13:35:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: VIDC.JDCT - jl_jdct.drv File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/29 19:47:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/05/29 18:01:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/29 18:01:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/29 18:01:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/29 17:30:46 | 004,530,590 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/05/25 20:39:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2012/05/25 19:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/05/25 19:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2012/05/25 19:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/05/08 14:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/08 14:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/02 10:59:35 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/02 10:59:35 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/02 10:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/02 10:59:34 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/02 10:59:34 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/02 10:59:33 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/02 10:59:33 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/02 10:59:33 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/02 10:59:32 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/02 10:59:07 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/05/02 10:59:06 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/05/02 10:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/02 10:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/29 19:50:19 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1604221776-839522115-1004.job
[2012/05/29 19:50:19 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
[2012/05/29 19:48:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/05/29 19:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/29 19:39:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/29 18:23:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/29 18:23:06 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/29 18:23:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/29 18:20:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/29 18:00:05 | 004,530,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/05/29 15:52:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/29 15:04:24 | 000,000,309 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Virus and Malware Removal - TechSpot Forums.url
[2012/05/29 15:04:08 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Windows Error Reporting.url
[2012/05/29 13:13:07 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job
[2012/05/28 16:45:13 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Office Outlook 2003 (2).lnk
[2012/05/28 11:17:20 | 000,005,050 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\How to Clear a Used iPad eHow.com.url
[2012/05/27 20:48:52 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Google.url
[2012/05/27 20:25:40 | 000,000,249 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Yahoo! Search - Web Search.url
[2012/05/27 11:49:53 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\eBay Search Advanced Search.url
[2012/05/25 19:19:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/05/25 18:40:22 | 000,000,238 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\craigslist portland, OR classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2012/05/25 12:56:54 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Everything You Need To Know About Wireless Bridging and Repeating - Part 1 WDS - Ex. 1 Bridge w-WDS enabled router - SmallNetBuilder.url
[2012/05/24 17:31:40 | 000,016,108 | -H-- | M] () -- C:\Documents and Settings\Michael\Application Data\Thumbs.ini
[2012/05/24 10:40:23 | 000,002,704 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\CFL bulbs - Page 2 - Digital Grin Photography Forum.url
[2012/05/23 21:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/22 14:58:32 | 000,000,341 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Gorge Net Classifieds.url
[2012/05/21 21:00:26 | 000,017,156 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\My eBay Selling Items I'm Selling.url
[2012/05/21 09:34:36 | 000,001,781 | ---- | M] () -- C:\Custom.dic
[2012/05/18 20:27:18 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\4T65E Do-It-Yourself Shift Kit Instructions and Install Guide.url
[2012/05/13 11:12:11 | 000,000,799 | -H-- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/05/13 11:12:10 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/13 11:12:10 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/11 11:53:46 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 21:29:49 | 000,000,822 | -H-- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/02 10:59:33 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/29 15:04:08 | 000,000,519 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Windows Error Reporting.url
[2012/05/28 17:47:27 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Virus and Malware Removal - TechSpot Forums.url
[2012/05/28 11:17:20 | 000,005,050 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\How to Clear a Used iPad eHow.com.url
[2012/05/27 20:41:12 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
[2012/05/25 12:56:54 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Everything You Need To Know About Wireless Bridging and Repeating - Part 1 WDS - Ex. 1 Bridge w-WDS enabled router - SmallNetBuilder.url
[2012/05/24 10:40:23 | 000,002,704 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\CFL bulbs - Page 2 - Digital Grin Photography Forum.url
[2012/05/18 20:27:18 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\4T65E Do-It-Yourself Shift Kit Instructions and Install Guide.url
[2012/05/09 21:22:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/02/15 15:08:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/04 17:08:25 | 000,102,236 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2012/01/04 17:08:25 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/11/28 03:06:53 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\oaukdi.sys
[2010/07/27 15:28:19 | 000,000,185 | ---- | C] () -- C:\WINDOWS\System32\msblcd32.dll

