Solved Lots of blue screens

Status
Not open for further replies.

glhglh

Posts: 701   +0
I've tried to follow the virus instructions,

Scan virus' using Symantec, Clean.

Each time I tried TCH, crash.

Malwares: Clean
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/21/2010 11:48:19 PM
mbam-log-2010-08-21 (23-48-19).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 255471
Time elapsed: 1 hour(s), 12 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

each time I try to run gmer, the computer crashes
I've tried about 10 times, running as administrator, unchecking devices, all of the above, always a crash.



DSS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by administrator at 22:24:27.53 on Sun 08/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1362 [GMT -7:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\PrnPack.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\administrator.HEDRICK\Desktop\Virus Programs\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [PrintPack dispatcher] "c:\windows\system32\spool\drivers\w32x86\3\PrnPack.exe" /server
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SignIn] "c:\program files\microsoft online services\sign in\SignIn.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\raidma~1.lnk - c:\program files\ite\ite it8212 ata raid controller\RaidMgr.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {0f420c1e-9ed6-4da5-8b91-eddde887a1dc} - c:\windows\system32\spool\drivers\w32x86\3\\Print602.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {A156A7A7-14A2-4282-B487-8E25AB68D608} - {E2AC7314-3101-4d2b-B4AB-AD381381717F} - c:\windows\system32\Print602.dll
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://gowithcrm.iosourcing.com/Citrix/ICAWEB/en/ica32/wficat.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131483673491
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} - hxxp://www.fisbonds.com/fisbonds/schwab/saxfile.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://gowithcrm.webex.com/client/T27L/event/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-11-8 24971]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [1979-12-31 10240]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-3-19 607576]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-30 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-6-30 108392]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-18 47640]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-30 1775344]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-11-8 1275584]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100822.007\NAVENG.SYS [2010-8-22 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100822.007\NAVEX15.SYS [2010-8-22 1362608]
S2 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec client security\symantec antivirus\smclu\setup\smcinst.exe --> c:\program files\symantec client security\symantec antivirus\smclu\setup\smcinst.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2005-11-8 258560]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2010-08-21 22:15:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 22:15:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 22:15:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 22:14:01 0 d-----w- c:\documents and settings\administrator.hedrick\Insurance
2010-08-18 20:12:02 423656 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-06-30 22:55:48 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-30 22:55:48 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-30 22:55:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-30 22:55:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 18:24:11 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 18:24:06 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 18:24:05 87424 ----a-w- c:\windows\system32\LMIinit.dll

============= FINISH: 22:24:59.32 ===============
and other dss attached.

Any ideas about why all the blue screens?
 

Attachments

  • DSS 8-22.txt
    12.2 KB · Views: 0
Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

===============================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Reply

When I started, my daughter said the computer was crashing about 4 to 7 times a day. I assumed blue screen. but it has been freezing up. not blue screen.

following your directions, bluescreenview, nothing happened, blank on top and bottom. nothing to save.

mbrcheck, I tried to run it about 5 times. each time, it froze the computer.

I'll post the combofix.txt file below.
 

Attachments

  • comboFix.txt
    16.9 KB · Views: 2
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt


When done, try to run MBRCheck one more time.
If still problems...

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
results of Combofix and boot kit remover

Here are the results.

just after combofix started, I got a application error.

"pev.exe application error. the instruction @ 0x0050005c reverrenced memory at 0x0050005c could not be read. OK to terminate program cancel to debug"

I cancelled, and combofix continued to run.
 

Attachments

  • ComboFix 8-24.txt
    25.5 KB · Views: 1
  • bootkit_remover_debug_log.txt
    39.7 KB · Views: 3
Bootkit Remover log looks good :)

Combofix log is clean too :)

How is computer doing?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=======================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Questions

i'll follow the instructions in a few minutes. just a small question.

did the PEG problem mean there was a problem with the boot record, or a problem with the ram. i put a ram checker on and it is running now, but will be done in a minute.

did the book kit remover remove something?
 
i put a ram checker on and it is running now, but will be done in a minute
My instructions clearly say:
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

There was nothing wrong with your MBR.
 
otl

Sorry, thought because ramtest is pre boot, and just a test, it would not hurt. stopped it.

ran otl. did not get and "extra.txt" file (ran otl twice, only an OTL.txt).

