TechSpot

Very high processor usage, computer generally running slowly

By Ant1508
Jun 7, 2012
  1. My computer has recently been running at very high processor usage, running around 40% even when idle. Having dug around in task manager, this appears to be due to running a few svchost.exe processes, one of which in particular seems to be very high processor usage. This particular process is associated with the services 'power', 'plug and play' and 'dcom server process launcher'. I am as yet unsure whether this is due to any sort of malware, being relatively naive in such matters, however a quick google does seem to indicate that this sort of thing may be a sign of such malware. Anywho, here are the initial logs for your inspection, cheers in advance

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.07.04

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    User :: ANT [administrator]

    07/06/2012 14:23:57
    mbam-log-2012-06-07 (14-23-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207300
    Time elapsed: 25 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-07 16:57:58
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_HM160JI rev.AD100-16
    Running: o0vd6m56.exe; Driver: C:\Users\User\AppData\Local\Temp\pxldrpow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82E45599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E6A092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- User code sections - GMER 1.0.15 ----

    .text c:\program files\real\realplayer\update\realsched.exe[1220] kernel32.dll!SetUnhandledExceptionFilter 762330E2 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\System32\rundll32.exe[2284] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2284] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2284] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2284] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b7415a1
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b7415a1@0021fea2492e 0x15 0x39 0x35 0xBB ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b7415a1@00076188b526 0x22 0x4F 0x9A 0xFA ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b7415a1@70d4f2b46454 0x20 0x33 0x66 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b7415a1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b7415a1@0021fea2492e 0x15 0x39 0x35 0xBB ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b7415a1@00076188b526 0x22 0x4F 0x9A 0xFA ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b7415a1@70d4f2b46454 0x20 0x33 0x66 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----





    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by User at 17:05:05 on 2012-06-07
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2038.905 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    c:\program files\real\realplayer\update\realsched.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.funmoods.com/?f=1&a=bf4
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Codecv Class: {a5175421-7152-44a5-a93f-a8e2c645798d} - c:\programdata\codecv\bhoclass.dll
    BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ShowBatteryBar] "c:\program files\batterybar\ShowBatteryBar.exe" show
    uRun: [<NO NAME>]
    uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\user\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{50E0CC89-7DEB-4502-B681-550D0F724DC9} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{CBA32AA8-ABD4-4FD6-879D-E4597CE8FAB2} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{CBA32AA8-ABD4-4FD6-879D-E4597CE8FAB2}\244584572633D245536364 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{CBA32AA8-ABD4-4FD6-879D-E4597CE8FAB2}\35B4959303737343 : DhcpNameServer = 192.168.0.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\cjbv8i71.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf4
    FF - user.js: extensions.funmoods_i.dfltSrch - true
    FF - user.js: extensions.funmoods_i.srchPrvdr - Search
    FF - user.js: extensions.funmoods_i.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf4
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=
    FF - user.js: extensions.funmoods_i.id - 9c73c614000000000000001a6b7415a1
    FF - user.js: extensions.funmoods_i.instlDay - 15446
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.219:28:13
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - bf4
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 257696]
    .
    =============== Created Last 30 ================
    .
    2012-06-07 16:03:39 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{adbf98bc-1c28-4c9a-9958-69bcfa4ad890}\offreg.dll
    2012-06-07 15:58:19 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{adbf98bc-1c28-4c9a-9958-69bcfa4ad890}\mpengine.dll
    2012-06-05 13:55:03 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-05-26 11:39:51 113120 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    2012-05-26 11:39:50 157600 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-05-26 11:39:49 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-05-26 11:39:49 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-05-20 00:18:54 624608 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2012-05-20 00:18:54 43488 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    2012-05-17 22:48:30 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2012-05-17 22:48:29 829920 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2012-05-17 22:48:29 79840 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2012-05-17 22:48:29 418784 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2012-05-17 22:48:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2012-05-17 22:48:29 2042848 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2012-05-17 22:48:29 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2012-05-17 22:48:29 16352 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2012-05-17 15:48:19 -------- d-----w- c:\program files\Oracle
    2012-05-17 15:47:14 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    .
    ==================== Find3M ====================
    .
    2012-05-04 21:02:02 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 21:02:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-04 17:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 04:46:44 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-02 04:46:44 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-02 02:43:16 2342400 ----a-w- c:\windows\system32\win32k.sys
    2012-03-30 10:29:05 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-03-20 19:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-20 19:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-17 07:20:17 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
    .
    ============= FINISH: 17:12:17.28 ===============
     
  2. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/12/2009 18:19:43
    System Uptime: 06/06/2012 05:15:20 (36 hours ago)
    .
    Motherboard: Wistron | | 30CD
    Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz | U2E1 | 792/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 47.02 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
    Service:
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP663: 17/05/2012 08:54:06 - Windows Update
    RP664: 17/05/2012 16:44:57 - Installed Java(TM) 7 Update 4
    RP665: 17/05/2012 16:47:55 - Installed JavaFX 2.1.0
    RP666: 18/05/2012 18:11:36 - Windows Update
    RP667: 19/05/2012 19:33:58 - Windows Update
    RP668: 20/05/2012 22:16:54 - Windows Update
    RP669: 22/05/2012 07:21:01 - Windows Update
    RP670: 22/05/2012 14:13:23 - Windows Update
    RP671: 23/05/2012 17:28:16 - Windows Update
    RP672: 24/05/2012 21:45:19 - Windows Update
    RP673: 25/05/2012 22:30:59 - Windows Update
    RP674: 26/05/2012 23:16:34 - Windows Update
    RP675: 28/05/2012 08:00:24 - Windows Update
    RP676: 29/05/2012 09:46:13 - Windows Update
    RP677: 30/05/2012 10:05:47 - Windows Update
    RP678: 31/05/2012 10:38:02 - Windows Update
    RP679: 01/06/2012 16:00:55 - Windows Update
    RP680: 02/06/2012 16:26:04 - Windows Update
    RP681: 03/06/2012 23:18:53 - Windows Update
    RP682: 05/06/2012 09:57:07 - Windows Update
    RP683: 05/06/2012 10:09:03 - Windows Update
    RP684: 05/06/2012 14:53:17 - Windows Update
    RP685: 06/06/2012 18:12:00 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    50 FREE MP3s +1 Free Audiobook!
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    allTunes
    ALPS Touch Pad Driver
    ArcSoft WebCam Companion 3
    Ask Toolbar
    Audacity 1.2.6
    Audiosurf Beta
    AuthenTec TrueSuite
    AviSynth 2.5
    BatteryBar (remove only)
    Battlefield 2(TM)
    Battlefield 2: Special Forces
    BearShare
    BitTorrent
    Codecv
    Conexant HD Audio
    Cossacks - Back To War
    D3DX10
    DigiTech RP150 Drivers
    DigiTech X-Edit 2.4.1
    Dropbox
    DVD Shrink 3.2
    EPSON SX210 Series Printer Uninstall
    Eusing Free Registry Cleaner
    Feedback Tool
    FileHippo.com Update Checker
    Foxit Reader
    Fraps
    Free 3GP Video Converter version 3.2
    Free Audio CD Burner version 1.4.7
    Free M4a to MP3 Converter 6.2
    Free Video to iPod Converter version 3.2
    Free YouTube to MP3 Converter version 3.9.35.324
    GIF Viewer 3.3
    Half-Life 2
    HammerHead Rhythm Station
    HDAUDIO Soft Data Fax Modem with SmartCP
    HP Product Detection
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Keyboard Music 2.4
    LAME v3.98.3 for Audacity
    Malwarebytes Anti-Malware version 1.61.0.1400
    MathType 6
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC100_CRT_SP1_x86
    MiKTeX 2.9
    Mozilla Firefox 13.0 (x86 en-US)
    MS Access 97 SP2
    MSVC80_x86_v2
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    No One Lives Forever 2
    Nokia Connectivity Cable Driver
    Nokia Suite
    OGA Notifier 2.0.0048.0
    Origin8
    OriginPro 8
    PC Connectivity Solution
    PianoFX STUDIO 4.0
    Programmer's Notepad 2
    PSP Video 9 5.03
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    RollerCoaster Tycoon 2
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Shockwave
    Sid Meier's Alpha Centauri
    Sid Meier's Alpha Centauri 2000/XP Compatibility Update
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization 4 Complete
    SimCity 3000 UK Edition
    Skype web features
    Skype™ 4.1
    Spotify
    Steam
    System Requirements Lab for Intel
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    VirtualCloneDrive
    Webcam Capture
    Winamp
    Winamp Detector Plug-in
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR archiver
    WinSCP 4.2.9
    Xming 6.9.0.31
    Your Product Name
    .
    ==== Event Viewer Messages From Past Week ========
    .
    06/06/2012 10:02:24, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
    03/06/2012 10:37:44, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================

    So far I don't see much there.

    Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
     
  4. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    Cheers, as I say I'm unsure whether it's a malware issue, or just something to do with programs and configurations

    Process PID CPU Private Bytes Working Set Description Company Name Command Line
    System Idle Process 0 34.00 0 K 24 K
    System 4 1.02 80 K 14,500 K
    Interrupts n/a 2.31 0 K 0 K Hardware Interrupts and DPCs
    smss.exe 292 260 K 1,196 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
    csrss.exe 452 0.24 1,448 K 4,956 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    wininit.exe 492 912 K 4,200 K Windows Start-Up Application Microsoft Corporation wininit.exe
    services.exe 548 0.46 5,672 K 8,172 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
    svchost.exe 720 17.24 3,924 K 9,204 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
    rundll32.exe 2284 0.29 2,548 K 11,940 K Windows host process (Rundll32) Microsoft Corporation C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
    igfxsrvc.exe 4064 1,756 K 6,900 K igfxsrvc Module Intel Corporation C:\Windows\system32\igfxsrvc.exe -Embedding
    dllhost.exe 2388 1,508 K 11,832 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{30D49246-D217-465F-B00B-AC9DDD652EB7}
    svchost.exe 800 0.81 4,660 K 9,312 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
    MsMpEng.exe 868 0.43 56,860 K 49,604 K Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
    svchost.exe 988 0.68 17,800 K 20,496 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    svchost.exe 1024 12.34 61,688 K 69,912 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    dwm.exe 2268 1.98 49,612 K 21,016 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
    svchost.exe 1052 1.17 113,612 K 79,464 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
    wuauclt.exe 4816 1,384 K 11,356 K Windows Update Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
    taskeng.exe 916 1,212 K 6,496 K Task Scheduler Engine Microsoft Corporation taskeng.exe {6EF48A70-BE85-4D63-985F-EBC63B38260A}
    realsched.exe 1220 1,532 K 336 K RealNetworks Scheduler RealNetworks, Inc. "c:\program files\real\realplayer\update\realsched.exe"
    svchost.exe 1308 0.01 9,664 K 15,404 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
    svchost.exe 1480 < 0.01 19,288 K 22,336 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
    spoolsv.exe 1612 0.20 5,276 K 9,436 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
    svchost.exe 1652 10,812 K 14,040 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    svchost.exe 1756 0.08 6,624 K 46,416 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    svchost.exe 1908 1,660 K 7,236 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
    XAudio.exe 2000 684 K 4,616 K Modem Audio Service Conexant Systems, Inc. C:\Windows\system32\DRIVERS\xaudio.exe
    svchost.exe 416 1,172 K 10,416 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k bthsvcs
    svchost.exe 2088 2,032 K 6,688 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    taskhost.exe 2196 0.06 7,752 K 8,884 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
    SearchIndexer.exe 3832 0.05 49,588 K 46,204 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
    wmpnetwk.exe 888 0.02 12,416 K 11,764 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
    svchost.exe 3212 0.10 11,176 K 17,656 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    taskhost.exe 1388 2,832 K 10,352 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
    TrustedInstaller.exe 2260 2,340 K 6,612 K Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
    svchost.exe 2672 1,504 K 4,216 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k swprv
    lsass.exe 592 5,648 K 9,588 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
    lsm.exe 600 0.26 1,640 K 4,180 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
    csrss.exe 500 0.86 1,768 K 20,492 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    conhost.exe 2164 904 K 5,812 K Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe "21057701582024387688-658779516140376144616188068722039927941952057134-378857875
    winlogon.exe 580 1,948 K 6,260 K Windows Logon Application Microsoft Corporation winlogon.exe
    explorer.exe 3016 6.72 264,884 K 84,536 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
    Apoint.exe 3824 0.88 2,456 K 12,276 K Alps Pointing-device Driver Alps Electric Co., Ltd. "C:\Program Files\Apoint2K\Apoint.exe"
    ApMsgFwd.exe 4024 0.01 920 K 6,244 K ApMsgFwd Alps Electric Co., Ltd. "C:\Program Files\Apoint2K\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
    igfxtray.exe 3840 1,264 K 10,360 K igfxTray Module Intel Corporation "C:\Windows\System32\igfxtray.exe"
    hkcmd.exe 3848 1,348 K 10,384 K hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
    igfxpers.exe 3868 1,472 K 11,256 K persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
    winampa.exe 4008 804 K 9,716 K Winamp Agent Nullsoft, Inc. "C:\Program Files\Winamp\winampa.exe"
    VCDDaemon.exe 2232 1,112 K 10,220 K Virtual CloneDrive Daemon Elaborate Bytes AG "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    msseces.exe 3416 6,008 K 18,836 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    jusched.exe 1804 2,916 K 13,392 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    sidebar.exe 3620 1.10 38,156 K 32,164 K Windows Desktop Gadgets Microsoft Corporation "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    firefox.exe 2948 8.24 189,592 K 199,400 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
    plugin-container.exe 2320 1.83 32,304 K 35,512 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=2948.129a7e20.653928649 "C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll" 308046B0AF4A39CB -greomni "C:\Program Files\Mozilla Firefox\omni.ja" 2948 "\\.\pipe\gecko-crash-server-pipe.2948" plugin
    procexp.exe 5228 5.84 16,496 K 28,972 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\User\Documents\Stuff That Is Completely Irrelevant\Truly Random Crap\ProcessExplorer\procexp.exe"
    ApntEx.exe 2176 0.76 1,352 K 10,440 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. "Apntex.exe"
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Something is going on there.
    If it's any kind of infection causing high CPU usage we'll find out.

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ======================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home

    Premium Edition (build 7600), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset

    0x00000000`00100000
    Boot sector MD5 is:

    bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR

    Status


    ----------------------------------------

    ----
    149 GB \\.\PhysicalDrive0 OK

    (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...




    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-07 20:40:40
    -----------------------------
    20:40:40.343 OS Version: Windows 6.1.7600
    20:40:40.344 Number of processors: 2 586 0xF0D
    20:40:40.368 ComputerName: ANT UserName:
    20:40:43.917 Initialize success
    20:41:39.603 AVAST engine defs: 12060700
    20:41:48.994 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    20:41:48.997 Disk 0 Vendor: SAMSUNG_HM160JI AD100-16 Size: 152627MB BusType: 11
    20:41:49.309 Disk 0 MBR read successfully
    20:41:49.312 Disk 0 MBR scan
    20:41:49.399 Disk 0 Windows 7 default MBR code
    20:41:49.445 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
    20:41:49.866 Disk 0 scanning sectors +312578048
    20:41:50.612 Disk 0 scanning C:\Windows\system32\drivers
    20:43:51.726 Service scanning
    20:44:21.117 Service MpKsl30d66e7a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A1C0E8B-BE04-4E15-8539-819A8BC4E221}\MpKsl30d66e7a.sys **LOCKED** 32
    20:44:58.573 Modules scanning
    20:49:31.115 Disk 0 trace - called modules:
    20:49:31.227 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
    20:49:31.588 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a81030]
    20:49:31.604 3 CLASSPNP.SYS[88f7959e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x855db908]
    20:49:33.759 AVAST engine scan C:\Windows
    20:52:43.095 AVAST engine scan C:\Windows\system32
    21:44:05.039 AVAST engine scan C:\Windows\system32\drivers
    21:47:45.728 AVAST engine scan C:\Users\User
    22:51:19.102 AVAST engine scan C:\ProgramData
    22:56:36.750 Scan finished successfully
    23:10:36.901 Disk 0 MBR has been saved successfully to "C:\Users\User\Documents\Stuff That Is Completely Irrelevant\Truly Random Crap\Logs June '12\MBR.dat"
    23:10:36.921 The log file has been saved successfully to "C:\Users\User\Documents\Stuff That Is Completely Irrelevant\Truly Random Crap\Logs June '12\aswMBR.txt"
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Bootkit Remover log seems to be incomplete.
    Please re-run it.
     
  8. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    That's all I'm getting on the black screen, run it as admin, re-downloaded and tried again, same result. There's a debug log that's appeared in the bootkit cleaner folder, whether or not that's what you need?
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Go ahead and post debug log.
     