========== LOP Check ==========

[2007/12/04 18:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/11/17 11:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/05/02 10:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/09/12 07:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/12/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/05/20 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/01/31 19:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/01/04 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2008/01/02 11:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2006/03/25 20:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2008/05/12 11:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/09/22 13:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2008/02/17 18:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Saitek
[2012/05/25 19:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/09/20 17:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Share and Store
[2007/10/06 23:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/08/30 14:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/02 09:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 09:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/24 09:51:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2008/10/06 15:48:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2009/08/14 16:33:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A2AEA530-E10C-4267-AF8E-5F478C1AC8FD}
[2011/09/09 14:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp
[2011/05/04 17:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2007/12/04 18:40:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Acronis
[2010/07/21 15:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\AMS
[2009/08/18 11:22:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\BitDefender
[2009/12/22 12:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/07 19:33:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\CoreFTP
[2005/02/09 11:18:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\CyberScrub
[2012/05/28 11:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GlarySoft
[2011/10/22 19:25:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\gtk-2.0
[2007/11/26 00:33:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Jasc
[2008/10/02 10:02:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2010/09/09 11:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2009/10/29 23:20:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Registry Mechanic
[2008/05/12 11:52:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\RTPlayer
[2006/11/05 22:49:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\SmartDraw
[2009/07/25 21:11:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\System Tweaker
[2011/05/03 12:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Temp
[2010/03/22 10:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\TestTaker
[2012/04/26 15:32:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\ThumbsPlus
[2009/01/18 14:54:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Tunebite
[2008/11/29 23:41:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Uniblue
[2005/07/12 08:57:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\WeatherBug
[2008/10/07 13:49:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search
[2012/05/29 18:23:06 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/05/29 13:13:07 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/09/16 18:55:34 | 000,000,035 | ---- | M] () -- C:\aa.txt
[1997/06/10 17:42:38 | 000,434,176 | ---- | M] () -- C:\ADL.DLL
[1997/06/10 17:42:38 | 000,008,611 | ---- | M] () -- C:\ADL_MSGS.ENG
[2009/08/07 10:04:47 | 000,000,016 | ---- | M] () -- C:\asdict.dat
[2004/09/30 13:35:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/18 11:06:25 | 012,783,765 | ---- | M] () -- C:\BdUninstallTool2009.08.18-11.04.22.log
[2009/08/18 11:06:25 | 000,312,744 | ---- | M] () -- C:\BdUninstallTool2009.08.18-11.04.22.reg
[2009/09/11 20:50:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/05/25 19:19:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2012/05/29 19:15:36 | 000,014,689 | ---- | M] () -- C:\ComboFix.txt
[2004/09/30 13:35:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/05/21 09:34:36 | 000,001,781 | ---- | M] () -- C:\Custom.dic
[2012/05/15 14:14:41 | 006,453,368 | ---- | M] () -- C:\immudebug.log
[2009/08/08 13:37:18 | 000,000,437 | ---- | M] () -- C:\InstallHelper.log
[2004/09/30 13:35:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/07 12:11:36 | 000,011,744 | ---- | M] () -- C:\JavaRa.log
[1997/06/10 17:42:40 | 000,216,721 | ---- | M] () -- C:\LGSAPI.DLL
[1997/06/10 17:42:40 | 000,139,392 | ---- | M] () -- C:\LGSAUDIO.DLL
[1997/06/10 17:42:40 | 000,324,592 | ---- | M] () -- C:\LGSGRAPH.DLL
[1997/06/10 17:42:42 | 000,463,232 | ---- | M] () -- C:\LGSINTER.DLL
[1997/06/10 17:42:42 | 000,202,201 | ---- | M] () -- C:\LGSIOBJS.DLL
[1997/06/10 17:42:44 | 000,357,474 | ---- | M] () -- C:\LGSKERNL.DLL
[1997/06/10 17:42:44 | 000,096,448 | ---- | M] () -- C:\LGSMDBW.DLL
[1997/06/10 17:42:44 | 000,115,440 | ---- | M] () -- C:\LGSMMDB.DLL
[1997/06/10 17:42:46 | 000,391,472 | ---- | M] () -- C:\LGSTEXT.DLL