I take it that you want a cut and paste, so here is the log, but because it is so big, i will post it in three sections:

section 1

OTL logfile created on: 8/24/2010 11:38:36 AM - Run 10
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Betty Mc Niel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 467.51 Gb Total Space | 445.77 Gb Free Space | 95.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465.64 Gb Total Space | 234.91 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive S: | 465.64 Gb Total Space | 234.91 Gb Free Space | 50.45% Space Free | Partition Type: NTFS
Drive W: | 465.64 Gb Total Space | 234.91 Gb Free Space | 50.45% Space Free | Partition Type: NTFS

Computer Name: ADB10-05
Current User Name: bettym
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/24 11:26:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\OTL.exe
PRC - [2010/06/30 15:51:38 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/06/30 15:51:35 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/06/30 15:51:28 | 001,831,928 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/06/30 15:51:28 | 001,447,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/06/30 15:51:22 | 001,775,344 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/06/09 11:25:01 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/09 11:24:00 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/07/13 12:06:15 | 000,558,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 18:08:58 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2008/01/11 19:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/05/03 11:04:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2006/09/08 12:21:18 | 002,543,616 | ---- | M] (Software602 a.s.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\PrnPack.exe
PRC - [2005/11/15 20:44:14 | 001,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/11/15 20:42:22 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/10/20 10:54:16 | 000,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
PRC - [2005/06/10 02:21:01 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/04/12 02:15:29 | 001,383,936 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/06/30 17:59:24 | 000,724,992 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
PRC - [2003/08/01 19:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) -- C:\Program Files\TightVNC\WinVNC.exe
PRC - [2000/06/01 09:41:08 | 000,090,112 | ---- | M] () -- C:\ivupdate\IVM.exe


========== Modules (SafeList) ==========

MOD - [2010/08/24 11:26:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcLU\Setup\smcinst.exe -- (Smcinst)
SRV - [2010/06/30 15:51:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/06/30 15:51:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/06/30 15:51:28 | 001,831,928 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/06/30 15:51:28 | 000,345,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/06/30 15:51:22 | 001,775,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/06/09 11:25:01 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/13 12:06:15 | 000,558,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/03/19 18:08:58 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/05/03 11:04:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/20 10:54:16 | 000,126,976 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB)
SRV - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/04/12 11:15:04 | 000,869,376 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003/08/01 19:28:24 | 000,474,624 | ---- | M] (Constantin Kaplinsky) [Auto | Running] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BETTYM~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/13 17:58:21 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100823.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 17:58:21 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100823.050\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/30 15:55:48 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/30 15:51:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/06/30 15:51:40 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/06/30 15:51:40 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/06/30 15:51:40 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/06/30 15:51:32 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/06/30 15:51:08 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/06/09 11:24:11 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/02/03 02:59:54 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3114r.sys -- (si3114r)
DRV - [2008/11/25 01:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2008/11/25 01:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
DRV - [2008/11/25 01:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/11/25 01:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/29 04:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/12 14:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2005/04/12 11:07:50 | 000,099,456 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/04/12 11:07:30 | 000,029,056 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/04/12 02:07:25 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/08/18 16:21:00 | 000,189,568 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/06/01 11:19:44 | 000,024,971 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid)
DRV - [2004/05/26 07:08:00 | 000,007,296 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/05/20 20:47:22 | 000,258,560 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrv8ka51.sys -- (W8100XP)
DRV - [2004/03/17 17:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002/09/09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/08/23 15:02:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PrintPack dispatcher] C:\WINDOWS\System32\spool\drivers\w32x86\3\PrnPack.exe (Software602 a.s.)
O4 - HKLM..\Run: [SignIn] C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe (Integrated Technology Express, Inc.)
O4 - Startup: C:\Documents and Settings\Betty Mc Niel\Start Menu\Programs\Startup\IVM.lnk = C:\ivupdate\IVM.exe ()
 