  10. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    .\debug.cpp(238) : Debug log started at 07.06.2012 - 22:43:22
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 32-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x82e02000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x83212000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
    .\debug.cpp(256) : 0x80bb4000 0x00008000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x8882a000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
    .\debug.cpp(256) : 0x888a2000 0x00011000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x888b3000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0x888bb000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x888fd000 0x000ab000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x88a15000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
    .\debug.cpp(256) : 0x88a86000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
    .\debug.cpp(256) : 0x88a94000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
    .\debug.cpp(256) : 0x88adc000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
    .\debug.cpp(256) : 0x88ae5000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
    .\debug.cpp(256) : 0x88aed000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
    .\debug.cpp(256) : 0x88b17000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
    .\debug.cpp(256) : 0x88b22000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x88b33000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
    .\debug.cpp(256) : 0x88b43000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x88b8e000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys"
    .\debug.cpp(256) : 0x88b95000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x88ba3000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
    .\debug.cpp(256) : 0x88bab000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
    .\debug.cpp(256) : 0x88bb6000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x88bcc000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
    .\debug.cpp(256) : 0x88bd5000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
    .\debug.cpp(256) : 0x88a00000 0x0000a000 "\SystemRoot\system32\DRIVERS\msahci.sys"
    .\debug.cpp(256) : 0x88a0a000 0x00009000 "\SystemRoot\system32\drivers\amdxata.sys"
    .\debug.cpp(256) : 0x889a8000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x889dc000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x88800000 0x00028000 "\SystemRoot\system32\DRIVERS\MpFilter.sys"
    .\debug.cpp(256) : 0x88c07000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x88d36000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
    .\debug.cpp(256) : 0x88d61000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x88d74000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
    .\debug.cpp(256) : 0x88dd1000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
    .\debug.cpp(256) : 0x88ddf000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
    .\debug.cpp(256) : 0x88e08000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x88ebf000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x88efd000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
    .\debug.cpp(256) : 0x89030000 0x0014a000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x8917a000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x891ab000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
    .\debug.cpp(256) : 0x891ea000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
    .\debug.cpp(256) : 0x89000000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
    .\debug.cpp(256) : 0x88f22000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x891f2000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
    .\debug.cpp(256) : 0x88f32000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
    .\debug.cpp(256) : 0x88f64000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
    .\debug.cpp(256) : 0x88f75000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x88fcd000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0x88fec000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x88ff3000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x88de8000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x8e820000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x8e841000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x8e84e000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0x8e856000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
    .\debug.cpp(256) : 0x8e85e000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
    .\debug.cpp(256) : 0x8e866000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x8e871000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x8e87f000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
    .\debug.cpp(256) : 0x8e896000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x8e8a1000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0x8e8d3000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
    .\debug.cpp(256) : 0x8e92d000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
    .\debug.cpp(256) : 0x8e934000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
    .\debug.cpp(256) : 0x8e953000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0x8e961000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0x8e974000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0x8e984000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0x8e9c5000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
    .\debug.cpp(256) : 0x8e9cf000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0x8e9d9000 0x0000a000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys"
    .\debug.cpp(256) : 0x8e9e3000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
    .\debug.cpp(256) : 0x8e800000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
    .\debug.cpp(256) : 0x8e9ef000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
    .\debug.cpp(256) : 0x8d82a000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
    .\debug.cpp(256) : 0x8d84b000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0x8d85d000 0x00003000 "\SystemRoot\system32\DRIVERS\cpqbttn.sys"
    .\debug.cpp(256) : 0x8d860000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0x8d873000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0x8d87a000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
    .\debug.cpp(256) : 0x8f03e000 0x00509000 "\SystemRoot\system32\DRIVERS\igdkmd32.sys"
    .\debug.cpp(256) : 0x8f547000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
    .\debug.cpp(256) : 0x8f000000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
    .\debug.cpp(256) : 0x8d883000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
    .\debug.cpp(256) : 0x8d88e000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0x8d8d9000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0x8d8e8000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
    .\debug.cpp(256) : 0x8d907000 0x00051000 "\SystemRoot\system32\DRIVERS\yk62x86.sys"
    .\debug.cpp(256) : 0x8f612000 0x00413000 "\SystemRoot\system32\DRIVERS\netw5v32.sys"
    .\debug.cpp(256) : 0x8fa25000 0x0002c000 "\SystemRoot\system32\DRIVERS\1394ohci.sys"
    .\debug.cpp(256) : 0x8fa51000 0x00019000 "\SystemRoot\system32\drivers\sdbus.sys"
    .\debug.cpp(256) : 0x8fa6a000 0x00051000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
    .\debug.cpp(256) : 0x8fabb000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
    .\debug.cpp(256) : 0x8fabf000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0x8fad7000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0x8fae4000 0x00038000 "\SystemRoot\system32\DRIVERS\Apfiltr.sys"
    .\debug.cpp(256) : 0x8fb1c000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0x8fb29000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
    .\debug.cpp(256) : 0x8fb36000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
    .\debug.cpp(256) : 0x8fb48000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0x8fb60000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0x8fb6b000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0x8fb8d000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0x8fba5000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0x8fbbc000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
    .\debug.cpp(256) : 0x8fbd3000 0x0000c000 "\SystemRoot\system32\DRIVERS\VClone.sys"
    .\debug.cpp(256) : 0x8d958000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
    .\debug.cpp(256) : 0x8fbdf000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0x8d97e000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0x8fbe1000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
    .\debug.cpp(256) : 0x8fbef000 0x0000c000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
    .\debug.cpp(256) : 0x8d9b2000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0x8f600000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0x8260b000 0x00033000 "\SystemRoot\system32\drivers\CHDRT32.sys"
    .\debug.cpp(256) : 0x8263e000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0x8266d000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0x82686000 0x0003e000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys"
    .\debug.cpp(256) : 0x826c4000 0x00103000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys"
    .\debug.cpp(256) : 0x82824000 0x000b5000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys"
    .\debug.cpp(256) : 0x828d9000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
    .\debug.cpp(256) : 0x828e6000 0x0009d000 "\SystemRoot\System32\Drivers\ATSwpWDF.sys"
    .\debug.cpp(256) : 0x8298d000 0x00002000 "\SystemRoot\system32\drivers\USBD.SYS"
    .\debug.cpp(256) : 0x82a8a000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0x82aa1000 0x00024000 "\SystemRoot\System32\Drivers\usbvideo.sys"
    .\debug.cpp(256) : 0x96510000 0x0024f000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0x82b23000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0x82b53000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
    .\debug.cpp(256) : 0x96770000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0x967a0000 0x0001e000 "\SystemRoot\System32\cdd.dll"
    .\debug.cpp(256) : 0x82b5e000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
    .\debug.cpp(256) : 0x82b79000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
    .\debug.cpp(256) : 0x82b93000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
    .\debug.cpp(256) : 0x82ba9000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0x82bb6000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
    .\debug.cpp(256) : 0x82bc1000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
    .\debug.cpp(256) : 0x82bcb000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
    .\debug.cpp(256) : 0x82bdc000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
    .\debug.cpp(256) : 0x829a1000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
    .\debug.cpp(256) : 0x82bec000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0x82a00000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
    .\debug.cpp(256) : 0xaa41d000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
    .\debug.cpp(256) : 0xaa4a2000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
    .\debug.cpp(256) : 0xaa4bb000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
    .\debug.cpp(256) : 0xaa4cd000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0xaa4f0000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
    .\debug.cpp(256) : 0xaa52b000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
    .\debug.cpp(256) : 0xaa55e000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
    .\debug.cpp(256) : 0xaa562000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
    .\debug.cpp(256) : 0xaa400000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
    .\debug.cpp(256) : 0x82800000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
    .\debug.cpp(256) : 0xaa40a000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
    .\debug.cpp(256) : 0xaa546000 0x00008000 "\SystemRoot\system32\DRIVERS\xaudio.sys"
    .\debug.cpp(256) : 0xab014000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
    .\debug.cpp(256) : 0xab063000 0x00052000 "\SystemRoot\System32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xab11f000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
    .\debug.cpp(256) : 0xab1df000 0x00019000 "\??\C:\Users\User\AppData\Local\Temp\pxldrpow.sys"
    .\debug.cpp(256) : 0xab0ff000 0x00007000 "\??\C:\Users\User\AppData\Local\Temp\mbr.sys"
    .\debug.cpp(256) : 0xab1cf000 0x0000b000 "\??\C:\Windows\system32\Drivers\PROCEXP152.SYS"
    .\debug.cpp(256) : 0xab000000 0x0000c000 "\??\C:\Users\User\AppData\Local\Temp\aswMBR.sys"
    .\debug.cpp(256) : 0xab00c000 0x00006000 "\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A1C0E8B-BE04-4E15-8539-819A8BC4E221}\MpKsl30d66e7a.sys"
    .\debug.cpp(256) : 0x77400000 0x0013c000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(256) : 0x481a0000 0x00013000 "\Windows\System32\smss.exe"
    .\debug.cpp(256) : 0x77640000 0x00050000 "\Windows\System32\apisetschema.dll"
    .\debug.cpp(256) : 0x002b0000 0x000a6000 "\Windows\System32\autochk.exe"
    .\debug.cpp(256) : 0x772a0000 0x0015c000 "\Windows\System32\ole32.dll"
    .\debug.cpp(256) : 0x77610000 0x00019000 "\Windows\System32\sechost.dll"
    .\debug.cpp(256) : 0x775c0000 0x00045000 "\Windows\System32\Wldap32.dll"
    .\debug.cpp(256) : 0x77560000 0x00057000 "\Windows\System32\shlwapi.dll"
    .\debug.cpp(256) : 0x77210000 0x00083000 "\Windows\System32\clbcatq.dll"
    .\debug.cpp(256) : 0x770f0000 0x0011b000 "\Windows\System32\wininet.dll"
    .\debug.cpp(256) : 0x77550000 0x00005000 "\Windows\System32\psapi.dll"
    .\debug.cpp(256) : 0x76f50000 0x0019d000 "\Windows\System32\setupapi.dll"
    .\debug.cpp(256) : 0x76300000 0x00c49000 "\Windows\System32\shell32.dll"
    .\debug.cpp(256) : 0x762c0000 0x00035000 "\Windows\System32\ws2_32.dll"
    .\debug.cpp(256) : 0x77540000 0x0000a000 "\Windows\System32\lpk.dll"
    .\debug.cpp(256) : 0x761e0000 0x000d4000 "\Windows\System32\kernel32.dll"
    .\debug.cpp(256) : 0x761d0000 0x00003000 "\Windows\System32\normaliz.dll"
    .\debug.cpp(256) : 0x76150000 0x0007b000 "\Windows\System32\comdlg32.dll"
    .\debug.cpp(256) : 0x760f0000 0x00052000 "\Windows\System32\difxapi.dll"
    .\debug.cpp(256) : 0x76020000 0x000cc000 "\Windows\System32\msctf.dll"
    .\debug.cpp(256) : 0x75f70000 0x000a1000 "\Windows\System32\rpcrt4.dll"
    .\debug.cpp(256) : 0x75f40000 0x0002a000 "\Windows\System32\imagehlp.dll"
    .\debug.cpp(256) : 0x75f30000 0x00006000 "\Windows\System32\nsi.dll"
    .\debug.cpp(256) : 0x75e90000 0x0009d000 "\Windows\System32\usp10.dll"
    .\debug.cpp(256) : 0x75cd0000 0x001b8000 "\Windows\System32\iertutil.dll"
    .\debug.cpp(256) : 0x75cb0000 0x0001f000 "\Windows\System32\imm32.dll"
    .\debug.cpp(256) : 0x75c20000 0x0008f000 "\Windows\System32\oleaut32.dll"
    .\debug.cpp(256) : 0x75b80000 0x000a0000 "\Windows\System32\advapi32.dll"
    .\debug.cpp(256) : 0x75a60000 0x00111000 "\Windows\System32\urlmon.dll"
    .\debug.cpp(256) : 0x75990000 0x000c9000 "\Windows\System32\user32.dll"
    .\debug.cpp(256) : 0x75940000 0x0004e000 "\Windows\System32\gdi32.dll"
    .\debug.cpp(256) : 0x75890000 0x000ac000 "\Windows\System32\msvcrt.dll"
    .\debug.cpp(256) : 0x75770000 0x0011c000 "\Windows\System32\crypt32.dll"
    .\debug.cpp(256) : 0x756e0000 0x00084000 "\Windows\System32\comctl32.dll"
    .\debug.cpp(256) : 0x756b0000 0x0002d000 "\Windows\System32\wintrust.dll"
    .\debug.cpp(256) : 0x75690000 0x00012000 "\Windows\System32\devobj.dll"
    .\debug.cpp(256) : 0x75660000 0x00027000 "\Windows\System32\cfgmgr32.dll"
    .\debug.cpp(256) : 0x75610000 0x0004a000 "\Windows\System32\KernelBase.dll"
    .\debug.cpp(256) : 0x75600000 0x0000c000 "\Windows\System32\msasn1.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
    .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_135C103C&REV_02#0019D2FFFFCA6D8A00#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMBR"
    .\debug.cpp(400) : Destination "\Device\aswMBR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
    .\debug.cpp(400) : Destination "\Device\AgileVPN"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\pxldrpow"
    .\debug.cpp(400) : Destination "\Device\pxldrpow"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000006"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpKsl30d66e7a"
    .\debug.cpp(400) : Destination "\Device\MpKsl30d66e7a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C454BBFE-4171-4DBC-AB09-516A6E2046CC}"
    .\debug.cpp(400) : Destination "\Device\NDMP2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A02&SUBSYS_30CD103C&REV_0C#3&33fd14ca&0&10#{e6dfdc31-31d0-46ac-86af-da1eb05fc599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\CdRom1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_30CD103C&REV_03#3&33fd14ca&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
    .\debug.cpp(400) : Destination "\Device\NDMP9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Duo_CPU_____T7100__@_1.80GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
    .\debug.cpp(400) : Destination "\Device\ProcessManagement"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&16daf6a&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1ba028e5&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_30CD103C&REV_03#3&33fd14ca&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_30CD103C&REV_03#3&33fd14ca&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_30CD103C&REV_03#3&33fd14ca&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&46041cb&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
    .\debug.cpp(400) : Destination "\Device\Video5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskSAMSUNG_HM160JI_________________________AD100-16#5&3554465c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1a494e15&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_08FF&PID_2580#5&39cd0452&0&1#{e2b5183a-99ea-4cc3-ad6b-80ca8d715b80}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
    .\debug.cpp(400) : Destination "\Device\00000067"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#4#{629758ee-986e-4d9e-8e47-de27f8ab054d}"
    .\debug.cpp(400) : Destination "\Device\00000060"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3D9A34EA-7E76-4D45-A9C1-0892D84D3BEB}"
    .\debug.cpp(400) : Destination "\Device\NDMP6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CBA32AA8-ABD4-4FD6-879D-E4597CE8FAB2}"
    .\debug.cpp(400) : Destination "\Device\NDMP8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_30CD103C&REV_03#3&33fd14ca&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
    .\debug.cpp(400) : Destination "\Device\Scsi\VClone1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
    .\debug.cpp(400) : Destination "\Device\SPDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
    .\debug.cpp(400) : Destination "\Device\TeredoTun"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&4fb6a91&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
    .\debug.cpp(400) : Destination "\Device\PEAuth"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\XAudio"
    .\debug.cpp(400) : Destination "\Device\XAudio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
    .\debug.cpp(400) : Destination "\Device\Winachsf0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
    .\debug.cpp(400) : Destination "\Device\Psched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPLE800#4&43bc6af&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\0000008c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{44865dfa-774d-4b2d-a8e4-43c6765a9bdb}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{02c19d03-f08b-11de-af11-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{4000da7a-f0b2-11de-abde-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1ba028e5&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
    .\debug.cpp(400) : Destination "\Device\NDMP15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_B016&MI_00#6&33488c82&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000077"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000006"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
     