[2009/01/18 14:54:13 | 000,002,093 | ---- | M] () -- C:\Log.txt
[2004/09/30 13:35:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[1997/06/04 10:22:46 | 000,000,329 | ---- | M] () -- C:\MSREG.INI
[1997/06/17 12:14:32 | 000,013,024 | ---- | M] () -- C:\MSREG16.DLL
[1997/06/16 02:02:00 | 000,012,640 | ---- | M] () -- C:\MSRUN16.EXE
[1997/06/23 16:34:24 | 000,484,512 | ---- | M] () -- C:\NGMAG.EXE
[2004/09/30 18:43:18 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/16 16:10:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/05/29 18:20:33 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[1997/06/10 17:42:46 | 000,093,184 | ---- | M] (Pegasus Imaging Corp.) -- C:\PICN1113.DLL
[1997/06/10 17:42:46 | 000,049,240 | ---- | M] (Pegasus Imaging Corp.) -- C:\PICW13.DLL
[2007/04/04 08:57:52 | 000,000,207 | ---- | M] () -- C:\quicklaunch_log_.txt
[2009/06/30 11:16:33 | 000,001,825 | ---- | M] () -- C:\radio365Quicklaunch.txt
[1997/06/11 11:01:32 | 000,013,384 | ---- | M] () -- C:\README.TXT
[2010/09/09 11:19:25 | 000,005,875 | ---- | M] () -- C:\scramble.log
[2004/10/01 14:28:01 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2007/10/19 06:29:34 | 000,002,170 | ---- | M] () -- C:\smbios.bin
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/09/30 13:35:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 16:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2006/07/26 16:07:58 | 000,598,016 | ---- | M] () -- C:\WINDOWS\JZRPA.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/04/26 18:52:32 | 000,034,780 | ---- | M] () -- C:\Program Files\about.htm
[2007/01/09 15:28:54 | 000,123,016 | ---- | M] () -- C:\Program Files\appendx.htm
[2004/11/22 11:15:59 | 024,632,128 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\modelpresspublisher.exe
[2004/11/22 13:51:57 | 006,792,848 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\modelpressreader.exe
[2008/11/08 13:48:57 | 027,024,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer.exe
[1998/10/18 19:10:08 | 000,027,987 | ---- | M] () -- C:\Program Files\readme.rtf
[2006/11/17 12:18:32 | 000,003,774 | ---- | M] () -- C:\Program Files\rotating.htm
[2006/12/21 17:58:32 | 000,043,486 | ---- | M] () -- C:\Program Files\setup.htm
[2006/08/30 14:12:48 | 013,905,464 | ---- | M] () -- C:\Program Files\snagit.exe
[2006/11/17 12:18:54 | 000,020,903 | ---- | M] () -- C:\Program Files\solve.htm
[2004/12/07 22:17:39 | 002,247,855 | ---- | M] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup.exe
[2005/04/06 15:16:24 | 002,513,056 | ---- | M] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup33.exe
[2006/03/06 18:34:01 | 002,566,736 | ---- | M] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup351.exe
[2006/11/17 12:18:58 | 000,005,832 | ---- | M] () -- C:\Program Files\stand.htm
[2008/05/12 11:36:15 | 029,920,512 | ---- | M] (RapidSolution Software AG) -- C:\Program Files\tunebite.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/09/30 05:54:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/09/30 05:54:41 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/09/30 05:54:41 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/16 16:19:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2004/09/30 18:58:43 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/09/30 13:44:35 | 000,000,079 | -H-- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/05/29 18:00:05 | 004,530,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/05/29 19:48:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/04/25 16:24:24 | 018,327,145 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\thmpls70sp12230.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/05/29 19:39:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/23 21:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2003/07/16 13:36:49 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/05/29 18:23:06 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/29 18:23:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/29 19:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/29 19:50:19 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1604221776-839522115-1004.job
[2012/05/29 19:50:19 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1604221776-839522115-1004.job
[2012/05/29 19:15:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/05/29 13:13:07 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{18CA7A4C-C8FA-40CF-BD16-8F62E59A9A2A}.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/01/04 13:45:41 | 004,698,400 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\vrle.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/09/30 18:58:43 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Michael\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/05/29 19:50:14 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Michael\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/07/16 13:32:13 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/07/16 13:38:45 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/07/16 13:38:46 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/07/16 13:40:43 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-11 14:16:14