otl section 2

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\spool\drivers\w32x86\3\\Print602.dll ()
O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\spool\drivers\w32x86\3\\Print602.dll ()
O9 - Extra Button: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\system32\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\system32\Print602.dll (Software602 a.s.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: logmein.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([]https in Local intranet)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://gowithcrm.iosourcing.com/Citrix/ICAWEB/en/ica32/wficat.cab (Citrix ICA Client)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131483673491 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} http://www.fisbonds.com/fisbonds/schwab/saxfile.cab (SAXFile FileDownload ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://gowithcrm.webex.com/client/T27L/event/ieatgpc.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hedrick.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/08 10:17:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/24 11:26:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\OTL.exe
[2010/08/24 10:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/08/23 14:55:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/23 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010/08/23 14:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty Mc Niel\Desktop\Virus Programs 2
[2010/08/23 09:31:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Betty Mc Niel\Recent
[2010/08/23 08:56:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2010/08/22 17:29:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/21 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/18 13:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/18 13:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/28 09:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Betty Mc Niel\Desktop\Archive
[2010/07/28 07:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/30 15:51:48 | 000,107,848 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2010/06/30 15:51:47 | 000,049,480 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2010/06/30 15:51:46 | 000,042,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WPSDRVnt.sys
[2010/06/30 15:51:40 | 000,320,560 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
[2010/06/30 15:51:40 | 000,281,648 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
[2010/06/30 15:51:40 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010/06/30 15:51:32 | 000,050,064 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\Teefer2.sys
[2010/05/27 12:03:22 | 004,169,728 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2010/05/27 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/24 11:26:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\OTL.exe
[2010/08/24 11:23:23 | 000,013,746 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/24 11:22:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/24 11:22:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/24 11:21:23 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Betty Mc Niel\NTUSER.DAT
[2010/08/24 11:21:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Betty Mc Niel\ntuser.ini
[2010/08/24 10:12:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/23 19:13:56 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/23 15:02:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/23 14:55:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/23 10:13:32 | 000,021,701 | ---- | M] () -- C:\Data BGM\Portfolio Export.csv
[2010/08/23 09:32:23 | 000,001,836 | ---- | M] () -- C:\Data BGM\cc_20100823_093208.reg
[2010/08/23 09:25:52 | 000,570,390 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/23 09:25:52 | 000,487,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/23 09:25:52 | 000,082,746 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/23 09:08:44 | 000,000,505 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Administrative Tools.lnk
[2010/08/21 14:58:09 | 000,036,994 | ---- | M] () -- C:\Data BGM\cc_20100821_145755.reg
[2010/08/20 13:08:20 | 000,018,033 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\90615783 5.pdf
[2010/08/20 12:34:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/20 07:19:04 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 12:50:59 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\http.doc
[2010/08/13 03:14:06 | 000,370,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/02 08:51:19 | 000,005,127 | ---- | M] () -- C:\Data BGM\Position Export.csv
[2010/07/29 08:37:02 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2010/07/28 07:20:11 | 000,207,644 | ---- | M] () -- C:\Data BGM\cc_20100728_071955.reg
[2010/07/22 12:50:24 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\2010 Cash Trading.xls.lnk
[2010/07/22 12:49:39 | 000,001,240 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\2010 Tax Trading.xls.lnk
[2010/06/30 15:55:48 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/30 15:55:48 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/30 15:55:48 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/30 15:55:48 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/30 15:55:44 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Symantec Endpoint Protection.lnk
[2010/06/30 15:51:48 | 000,107,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2010/06/30 15:51:47 | 000,049,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2010/06/30 15:51:46 | 000,042,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WPSDRVnt.sys
[2010/06/30 15:51:40 | 000,320,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys
[2010/06/30 15:51:40 | 000,281,648 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys
[2010/06/30 15:51:40 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys
[2010/06/30 15:51:40 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.cat
[2010/06/30 15:51:40 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.cat
[2010/06/30 15:51:40 | 000,001,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspl.inf
[2010/06/30 15:51:40 | 000,001,422 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtspx.inf
[2010/06/30 15:51:39 | 000,007,425 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.cat
[2010/06/30 15:51:39 | 000,001,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\srtsp.inf
[2010/06/30 15:51:32 | 000,050,064 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\Teefer2.sys
[2010/06/09 11:24:11 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/06/09 11:24:06 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/06/09 11:24:05 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys
[2010/05/28 12:43:59 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Portfolio Export Betty M Daily.xls.lnk
[2010/05/28 12:31:42 | 000,107,520 | ---- | M] () -- C:\Data BGM\Cash balances temp.xls
[2010/05/27 11:59:16 | 000,001,038 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PortfolioCenter.lnk
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
otl section 3