  11. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination "\Device\0000008c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PROCEXP152"
    .\debug.cpp(400) : Destination "\Device\PROCEXP152"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#3#{629758ee-986e-4d9e-8e47-de27f8ab054d}"
    .\debug.cpp(400) : Destination "\Device\00000063"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
    .\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0AF199CA-866B-40AD-A5BE-CBC994805575}"
    .\debug.cpp(400) : Destination "\Device\NDMP4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&181d53b7&0&0001#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000006a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
    .\debug.cpp(400) : Destination "\Device\IPSECDOSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#7#{629758ee-986e-4d9e-8e47-de27f8ab054d}"
    .\debug.cpp(400) : Destination "\Device\00000065"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8D6BE402-12C1-471B-A4B5-F1340F05C903}"
    .\debug.cpp(400) : Destination "\Device\NDMP1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{50E0CC89-7DEB-4502-B681-550D0F724DC9}"
    .\debug.cpp(400) : Destination "\Device\NDMP7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_B016&MI_00#6&33488c82&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000077"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2}"
    .\debug.cpp(400) : Destination "\Device\00000067"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
    .\debug.cpp(400) : Destination "\Device\CdRom1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS1#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&16daf6a&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
    .\debug.cpp(400) : Destination "\Device\USBFDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Apfiltr"
    .\debug.cpp(400) : Destination "\Device\Apfiltr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4000da7e-f0b2-11de-abde-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
    .\debug.cpp(400) : Destination "\Device\USBFDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
    .\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
    .\debug.cpp(400) : Destination "\Device\00000073"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#6#{629758ee-986e-4d9e-8e47-de27f8ab054d}"
    .\debug.cpp(400) : Destination "\Device\00000064"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
    .\debug.cpp(400) : Destination "\Device\NDMP16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AUI1500#4&1b5738e3&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
    .\debug.cpp(400) : Destination "\Device\nativewifip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4353&SUBSYS_30CD103C&REV_14#4&6142334&0&00E1#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col01#3&181d53b7&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f0adbba2-5e10-11e1-825b-001a6b7415a1}"
    .\debug.cpp(400) : Destination "\Device\CdRom1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
    .\debug.cpp(400) : Destination "\Device\00000073"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1073dde2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-851S________________1.50____#5&d67eaa4&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#2#{629758ee-986e-4d9e-8e47-de27f8ab054d}"
    .\debug.cpp(400) : Destination "\Device\00000061"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1b8185a4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy23"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy23"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
    .\debug.cpp(400) : Destination "\Device\Nsi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E7A642BE-C250-4985-8BAD-C5DD6ABB3FCC}"
    .\debug.cpp(400) : Destination "\Device\NDMP5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
    .\debug.cpp(400) : Destination "\Device\NDMP10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1b5738e3&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy24"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy24"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#1#{629758ee-986e-4d9e-8e47-de27f8ab054d}"
    .\debug.cpp(400) : Destination "\Device\00000062"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_30CD103C&REV_03#3&33fd14ca&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NDMP12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
    .\debug.cpp(400) : Destination "\Device\WwanProt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy25"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy25"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#HPQ0006&Col02#3&181d53b7&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000006a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
    .\debug.cpp(400) : Destination "\Device\WANARPV6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&36c0c465&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO"
    .\debug.cpp(400) : Destination "\Device\ElbyCDIO"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
    .\debug.cpp(400) : Destination "\Device\ASYNCMAC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy26"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy26"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1ba028e5&0&2#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
    .\debug.cpp(400) : Destination "\Device\1394BUS0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_30CD103C&REV_05#4&caa9f97&0&48F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&e8c728f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPLE800#4&43bc6af&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\0000008c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000008d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy27"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy27"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#8#{629758ee-986e-4d9e-8e47-de27f8ab054d}"
    .\debug.cpp(400) : Destination "\Device\00000066"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy28"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy28"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Scsi\VClone1Port5Path0Target0Lun0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{564EB329-BE49-43F8-B325-730313F25D54}"
    .\debug.cpp(400) : Destination "\Device\NDMP3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_30CD103C&REV_12#4&caa9f97&0&4CF0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NDMP11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
    .\debug.cpp(400) : Destination "\Device\MICH_AZ0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_B016#SN0001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_135C103C&REV_02#0019D2FFFFCA6D8A00#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1b5738e3&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
    .\debug.cpp(400) : Destination "\Device\MPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Scsi\VClone1Port5Path0Target0Lun0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4353&SUBSYS_30CD103C&REV_14#4&6142334&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_30CD103C&REV_03#3&33fd14ca&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
    .\debug.cpp(400) : Destination "\Device\NDMP14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Duo_CPU_____T7100__@_1.80GHz#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{9c12192f-815f-4229-9fdf-87019132fc38}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
    .\debug.cpp(400) : Destination "\Device\mbr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_08FF&PID_2580#5&39cd0452&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000043"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
    .\debug.cpp(400) : Destination "\Device\SstpDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A02&SUBSYS_30CD103C&REV_0C#3&33fd14ca&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5045&SUBSYS_103C30CD&REV_1001#4&137195a0&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
    .\debug.cpp(400) : Destination "\Device\00000073"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A02&SUBSYS_30CD103C&REV_0C#3&33fd14ca&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ-851S________________1.50____#5&d67eaa4&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    Will do, cheers for the help so far, but it's getting late here in merry old england, so I shall run that tomorrow, thanks again. Shall update you tomorrow.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    No problem :)
     