< >

< >

========== Files - Unicode (All) ==========
[2011/05/20 21:33:38 | 000,000,416 | ---- | M] ()(C:\Documents and Settings\Michael\Desktop\Get Cash For Men's Gold Rings GoldFellow?.url) -- C:\Documents and Settings\Michael\Desktop\Get Cash For Men's Gold Rings GoldFellow�.url
[2011/05/20 21:33:38 | 000,000,416 | ---- | C] ()(C:\Documents and Settings\Michael\Desktop\Get Cash For Men's Gold Rings GoldFellow?.url) -- C:\Documents and Settings\Michael\Desktop\Get Cash For Men's Gold Rings GoldFellow�.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Log.txt:SummaryInformation
< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    PRC - [2011/03/08 11:23:35 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    MOD - [2009/11/03 09:46:01 | 000,094,720 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2010\framework.dll
    MOD - [2009/01/15 13:45:34 | 000,181,248 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\txmlutil.dll
    SRV - [2011/03/08 11:23:35 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV - [2010/04/01 11:40:51 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
    SRV - [2009/11/03 09:45:04 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
    DRV - [2010/05/04 10:16:53 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2010/05/04 10:16:44 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
    DRV - [2010/02/26 11:57:10 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
    DRV - [2009/09/22 09:51:26 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
    DRV - [2009/07/24 12:26:08 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2009/05/07 04:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
    DRV - [2008/02/11 19:31:12 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O15 - HKU\S-1-5-21-854245398-1604221776-839522115-1004\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    [2011/11/28 03:06:53 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\oaukdi.sys
    [2010/12/26 11:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2009/08/18 11:22:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\BitDefender
    [2009/10/29 23:20:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Michael\Application Data\Registry Mechanic
    @Alternate Data Stream - 88 bytes -> C:\Log.txt:SummaryInformation
    
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files\Common Files\BitDefender
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

============================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
After running OTL And getting the log, I cant get online. Repeated restarts and router and adapter reboots have no effect. Repair connection says it cant query the TCP/IP settings.
 
OTL Extras logfile created on: 5/29/2012 7:50:21 PM - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 78.87% Memory free
3.09 Gb Paging File | 2.81 Gb Available in Paging File | 90.87% Paging File free
Paging file location(s): C:\pagefile.sys 756 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 238.22 Gb Free Space | 79.91% Space Free | Partition Type: NTFS