========== Files Created - No Company Name ==========

[2010/08/23 10:47:38 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\WordPad.lnk
[2010/08/23 09:32:09 | 000,001,836 | ---- | C] () -- C:\Data BGM\cc_20100823_093208.reg
[2010/08/23 09:08:44 | 000,000,505 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Administrative Tools.lnk
[2010/08/21 14:57:56 | 000,036,994 | ---- | C] () -- C:\Data BGM\cc_20100821_145755.reg
[2010/08/20 13:08:20 | 000,018,033 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\90615783 5.pdf
[2010/08/18 12:50:59 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\http.doc
[2010/07/28 07:19:57 | 000,207,644 | ---- | C] () -- C:\Data BGM\cc_20100728_071955.reg
[2010/07/22 12:48:16 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\2010 Cash Trading.xls.lnk
[2010/07/22 12:47:00 | 000,001,240 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\2010 Tax Trading.xls.lnk
[2010/06/30 15:51:40 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.cat
[2010/06/30 15:51:40 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.cat
[2010/06/30 15:51:40 | 000,001,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspl.inf
[2010/06/30 15:51:40 | 000,001,422 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtspx.inf
[2010/06/30 15:51:39 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.cat
[2010/06/30 15:51:39 | 000,001,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\srtsp.inf
[2010/06/24 03:06:42 | 000,201,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/28 12:43:59 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Portfolio Export Betty M Daily.xls.lnk
[2010/05/28 12:31:42 | 000,107,520 | ---- | C] () -- C:\Data BGM\Cash balances temp.xls
[2010/05/27 11:59:16 | 000,001,038 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PortfolioCenter.lnk
[2010/02/05 16:00:56 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_regtlb.dll
[2009/12/08 13:35:59 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 13:41:31 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/01/27 12:39:12 | 000,005,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2007/07/18 12:24:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/06 10:42:47 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/04/26 14:10:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/16 14:38:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/03/02 15:41:17 | 000,013,910 | ---- | C] () -- C:\WINDOWS\HYS.INI
[2006/01/20 13:16:29 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\fusioncache.dat
[2005/12/13 19:11:52 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\$_hpcst$.hpc
[2005/11/17 12:20:51 | 000,000,033 | ---- | C] () -- C:\WINDOWS\schwabcd.ini
[2005/11/08 16:40:53 | 000,001,230 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\FASTWiz.html
[2005/11/08 16:37:56 | 000,030,685 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\FASTWiz.log
[2005/11/08 11:52:23 | 000,000,649 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/08 10:32:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/11/08 10:31:43 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2005/11/08 10:31:42 | 000,007,100 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/11/08 10:31:40 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/26 17:34:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2001/08/10 16:37:54 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/01/14 09:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/03/18 11:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/01/18 13:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Schwab Performance Technologies
[2009/06/24 12:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/12 11:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\EPSON
[2009/08/06 13:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\ICAClient
[2010/08/18 11:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Juniper Networks
[2009/09/11 09:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Quicken WillMaker
[2008/04/18 08:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue
[2009/08/06 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\webex
[2010/02/11 12:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Xerox