  15. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    Hello again, ran combofix today, took a fair while, couple of hours. Anywho, here's the log:

    ComboFix 12-06-08.01 - User 08/06/2012 12:15:34.4.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2038.880 [GMT 1:00]
    Running from: c:\users\User\Documents\Stuff That Is Completely Irrelevant\Truly Random Crap\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Public\Documents\~WRL0001.tmp
    c:\users\User\AppData\Roaming\Love
    c:\users\User\AppData\Roaming\Love\mari0\options.txt
    c:\users\User\Documents\~WRL2822.tmp
    c:\users\User\Documents\~WRL3895.tmp
    c:\users\User\GoToAssistDownloadHelper.exe
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-08 13:03 . 2012-06-08 13:03 -------- d-----w- c:\users\User\AppData\Local\temp
    2012-06-08 13:03 . 2012-06-08 13:03 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-06-08 13:03 . 2012-06-08 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-07 22:50 . 2012-06-07 22:50 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B2F3D5A-5210-4677-BA18-E0FD1711C070}\offreg.dll
    2012-06-07 22:43 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B2F3D5A-5210-4677-BA18-E0FD1711C070}\mpengine.dll
    2012-06-07 17:05 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-05-17 15:49 . 2012-05-17 15:49 -------- d-----w- c:\program files\Common Files\Java
    2012-05-17 15:48 . 2012-05-17 15:48 -------- d-----w- c:\program files\Oracle
    2012-05-17 15:47 . 2012-04-04 17:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-04 21:02 . 2012-04-17 15:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 21:02 . 2011-05-20 14:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-04 17:47 . 2010-06-10 17:19 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 14:56 . 2011-02-16 21:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-20 19:44 . 2012-03-20 19:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-20 19:44 . 2012-03-20 19:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-05-26 11:39 . 2012-05-17 22:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A5175421-7152-44A5-A93F-A8E2C645798D}]
    2012-04-16 10:00 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-28 22:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
    "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-23 273544]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
    2008-11-05 06:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-09-23 12:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1343400]
    R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - PROCEXP152
    *Deregistered* - aswMBR
    *Deregistered* - MBAMSwissArmy
    *Deregistered* - PROCEXP152
    *Deregistered* - pxldrpow
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:02]
    .
    2011-01-28 c:\windows\Tasks\SidebarExecute.job
    - c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://start.funmoods.com/?f=1&a=bf4
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cjbv8i71.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=bf4
    FF - user.js: extensions.funmoods_i.dfltSrch - true
    FF - user.js: extensions.funmoods_i.srchPrvdr - Search
    FF - user.js: extensions.funmoods_i.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=bf4
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=bf4&q=
    FF - user.js: extensions.funmoods_i.id - 9c73c614000000000000001a6b7415a1
    FF - user.js: extensions.funmoods_i.instlDay - 15446
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.12.2
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.12.2
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.12.219:28
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - bf4
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2465362997-339490662-2206503341-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:e9,34,af,5f,65,0a,3c,a8,6f,d7,ec,5d,97,5f,89,61,aa,fe,eb,cb,a1,8f,94,
    97,51,d6,db,f1,98,41,d7,15,60,69,d0,3f,d3,7f,93,65,2e,87,6f,f6,48,34,11,d2,\
    "??"=hex:09,65,81,0f,72,13,01,37,49,e9,b5,b8,25,6d,1c,ed
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-08 14:09:17
    ComboFix-quarantined-files.txt 2012-06-08 13:09
    .
    Pre-Run: 51,355,303,936 bytes free
    Post-Run: 51,643,572,224 bytes free
    .
    - - End Of File - - EB6801DB6EF723958C20463E5DAC59C6
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    Uninstall Ask Toolbar, typical foistware.

    Post new Process Explorer log.
     