Computer Name: MICHAEL6MASTER | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\Michael\Application Data\Macromedia\Flash Player\" = C:\Documents and Settings\Michael\Application Data\Macromedia\Flash Player\:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe" = C:\Program Files\LogMeIn Rescue Calling Card\CallingCard.exe:*:Disabled:LogMeIn Rescue Calling Card -- (LogMeIn, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{06EA5F57-9903-40A5-9DA3-1841ABC81E6F}" = CVA MAP Assistance
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{14F5F230-BE3A-4b06-A022-2DF20F9010FE}_is1" = CenturyLink Share and Store v2.2.1.20422
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E4153AF-3D74-4062-8812-B1FDCE6B1F37}" = LEGO® MINDSTORMS® NXT - English Language Pack
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{4246326C-E861-43CA-B47D-2357454385F9}" = LEGO® MINDSTORMS® NXT Software v1.0
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{54171711-61B7-4B0E-A209-12FF5B3BD183}" = Sophos Windows Shortcut Exploit Protection Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Maxtor MaxBlast
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B99E9D4E-5C08-4EAC-A2F0-24AEEBDE76FB}" = NWEA NTE Administration Tool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C603C9F2-0600-4D6F-A669-7B2B63AF14D6}" = AeroFly Professional Deluxe AddOn FMT Magazin
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
"{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA}" = LEGO® MINDSTORMS® NXT Driver
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EAFE958E-7922-4E92-B0DC-369E5938D41C}" = AFPD Import Wizard
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4
"avast" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 2.1" = Core FTP LE 2.1
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"European Air War" = European Air War
"FMS" = FMS
"Foxit PDF Editor" = Foxit PDF Editor
"Glary Utilities_is1" = Glary Utilities 2.45.0.1486
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"JumpStart Typing" = JumpStart Typing
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Math Blaster Ages 9-12" = Math Blaster Ages 9-12
"Math Blaster PreAlgebra" = Math Blaster PreAlgebra
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyConnection PC Lite Edition" = MyConnection PC Lite Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"Red Baron 3D" = Red Baron 3D
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.93
"Security Task Manager" = Security Task Manager 1.8d
"SpywareBlaster_is1" = SpywareBlaster 4.4
"ST6UNST #1" = Tile Print
"System Tweaker_is1" = Uniblue System Tweaker
"TopWinEn" = TopWinEn
"VisualRoute Lite Edition" = VisualRoute Lite Edition
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XFLR5_is1" = XFLR5 v2.01
"XtremaLog_is1" = XtremaLog 1.0.1
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CVA MAP Spring 10" = CVA MAP Spring 10
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2012 8:57:36 PM | Computer Name = MICHAEL6MASTER | Source = Application Error | ID = 1001
Description = Fault bucket 1993019161.

Error - 5/22/2012 12:04:21 PM | Computer Name = MICHAEL6MASTER | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8326.0, stamp 4c1c2372,
faulting module mso.dll, version 11.0.8341.0, stamp 4e29b116, debug? 0, fault address
0x000035e0.

Error - 5/22/2012 7:27:54 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/22/2012 7:27:59 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/25/2012 9:27:30 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/25/2012 9:27:40 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/27/2012 11:37:15 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/27/2012 11:37:20 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/29/2012 4:48:34 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/29/2012 5:57:02 PM | Computer Name = MICHAEL6MASTER | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 5/29/2012 12:01:34 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/29/2012 12:01:45 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/29/2012 12:01:52 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/29/2012 12:02:04 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/29/2012 12:02:06 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/29/2012 12:02:06 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 5/29/2012 12:02:08 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/29/2012 12:02:10 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/29/2012 12:17:56 AM | Computer Name = MICHAEL6MASTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/29/2012 2:59:52 PM | Computer Name = MICHAEL6MASTER | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >
 
All processes killed
========== OTL ==========
Process livesrv.exe killed successfully!
Service LIVESRV stopped successfully!
Service LIVESRV deleted successfully!
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe moved successfully.
Service scan stopped successfully!
Service scan deleted successfully!
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll moved successfully.
Service Arrakis3 stopped successfully!
Service Arrakis3 deleted successfully!
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe moved successfully.
Service bdftdif stopped successfully!
Service bdftdif deleted successfully!
C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys moved successfully.
Error: Unable to stop service Bdfndisf!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bdfndisf deleted successfully.
C:\WINDOWS\system32\drivers\bdfndisf.sys moved successfully.
Service bdfm stopped successfully!
Service bdfm deleted successfully!
C:\WINDOWS\system32\drivers\bdfm.sys moved successfully.
Service Profos stopped successfully!
Service Profos deleted successfully!
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys moved successfully.
Error: Unable to stop service bdfsfltr!
Unable to delete service\driver key bdfsfltr.
File move failed. C:\WINDOWS\system32\drivers\bdfsfltr.sys scheduled to be moved on reboot.
Service Trufos stopped successfully!
Service Trufos deleted successfully!
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys moved successfully.
Service symlcbrd stopped successfully!
Service symlcbrd deleted successfully!
C:\WINDOWS\system32\drivers\symlcbrd.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-854245398-1604221776-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\system32\drivers\oaukdi.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\BitDefender\DTrace folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BitDefender folder moved successfully.
C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles\Logs\my_documents folder moved successfully.
C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles\Logs\device_detection folder moved successfully.
C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles\Logs\contextual folder moved successfully.
C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles\Logs folder moved successfully.
C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop\Profiles folder moved successfully.
C:\Documents and Settings\Michael\Application Data\BitDefender\Desktop folder moved successfully.
C:\Documents and Settings\Michael\Application Data\BitDefender folder moved successfully.
C:\Documents and Settings\Michael\Application Data\Registry Mechanic folder moved successfully.
ADS C:\Log.txt:SummaryInformation deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Common Files\BitDefender\Setup Information\{E182458E-5796-4736-97A3-3EEC01D1D2D6} folder moved successfully.
C:\Program Files\Common Files\BitDefender\Setup Information folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Update Service folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_16144\Plugins folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_16144 folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_16143\Plugins folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\av32bit_16143 folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Firewall folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\www folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\tmp folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\log folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\cache\ui-cache\en\default folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\cache\ui-cache\en folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\cache\ui-cache folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var\cache folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\var folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\etc folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin folder moved successfully.
C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server folder moved successfully.
C:\Program Files\Common Files\BitDefender folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 49219 bytes