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/18 11:12:06 | 000,001,024 | ---- | M] () -- C:\.rnd
[2005/11/08 10:17:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/22 18:30:14 | 000,021,162 | ---- | M] () -- C:\AVSCAN-20090922-164912-C8313140.LOG
[2005/12/21 16:20:06 | 000,271,360 | ---- | M] () -- C:\BETTYM.pst
[2009/09/23 12:30:21 | 000,000,282 | ---- | M] () -- C:\Boot.bak
[2010/08/23 14:55:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/24 10:15:21 | 000,026,086 | ---- | M] () -- C:\ComboFix 8-24.txt
[2005/11/08 10:17:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/11/08 10:17:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/11/08 10:17:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/19 07:38:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/24 11:22:22 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2006/01/16 11:26:57 | 000,000,096 | ---- | M] () -- C:\pcs.xml
[2005/11/08 16:50:36 | 000,017,590 | ---- | M] () -- C:\PkgClnup.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/06/09 11:24:09 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[2010/06/30 15:51:47 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2010/06/30 15:51:48 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/02/09 04:32:10 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/02/02 15:39:25 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/02/09 04:32:10 | 033,292,288 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/02/09 04:32:10 | 004,980,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
 
You didn't say:
How is computer doing?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://gowithcrm.webex.com/client/T...nt/ieatgpc.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2008/04/18 08:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.


======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.

  • Disable your active antivirus program.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Thank you, it seems to be running OK, but i don't know till my daughter returns

here is the otl runfix log:
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {03A89EFD-E023-A200-A22D-45F77558EB4C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03A89EFD-E023-A200-A22D-45F77558EB4C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03A89EFD-E023-A200-A22D-45F77558EB4C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03A89EFD-E023-A200-A22D-45F77558EB4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03A89EFD-E023-A200-A22D-45F77558EB4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03A89EFD-E023-A200-A22D-45F77558EB4C}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\WINDOWS\Downloaded Program Files\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\System32\dllcache\SET89.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\SET8A.tmp deleted successfully.
C:\WINDOWS\System32\SET87.tmp deleted successfully.
C:\WINDOWS\System32\SET88.tmp deleted successfully.
C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue\Registry Booster2 folder moved successfully.
C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: administrator.HEDRICK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 615 bytes

User: All Users

User: benjamin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Betty Mc Niel
->Temp folder emptied: 1001261 bytes
->Temporary Internet Files folder emptied: 4370670 bytes
->Java cache emptied: 129485 bytes
->Flash cache emptied: 1330 bytes

User: bettyh

User: bettym
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hannahh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: QBDataServiceUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: __sbs_netsetup__
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1776 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 20535 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: Administrator

User: administrator.HEDRICK
->Flash cache emptied: 0 bytes

User: All Users

User: benjamin
->Flash cache emptied: 0 bytes

User: Betty Mc Niel
->Flash cache emptied: 0 bytes

User: bettyh

User: bettym

User: Default User

User: hannahh
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: QBDataServiceUser

User: __sbs_netsetup__

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[Reboot]Then click the Run Fix bu> in the current context!

OTL by OldTimer - Version 3.2.10.0 log created on 08242010_185829

Files\Folders moved on Reboot...
C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\DWEFQ0MG\msn_com[1].htm moved successfully.
C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\DWEFQ0MG\Sync[1].htm moved successfully.
C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\CBD42NH4\ads[2].htm moved successfully.
C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\CBD42NH4\Include[1].htm moved successfully.
C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\CBD42NH4\sh21[1].html moved successfully.
C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\Content.IE5\CBD42NH4\topic152193[1].html moved successfully.
C:\Documents and Settings\Betty Mc Niel\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

and the security check log:
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec Endpoint Protection Client
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 21
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Betty Mc Niel Desktop Virus Programs 2 SecurityCheck.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

i think i need to start another reply to add anything else.
 
tfc

when i ran the otl run fix a while ago, it hung up on the reboot (before closing). I left it that way for an hour, then manually turned it off and on. the otl log then appeared on opening.

when i ran the tfc, i got the message to reboot, and the computer did the same thing. this time i only waited 15 minutes.

i'll run the kasperov, that will take a couple of hours i think.
 
Kasperov

I ran Kasperov twice, but each time, it just rebooted at the end, with no logs.

is there a place with the log?
 