  17. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    Honestly, I can't find the ask toolbar under programs, applications, in the start bar search, or in either firefox or internet explorer under 'add ons', 'toolbars' or anywhere.

    Process explorer log:
    Process PID CPU Private Bytes Working Set Description Company Name Command Line
    System Idle Process 0 22.56 0 K 24 K
    System 4 1.38 52 K 1,356 K
    Interrupts n/a 2.19 0 K 0 K Hardware Interrupts and DPCs
    smss.exe 276 264 K 768 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
    csrss.exe 452 0.23 1,260 K 3,100 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    wininit.exe 492 948 K 2,932 K Windows Start-Up Application Microsoft Corporation wininit.exe
    services.exe 552 0.61 5,192 K 5,932 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
    svchost.exe 688 17.23 3,444 K 6,472 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
    rundll32.exe 2976 0.31 1,844 K 5,676 K Windows host process (Rundll32) Microsoft Corporation C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
    igfxsrvc.exe 3712 1,568 K 4,764 K igfxsrvc Module Intel Corporation C:\Windows\system32\igfxsrvc.exe -Embedding
    dllhost.exe 1188 1,448 K 4,876 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{30D49246-D217-465F-B00B-AC9DDD652EB7}
    WmiPrvSE.exe 3616 1,968 K 4,708 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
    svchost.exe 808 1.06 3,640 K 6,388 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
    MsMpEng.exe 856 0.42 58,284 K 44,080 K Antimalware Service Executable Microsoft Corporation "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
    svchost.exe 1008 0.84 16,904 K 15,472 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    audiodg.exe 5164 0.06 15,576 K 14,524 K Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0xa50
    svchost.exe 1040 11.86 48,420 K 53,472 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    dwm.exe 3004 6.57 44,660 K 19,956 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
    svchost.exe 1068 1.86 24,580 K 33,016 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
    wuauclt.exe 2144 1,368 K 5,160 K Windows Update Microsoft Corporation "C:\Windows\system32\wuauclt.exe"
    svchost.exe 1192 0.02 6,632 K 11,492 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
    svchost.exe 1308 0.02 13,288 K 12,792 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
    spoolsv.exe 1688 0.18 5,144 K 9,312 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
    svchost.exe 1724 0.01 9,832 K 11,240 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    svchost.exe 1828 0.06 5,736 K 40,388 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    svchost.exe 1944 1,388 K 4,092 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
    XAudio.exe 2036 664 K 2,156 K Modem Audio Service Conexant Systems, Inc. C:\Windows\system32\DRIVERS\xaudio.exe
    svchost.exe 704 1,148 K 3,448 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k bthsvcs
    svchost.exe 444 1,904 K 4,420 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    taskhost.exe 2948 0.07 7,300 K 7,584 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
    wmpnetwk.exe 3704 < 0.01 10,452 K 12,132 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
    SearchIndexer.exe 1668 0.04 48,728 K 40,384 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
    svchost.exe 3292 < 0.01 9,744 K 11,780 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    taskhost.exe 3208 4,648 K 4,256 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
    lsass.exe 568 0.58 4,988 K 8,884 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
    lsm.exe 576 0.24 1,532 K 3,000 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
    csrss.exe 504 1.22 2,356 K 16,704 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    conhost.exe 3812 920 K 3,780 K Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe "11525495922045427906-1480344756-11495892389645722997757189198513461741373965964
    winlogon.exe 756 1,732 K 4,236 K Windows Logon Application Microsoft Corporation winlogon.exe
    explorer.exe 3052 8.06 68,968 K 93,376 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
    Apoint.exe 3536 0.72 2,328 K 7,496 K Alps Pointing-device Driver Alps Electric Co., Ltd. "C:\Program Files\Apoint2K\Apoint.exe"
    ApMsgFwd.exe 3748 < 0.01 920 K 3,556 K ApMsgFwd Alps Electric Co., Ltd. "C:\Program Files\Apoint2K\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
    igfxtray.exe 3548 1,248 K 4,668 K igfxTray Module Intel Corporation "C:\Windows\System32\igfxtray.exe"
    hkcmd.exe 3572 1,372 K 4,704 K hkcmd Module Intel Corporation "C:\Windows\System32\hkcmd.exe"
    igfxpers.exe 3580 1,212 K 4,632 K persistence Module Intel Corporation "C:\Windows\System32\igfxpers.exe"
    realsched.exe 3604 1,548 K 568 K RealNetworks Scheduler RealNetworks, Inc. "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
    VCDDaemon.exe 3904 1,092 K 4,308 K Virtual CloneDrive Daemon Elaborate Bytes AG "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    msseces.exe 3916 4,620 K 10,952 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    jusched.exe 3924 852 K 3,440 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    sidebar.exe 3948 1.03 32,684 K 32,372 K Windows Desktop Gadgets Microsoft Corporation "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
    NokiaSuite.exe 3984 1.79 139,772 K 37,580 K Nokia Suite Nokia "C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe" -tray
    procexp.exe 484 15.96 15,752 K 27,016 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\User\Documents\Stuff That Is Completely Irrelevant\Truly Random Crap\ProcessExplorer\procexp.exe"
    ApntEx.exe 3796 0.88 1,332 K 3,972 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. "Apntex.exe"
    firefox.exe 6048 1.14 196,360 K 202,720 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
    plugin-container.exe 5644 0.78 13,392 K 17,436 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=6048.141a7970.1536378656 "C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll" 308046B0AF4A39CB -greomni "C:\Program Files\Mozilla Firefox\omni.ja" 6048 "\\.\pipe\gecko-crash-server-pipe.6048" plugin
    MpCmdRun.exe 4340 0.01 3,500 K 7,044 K Microsoft Malware Protection Command Line Utility Microsoft Corporation "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey DA9931F3-8786-78D4-A5E6-2A8949869662 -Reinvoke
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    CPU usage is still very high.
    Combofix removed some infection leftovers but you must be dealing with some other issues (hardware, overheating?).

    Let's see couple more logs.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    OTL log:

    OTL logfile created on: 09/06/2012 12:05:39 - Run 1
    OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\User\Documents\Stuff That Is Completely Irrelevant\Truly Random Crap
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.53% Memory free
    3.98 Gb Paging File | 2.86 Gb Available in Paging File | 71.78% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 48.16 Gb Free Space | 32.31% Space Free | Partition Type: NTFS
    Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ANT | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/09 10:59:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Documents\Stuff That Is Completely Irrelevant\Truly Random Crap\OTL.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/01/10 19:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
    PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/05/23 11:06:14 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/13 17:03:18 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
    MOD - [2012/05/13 16:03:39 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d22418c5321007d35bb4fd24b45b1193\System.Web.Services.ni.dll
    MOD - [2012/05/13 16:02:29 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
    MOD - [2012/05/13 16:02:15 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
    MOD - [2012/05/13 16:02:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
    MOD - [2012/05/13 16:01:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
    MOD - [2012/05/13 16:01:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
    MOD - [2012/05/13 16:01:00 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
    MOD - [2012/05/13 15:59:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
    MOD - [2012/01/10 19:38:40 | 000,423,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
    MOD - [2012/01/10 19:38:38 | 000,058,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
    MOD - [2012/01/10 19:38:34 | 000,095,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
    MOD - [2012/01/10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
    MOD - [2012/01/10 19:38:00 | 000,384,896 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtCore.dll
    MOD - [2012/01/10 19:38:00 | 000,165,248 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll
    MOD - [2012/01/10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
    MOD - [2012/01/10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
    MOD - [2012/01/10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
    MOD - [2012/01/10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
    MOD - [2012/01/10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
    MOD - [2012/01/10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
    MOD - [2012/01/10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
    MOD - [2012/01/10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
    MOD - [2012/01/10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
    MOD - [2012/01/10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
    MOD - [2012/01/10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
    MOD - [2012/01/10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
    MOD - [2012/01/10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
    MOD - [2012/01/10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
    MOD - [2012/01/10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
    MOD - [2012/01/10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll
    MOD - [2012/01/10 19:36:24 | 000,437,632 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
    MOD - [2012/01/10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll
    MOD - [2012/01/10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
    MOD - [2012/01/05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/05/04 22:02:03 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/06/18 04:03:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/12/03 17:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/28 23:46:24 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/03/04 03:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=bf4
    IE - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 C2 24 78 C6 84 CA 01 [binary data]
    IE - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\..\SearchScopes,DefaultScope = {ACC53CFC-40E3-4A11-B37C-A049BB58311C}
    IE - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\..\SearchScopes\{ACC53CFC-40E3-4A11-B37C-A049BB58311C}: "URL" = http://start.funmoods.com/results.php?f=4&a=bf4&q={searchTerms}
    IE - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "chrome://superstart/content/index.html"
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
    FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
    FF - prefs.js..extensions.enabledItems: instaclick@leahscape.com:1.7
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.8
    FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
    FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/23 11:07:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2012/02/07 21:43:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/26 12:39:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/17 23:48:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/07 21:44:02 | 000,000,000 | ---D | M]