User: Michael
->Temp folder emptied: 13246471 bytes
->Temporary Internet Files folder emptied: 26456181 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49708531 bytes
->Flash cache emptied: 959386 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65603 bytes

%systemdrive% .tmp files removed: 125 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Guest

User: LocalService

User: Michael
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.44.0 log created on 05292012_204432
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\bdfsfltr.sys scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Michael\Local Settings\Temp\fla1F.tmp not found!
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\W0AC46OO\dpsync[1].html moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\W0AC46OO\dpsync[2].html moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\W0AC46OO\slow-startup-page-loading-lots-of-exes-running-overtime[1].htm moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\TLDJEPCX\videoplayback[1].flv moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\QF4GF7W3\load[1].htm moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\PFD19GJ0\dpsync[1].html moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\PFD19GJ0\PugTracker[1].htm moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\PFD19GJ0\up[1].html moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
Registry entries deleted on Reboot...
 
I'm online with the bad computer again, without going back to a restore point. Did the java update- I never saw any foist to uncheck. Removed the old iterations. Somehow my post are out of the order I uploaded them in, having had to split up the logs. This computer is still reluctant to move from one task to the next. Security check, farbar,etc. are next,...:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.4
Spybot - Search & Destroy
CCleaner
JavaFX 2.1.0
Java(TM) 6 Update 31
Java(TM) 7 Update 4
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 11.2.202.233
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````


Farbar Service Scanner Version: 27-05-2012
Ran by Michael (administrator) on 29-05-2012 at 23:58:25
Running from "C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\2OEDB294"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****
 
Startup took a long time this morning. Internet connectivity icons are missing fron the tray but I can connect. TFT and ECT went badly. TFT did its own very lengthy restart and never reported and I had to make avast allow it to run normally. ECT encountered a "2002 error". I closed down to await feedback on re-running whatever needs it.
 
Uninstall:
JavaFX 2.1.0
Java(TM) 6 Update 31
Java 2 Runtime Environment, SE v1.4.2_03

Try to run TFC from safe mode.

What exactly happened with Eset scan?
 
Java Update won't remove- "fatal error". Java Runtime won't remove- "error applying transforms-verify specified paths are valid". The control panel took several tries to open up.
Re Eset scan- Iclicked OK on the error msg.- the whole thing went away. I shut down.
I will try to run TFC again.
 
Eset has been running in Firefox for about 80min. with 38 percent done in step 3. Avast enabled itself, despite being "permeanently disabled" a few mins ago. I re-disabled it. TFC appearently did its job last night as it only removed a few megs this morn.
 
Lest I forget- and my own memory is corrupt and was never much better than an 8bit Commodore to begin with- I back up to an eBook via Acronis whenever something significant happens on this computer. Do I need to wipe that and start over once we're clean? I looked at some other treads here and it seems that, once clean, a post mortem and, the "plan from bleeping computer to keep-it -that-way", are a good way of finding out what you're doing wrong or right. And also, to thank you again for your help
 
Back