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • IMPORTANT! UN-check Remove found threats
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

It shouldn't take too long.
 
kaspersky froze computer several times

i tried Kaspersky several times. i could see that there were three items found, then a freeze.

i'm trying the Eset Now.
 
freeze again

last night, i tried several times the eset.

a coupleof times, it froze at 35%. i then ran Housecall online, if found nothing.

tried Eset again this morning, i froze at 87%.

the screen froze while reviewing c:\windows\installer\86a51b1.msp

I googled that msp file, but didn't find anything.

i'l going to try the kaspersky again now.
 
Critical Kaspersky report

I finally got a critical area kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, August 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 26, 2010 11:44:19
Records in database: 4156785
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Critical areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Betty Mc Niel\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Objects scanned: 55819
Threats found: 2
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 01:47:15


File name / Threat / Threats count
WinVNC.exe\WinVNC.exe/WinVNC.exe\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\Program Files\TightVNC\WinVNC.exe/C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\Program Files\TightVNC\VNCHOOKS.DLL/C:\Program Files\TightVNC\VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1

Selected area has been scanned.

My daughter needs to do some homework, but i'll run the whole computer this afternoon.
 
Another option....this one should be quick...

Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Start scan button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View log.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
bit defender freeze

bitdefender froze three times on the downloading of the latest virus definitions.

the bar showed 100%, but it never went further.

i also tried Kaspersky again this morning, nothing.

so i went further back.

here is a log on the bootkit remover. is there anything here?