    [2010/12/16 14:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
    [2012/06/06 09:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cjbv8i71.default\extensions
    [2012/04/17 16:26:42 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cjbv8i71.default\extensions\4f8bedd3e09bf@4f8bedd3e09c0.info
    [2012/06/06 09:00:43 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cjbv8i71.default\extensions\info@djzig.com
    [2012/04/17 17:50:47 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cjbv8i71.default\extensions\superstart@enjoyfreeware.org
    [2012/04/16 19:28:09 | 000,001,797 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cjbv8i71.default\searchplugins\funmoods.xml
    [2012/05/17 23:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/05/26 12:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
    [2011/11/12 14:44:07 | 000,105,426 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJBV8I71.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170633FE}.XPI
    [2012/01/06 02:25:44 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJBV8I71.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/02/12 21:18:06 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJBV8I71.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    [2011/06/24 12:08:30 | 000,009,468 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJBV8I71.DEFAULT\EXTENSIONS\INSTACLICK@LEAHSCAPE.COM.XPI
    [2012/03/26 00:36:20 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJBV8I71.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2012/05/22 17:55:33 | 000,088,911 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJBV8I71.DEFAULT\EXTENSIONS\TILETABS@DW-DEV.XPI
    [2012/05/26 12:39:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/05/26 12:39:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/05/26 12:39:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/06/08 14:03:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Codecv Class) - {A5175421-7152-44A5-A93F-A8E2C645798D} - C:\ProgramData\Codecv\bhoclass.dll ()
    O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
    O4 - HKU\S-1-5-21-2465362997-339490662-2206503341-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
    O4 - HKU\S-1-5-21-2465362997-339490662-2206503341-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2465362997-339490662-2206503341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E0CC89-7DEB-4502-B681-550D0F724DC9}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBA32AA8-ABD4-4FD6-879D-E4597CE8FAB2}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2007/09/17 01:02:45 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/08 14:09:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/08 14:09:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/08 14:09:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
    [2012/06/08 10:45:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/08 10:45:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/08 10:45:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/08 10:32:36 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/17 17:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/05/17 16:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/05/17 16:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

    ========== Files - Modified Within 30 Days ==========

    [2012/06/09 12:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/09 10:42:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/08 14:27:01 | 000,009,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/08 14:27:01 | 000,009,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/08 14:18:08 | 1603,035,136 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/08 14:03:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/05/26 12:44:57 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/19 00:21:16 | 000,630,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/05/19 00:21:16 | 000,111,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/05/17 23:49:50 | 000,001,994 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/05/13 15:56:53 | 000,317,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/06/08 10:45:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/08 10:45:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/08 10:45:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/08 10:45:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/08 10:45:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/26 12:44:57 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/17 23:48:37 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2010/10/06 17:08:43 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND
    [2010/10/06 16:43:30 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
    [2010/08/27 19:32:42 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010/08/13 21:47:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/07/24 21:36:48 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/07/24 21:36:38 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2010/07/24 21:34:30 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

    ========== LOP Check ==========

    [2009/12/29 15:31:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\allTunes
    [2011/03/01 12:11:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BatteryBar
    [2011/04/21 21:46:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitLord
    [2009/12/24 18:49:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
    [2010/10/26 16:32:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Design Science
    [2012/06/08 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
    [2011/04/04 12:37:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
    [2010/10/06 16:44:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Echo Software
    [2011/02/23 12:14:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Software
    [2009/12/24 18:38:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
    [2010/12/21 18:24:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Guitar Pro 6
    [2009/12/25 02:21:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hide IP NG
    [2009/12/24 14:42:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leawo
    [2011/06/30 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NetMeter
    [2012/02/07 21:56:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nokia
    [2012/02/07 21:56:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nokia Suite
    [2009/12/29 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
    [2012/02/07 21:54:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PC Suite
    [2009/12/24 14:43:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PCMesh
    [2011/04/21 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Python-Eggs
    [2011/03/31 18:26:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Rainmeter
    [2010/01/03 00:22:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Red Kawa
    [2012/05/15 12:55:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
    [2011/04/03 14:14:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
    [2011/04/25 19:36:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Temp
    [2011/09/12 00:30:06 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/01/28 10:21:49 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/12/25 02:30:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/06/08 14:09:17 | 000,013,907 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/06/08 14:18:08 | 1603,035,136 | -HS- | M] () -- C:\hiberfil.sys
    [2009/12/26 16:22:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/12/26 16:22:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/06/08 14:18:15 | 2137,382,912 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/15 16:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
    [2012/04/16 19:28:19 | 000,000,050 | ---- | M] () -- C:\user.js

    < %systemroot%\Fonts\*.com >
    [2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/03/25 23:30:58 | 000,000,411 | -HS- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2012/02/23 12:27:06 | 000,000,221 | -HS- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/11 20:58:58 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Users\User\Desktop\putty.exe
    [2005/10/01 14:08:48 | 001,974,352 | ---- | M] (None) -- C:\Users\User\Desktop\VisualBoy Advance.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/09 12:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/08 14:18:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2011/09/12 00:30:06 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
    [2011/01/28 10:21:49 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/07/26 23:00:32 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/07/26 23:00:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/07/26 23:00:31 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/07/26 23:00:31 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/07/26 23:00:30 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 14:59:56 | 000,000,402 | -HS- | M] () -- C:\Users\User\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-05 08:59:28

    < End of report >
     
  20. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    Extras log:

    OTL Extras logfile created on: 09/06/2012 12:05:39 - Run 1
    OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\User\Documents\Stuff That Is Completely Irrelevant\Truly Random Crap
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.53% Memory free
    3.98 Gb Paging File | 2.86 Gb Available in Paging File | 71.78% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 48.16 Gb Free Space | 32.31% Space Free | Partition Type: NTFS
    Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: ANT | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2465362997-339490662-2206503341-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03A02CA9-E9E4-4B24-A45A-CC98C93EC80C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{09964260-768B-40F7-BA3D-0D9B079D5EE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0C67A27A-A491-4DDD-9FF6-934929885A49}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1ACE30CB-C53A-4AC4-9A8C-2E5C71602E1E}" = rport=138 | protocol=17 | dir=out | app=system |
    "{25393B78-6898-46D6-B9AC-B1C10CE456FB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2C286CE1-AB20-48F7-B519-2C11AD9BE966}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{30B65E17-0FCC-4F3B-A431-52D7A7E39668}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{46DF0BF5-9E93-4B96-B0B7-16A0A5715E69}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4D703F7A-7B54-4D67-9CEE-797197A40323}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{54591E96-6D31-4A07-B671-B7EAEEBEC520}" = lport=139 | protocol=6 | dir=in | app=system |
    "{71511A14-9B2A-48A8-8E5E-672581EAED3C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{763220B5-A390-4F84-A6DE-9CA43B220486}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7FCD24C0-9EB0-40A6-A4D3-1A952B3BAACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{9ED4F894-7F28-4042-8A7C-3B57468234DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A027DE8F-1EF6-4BA9-9D9A-DC627DAB5544}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A098D58B-9A16-4466-9EA0-BB779642581C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A66E0B69-A460-4312-A7C8-7FA96DA7A7B5}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A7582561-A458-479E-A69D-83F89DF567E8}" = rport=139 | protocol=6 | dir=out | app=system |
    "{BD4ADD20-29C1-4E7F-B7D7-AF3F2ACE8F7E}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{D7F09961-4B2B-40AB-B6F5-D7334B882A33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DD5B6EF7-E83D-4BC4-9802-0DCAB43A67B7}" = rport=445 | protocol=6 | dir=out | app=system |
    "{EBF89F03-749C-4754-8FE7-9F291DE06383}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{F650E473-2B00-4D6D-A3BD-4827B12E02F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{F6D07A71-2158-46FA-8A24-12C4E6642146}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FA5B063E-73B6-4032-A663-646EF692B602}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01DFD7E1-61CE-4602-B9D4-9916845772CE}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{024A8556-5D00-4FF8-88AE-347B7D0CB21A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{02FC6B13-439E-4902-AC12-5EDF88D3F9E7}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
    "{08DF918F-901F-4AF3-89DB-35600CBCA2C2}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
    "{181F5894-03F7-4D06-9D0A-50D8059B0060}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{23392E34-504C-4EA8-A060-E6B308B4D0F3}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{2AE13805-86FC-4855-899F-6F443FFE279E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{2CDF8D99-9E92-40B7-A16D-4C12056D0C7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{2D1112D8-7065-4926-9931-F1AEA3344E56}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{3D550C31-FD11-4ADF-AAF1-1AAF13C6FF9E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{49511F6C-C56B-48A1-B134-BE721AD13C5A}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{4D153552-F553-4CC8-BE6D-BCFFACA43E02}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4D567EA5-EAAB-4EE6-B6B5-76B57261417B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{4E75A36E-84CA-4DA2-89B0-355DFDBF0CDA}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{505C971E-8EE0-4143-A0BE-211F4EF8056D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{531232D6-E478-4C36-B718-0E4E8FCFE3A4}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
    "{537E248E-407F-48AA-87A0-A6C253E82096}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{56B3E615-B728-43EF-857B-63171B04B455}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{58B98545-B90B-4255-97F6-7C529E8B43C3}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
    "{5AE1BE65-0073-4927-940E-40BDD1B9B2C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{604B9742-24D6-42AC-A7E0-F6CADD648329}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
    "{714945A6-ADB0-4B7D-BAC2-5096803C4FCB}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "{7A3AB074-3DA8-4200-A8E0-D03A2F7C40BE}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
    "{7CD52D24-0744-43D4-8C43-F964B7660B57}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "{7D5544F9-FC5E-44C8-8FA3-CB11100D8DB5}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "{7DA1EFAC-FE5A-4D7D-8CDB-BB6A0773D915}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "{7EBF6348-95E5-4096-AFAB-E80B073BA806}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{874E1C3D-8B36-48CE-A5BE-B01EABA5DB5E}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
    "{899D5B79-8167-4FFA-8F99-F85F019AC7D6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{8D3C5D91-B0CE-4B11-AC39-A00BE3233E76}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "{9C62DFC9-553B-4057-994B-8724749C2B0D}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
    "{A8DB8EFF-8E27-4F09-A11B-F53FD05FF1C5}" = protocol=6 | dir=out | app=system |
    "{AF39F8BD-8203-4368-8379-3A1F767B1928}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{BB8784EF-2A42-4895-B8A7-6B69767C63F2}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
    "{BC7B00EB-7209-403C-AD36-2D98E1246C9F}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
    "{BE2EDAAA-C7B4-44F5-B2DF-2922C49B244E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{C34035A4-4831-48DA-A156-6909ED35184D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C7289132-5159-4322-8D92-8ACEB56D3878}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CDC835F8-331D-4929-A10B-4528FEAA88C4}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
    "{D22B4DD0-7045-45FC-818C-5BFDCC0FD84B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D4BBC898-E2A5-4C65-B139-BB04F98910C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D84930A5-EE5C-45DE-B520-7EC8A7A9CCA6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{E9391209-8275-468D-8E4D-4D5136706C15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F29E7934-10A0-4189-9005-5912DDE2444C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{F92DC177-95BF-448B-BFA5-4E20B3D07801}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
    "TCP Query User{34943677-C89F-4B1E-BC1E-4686BD16C5CC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{509D0D92-B8B2-4C82-9941-8FE005C0DBE1}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{974B7897-9EF2-4BB7-9D03-C6F9B85931DA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{B213C063-695B-4348-90F7-5C5652D48C1B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{C0DC48F2-F829-426E-8DD3-AAF0FA4A5A4F}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
    "TCP Query User{D14D9DF1-11B9-4C3F-9BBA-4053B369AD2A}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |
    "TCP Query User{FDCF0C5D-1450-4220-AC1A-87ED2DDE2024}C:\program files\maxis\simcity 3000 uk edition\apps\updater\updater.exe" = protocol=6 | dir=in | app=c:\program files\maxis\simcity 3000 uk edition\apps\updater\updater.exe |
    "UDP Query User{50B3DFAD-E171-418D-BE0A-F15E5E993116}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
    "UDP Query User{55844451-34AD-447D-930E-411BB8B3482A}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{5BDE49BD-B0F4-44BF-BE54-308935D4E9EA}C:\program files\maxis\simcity 3000 uk edition\apps\updater\updater.exe" = protocol=17 | dir=in | app=c:\program files\maxis\simcity 3000 uk edition\apps\updater\updater.exe |
    "UDP Query User{A58F874B-382E-4BB0-A45A-D4B086F6EC23}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{E70BA0C4-908E-4EBD-B5C9-3DE73A5574B7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{FA3C8C79-EEA3-490E-B9B8-B46B08B71A42}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |
    "UDP Query User{FAECF377-BA8B-437C-AB6E-12D4DA4A44A5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{02DC3C69-02AF-47C2-9B68-AA2A69631CF8}" = DigiTech X-Edit 2.4.1
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
    "{069F290E-8895-452A-B32C-2195FEA5DEB0}" = Webcam Capture
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
    "{1DF91E52-9A42-4BC1-80DC-059ECF9F4DAA}" = Origin8
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
    "{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
    "{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
    "{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
    "{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
    "{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
    "{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
    "{FA4BACCF-0FAE-42F7-902A-FCBA1E716337}" = DigiTech RP150 Drivers
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "allTunes" = allTunes
    "Audacity_is1" = Audacity 1.2.6
    "Audiosurf_is1" = Audiosurf Beta
    "AviSynth" = AviSynth 2.5
    "BatteryBar" = BatteryBar (remove only)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Cossacks : Back To War" = Cossacks - Back To War
    "DigiTech RP150 Drivers" = DigiTech RP150 Drivers
    "DSMT6" = MathType 6
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
    "FileHippo.com" = FileHippo.com Update Checker
    "Foxit Reader" = Foxit Reader
    "Fraps" = Fraps
    "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
    "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
    "Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
    "HammerHead Rhythm Station" = HammerHead Rhythm Station
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "MiKTeX 2.9" = MiKTeX 2.9
    "Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
    "MS Access 97 SP2" = MS Access 97 SP2
    "Nokia Suite" = Nokia Suite
    "PSP Video 9" = PSP Video 9 5.03
    "RealPlayer 12.0" = RealPlayer
    "Shockwave" = Shockwave
    "Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
    "SimCity 3000 UK Edition" = SimCity 3000 UK Edition
    "Spotify" = Spotify
    "Steam App 220" = Half-Life 2
    "TVWiz" = Intel(R) TV Wizard
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VirtualCloneDrive" = VirtualCloneDrive
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.2.9
    "Xming_is1" = Xming 6.9.0.31
    "Your Product Name" = Your Product Name

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2465362997-339490662-2206503341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/05/2012 14:31:30 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 14:31:36 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 14:31:38 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 14:31:46 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 14:31:53 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 14:32:01 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 14:32:07 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 14:32:13 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 14:32:13 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 14:32:45 | Computer Name = Ant | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/05/2012 15:17:28 | Computer Name = Ant | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 08/06/2012 05:45:44 | Computer Name = Ant | Source = BROWSER | ID = 8032
    Description =

    Error - 08/06/2012 06:00:48 | Computer Name = Ant | Source = Service Control Manager | ID = 7034
    Description = The XAudioService service terminated unexpectedly. It has done this
    1 time(s).

    Error - 08/06/2012 06:01:28 | Computer Name = Ant | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 08/06/2012 06:09:27 | Computer Name = Ant | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 08/06/2012 07:15:19 | Computer Name = Ant | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 08/06/2012 07:17:00 | Computer Name = Ant | Source = BROWSER | ID = 8032
    Description =

    Error - 08/06/2012 07:22:22 | Computer Name = Ant | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 08/06/2012 09:03:49 | Computer Name = Ant | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 08/06/2012 09:16:49 | Computer Name = Ant | Source = DCOM | ID = 10010
    Description =

    Error - 08/06/2012 09:35:30 | Computer Name = Ant | Source = BROWSER | ID = 8032
    Description =


    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    OTL logs are clean.

    I suggest you start new topic in Windows forum regarding high CPU usage.
     
  22. Ant1508

    Ant1508 TS Rookie Topic Starter Posts: 35

    Cheers, will do
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...