.\debug.cpp(238) : Debug log started at 27.08.2010 - 14:33:14
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00228000 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x806ff000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf75a8000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7597000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf75f7000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7607000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf7617000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf7a4f000 0x00001000 "PCIIde.sys"
.\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\System32\Drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf798b000 0x00002000 "intelide.sys"
.\debug.cpp(256) : 0xf7627000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf74d8000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf798d000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf74b2000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf7637000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf749a000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf7483000 0x00017000 "si3114r.sys"
.\debug.cpp(256) : 0xf746b000 0x00018000 "\WINDOWS\system32\drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0xf7717000 0x00006000 "iteraid.sys"
.\debug.cpp(256) : 0xf7435000 0x00036000 "Si3114r5.sys"
.\debug.cpp(256) : 0xf789b000 0x00003000 "SiWinAcc.sys"
.\debug.cpp(256) : 0xf7647000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7657000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf7415000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf7880000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf7b52000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf7853000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf798f000 0x00002000 "SiRemFil.sys"
.\debug.cpp(256) : 0xf7839000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xb9b19000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb93b6000 0x0028a000 "\SystemRoot\system32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xb93a2000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb937a000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb934b000 0x0002f000 "\SystemRoot\system32\DRIVERS\yk51x86.sys"
.\debug.cpp(256) : 0xf7767000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb9327000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf776f000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb9b09000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xf7777000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xb9313000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf79b5000 0x00002000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"
.\debug.cpp(256) : 0xb9af9000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf777f000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xb9ae9000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xba7c0000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xb9ad9000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xb9ac9000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xb9ab9000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb92f0000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xb9b98000 0x00008000 "\SystemRoot\System32\DRIVERS\InCDPass.sys"
.\debug.cpp(256) : 0xb9b90000 0x00007000 "\SystemRoot\System32\Drivers\incdrm.SYS"
.\debug.cpp(256) : 0xba538000 0x00001000 "\SystemRoot\system32\DRIVERS\lmimirr.sys"
.\debug.cpp(256) : 0xba537000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xb9aa9000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xba7b4000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8a13000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba790000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba780000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xb9680000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb8a02000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba770000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xb9670000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xb9668000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb8952000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba760000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xb9660000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xb8934000 0x0001e000 "\SystemRoot\system32\DRIVERS\teefer2.sys"
.\debug.cpp(256) : 0xf79bf000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb88d6000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf7937000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb6525000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xad386000 0x0013b000 "\SystemRoot\system32\drivers\cmudax.sys"
.\debug.cpp(256) : 0xad362000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xb6311000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb5543000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf79ed000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xb649a000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0xa8c18000 0x0004a000 "\SystemRoot\System32\Drivers\SRTSP.SYS"
.\debug.cpp(256) : 0xa8acc000 0x0014c000 "\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.048\NAVEX15.SYS"
.\debug.cpp(256) : 0xa8aa7000 0x00025000 "\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS"
.\debug.cpp(256) : 0xa8a93000 0x00014000 "\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.048\NAVENG.SYS"
.\debug.cpp(256) : 0xb6389000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xf7527000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xb5dba000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xb6385000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xb5db2000 0x00006000 "\SystemRoot\system32\DRIVERS\point32.sys"
.\debug.cpp(256) : 0xb9a99000 0x0000a000 "\SystemRoot\System32\Drivers\SRTSPX.SYS"
.\debug.cpp(256) : 0xf79b1000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7a99000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf79b3000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xa90c3000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xb7fcb000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xb7fc9000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb5583000 0x00003000 "\SystemRoot\System32\Drivers\InCDrec.SYS"
.\debug.cpp(256) : 0xa8a5a000 0x00019000 "\SystemRoot\System32\Drivers\InCDfs.SYS"
.\debug.cpp(256) : 0xa90bb000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xa8ea3000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xac7a2000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xa8a47000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xa89ee000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb9739000 0x0000e000 "\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys"
.\debug.cpp(256) : 0xa89c6000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xa89a4000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xa897e000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb9729000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xa8914000 0x0006a000 "\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys"
.\debug.cpp(256) : 0xb96f9000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xb96c9000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xa88e9000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa8879000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb79d0000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xa881b000 0x0005e000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys"
.\debug.cpp(256) : 0xa87fe000 0x0001d000 "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"
.\debug.cpp(256) : 0xb9709000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb899e000 0x00004000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
.\debug.cpp(256) : 0xa87c8000 0x00036000 "\SystemRoot\System32\Drivers\dump_Si3114r5.sys"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb8986000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf781f000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xb58e5000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00045000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf057000 0x0007a000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf0d1000 0x0006c000 "\SystemRoot\System32\atikvmag.dll"
.\debug.cpp(256) : 0xbf13d000 0x0002e000 "\SystemRoot\System32\atiok3x2.dll"
.\debug.cpp(256) : 0xbf16b000 0x002fd000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf468000 0x00186000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xa6588000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa63bb000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xf79e1000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xf79a1000 0x00002000 "\??\C:\WINDOWS\system32\drivers\EIO.sys"
.\debug.cpp(256) : 0xb7fbf000 0x00002000 "\??\C:\Program Files\LogMeIn\x86\RaInfo.sys"
.\debug.cpp(256) : 0xa62ec000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xf76e7000 0x0000a000 "\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys"
.\debug.cpp(256) : 0xa6275000 0x00027000 "\??\C:\WINDOWS\system32\drivers\WpsHelper.sys"
.\debug.cpp(256) : 0xa60b5000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa5f42000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xa5d71000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xf77a7000 0x00006000 "\SystemRoot\System32\Drivers\TDTCP.SYS"
.\debug.cpp(256) : 0xa2f38000 0x00023000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
.\debug.cpp(256) : 0xa0f9a000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Scsi\iteraid1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\InCDfs"
.\debug.cpp(400) : Destination="\DosDevices\BsUDF"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265C&SUBSYS_80A61043&REV_03#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SymEvent"
.\debug.cpp(400) : Destination="\Device\SymEvent"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Teefer2"
.\debug.cpp(400) : Destination="\Device\Teefer2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&2d2d400&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000039"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) : Destination="\Device\ATKACPI"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination="\Device\Scsi\Si3114r51"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_434D&DEV_4980&SUBSYS_813D1043&REV_0900#4&3ab10393&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_008c&Col01#6&105281ca&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{84DC4018-F68A-4017-A998-6E9539BF2003}"
.\debug.cpp(400) : Destination="\Device\{84DC4018-F68A-4017-A998-6E9539BF2003}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsCommunicationDevice"
.\debug.cpp(400) : Destination="\Device\LMIRFS\Communication"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination="\Device\Video5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265A&SUBSYS_80A61043&REV_03#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2939380C-DC92-44FC-A481-7985B745FF56}"
.\debug.cpp(400) : Destination="\Device\{2939380C-DC92-44FC-A481-7985B745FF56}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2d2d400&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e8d7f014-f69b-11dd-af99-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\POINT32FILTER"
.\debug.cpp(400) : Destination="\Device\Point32Filter"

this will take two or three.
 
#2

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e8d7f016-f69b-11dd-af99-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{98191838-ce21-11da-af2f-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureD770D770Offset7E00Length74E0DD4E00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{50894BD2-4719-42B0-B21F-241749E8170D}"
.\debug.cpp(400) : Destination="\Device\{50894BD2-4719-42B0-B21F-241749E8170D}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BBDRVCHANNEL"
.\debug.cpp(400) : Destination="\Device\BBDrvDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_045e&Pid_008c#5&3ad6b64d&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVEX15"
.\debug.cpp(400) : Destination="\Device\NAVEX15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{83FA092B-3CCB-4364-A9AA-B84CD95C3634}"
.\debug.cpp(400) : Destination="\Device\{83FA092B-3CCB-4364-A9AA-B84CD95C3634}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCD_PSEUDO_DEVICE"
.\debug.cpp(400) : Destination="\Device\INCD_PSEUDO_DEVICE"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&17adc842&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5B60&SUBSYS_002A1043&REV_00#4&37ad8b77&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : Device "\GLOBAL??\BsUDF"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserCtrlDrv"
.\debug.cpp(400) : Destination="\Device\EraserCtrlDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrvI10"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1283&DEV_8212&SUBSYS_813A1043&REV_13#4&23c0b1c&0&20F0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0017"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_008c&Col03#6&105281ca&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B82FB3A8-25CE-4154-9F75-B8C1E61AFB0E}"
.\debug.cpp(400) : Destination="\Device\{B82FB3A8-25CE-4154-9F75-B8C1E61AFB0E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a9f41a2c-4f9e-11da-8cc1-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{ff6f7dc2-5030-11da-ba9d-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX320EE____________________RYK4____#3032353032313930303031303738353620202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX320EE____________________RYK4____#3032353032313930303031303738353620202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2659&SUBSYS_80A61043&REV_03#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NAVENG"
.\debug.cpp(400) : Destination="\Device\NAVENG"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\0000006e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSPX"
.\debug.cpp(400) : Destination="\Device\SRTSPX"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AEE21A7F-8945-4954-AE4B-898EFC3010C7}"
.\debug.cpp(400) : Destination="\Device\{AEE21A7F-8945-4954-AE4B-898EFC3010C7}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1006d8fa&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_434D&DEV_4980&SUBSYS_813D1043&REV_0900#4&3ab10393&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpsHelper"
.\debug.cpp(400) : Destination="\Device\WpsHelper"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_008c&Col02#6&105281ca&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIInfo"
.\debug.cpp(400) : Destination="\Device\LMIInfo"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\InCDfsComm"
.\debug.cpp(400) : Destination="\Device\InCDfsComm"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination="\Device\ARP1394"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&28e3d985&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_434D&DEV_4980&SUBSYS_813D1043&REV_0900#4&3ab10393&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D5D4EF17-8250-46EE-9ACE-DE91B2CC622A}"
.\debug.cpp(400) : Destination="\Device\{D5D4EF17-8250-46EE-9ACE-DE91B2CC622A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WPS"
.\debug.cpp(400) : Destination="\Device\WPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000006e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MrwR00000000"
.\debug.cpp(400) : Destination="\Device\MrwR00000000"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&2b61a575&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000038"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#8dacf11d800#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_434D&DEV_4980&SUBSYS_813D1043&REV_0900#4&3ab10393&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination="\Device\Floppy0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6D6098ED-C9D0-46DE-9CDB-6480B49973F1}"
.\debug.cpp(400) : Destination="\Device\{6D6098ED-C9D0-46DE-9CDB-6480B49973F1}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_008c&Col01#6&105281ca&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000007b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265B&SUBSYS_80A61043&REV_03#3&11583659&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&559926a&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\FloppyPDO0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSONY_CD-RW__CRX320EE____________________RYK4____#3032353032313930303031303738353620202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilDrv11010"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&23e7fcf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4362&SUBSYS_81421043&REV_15#4&2065177b&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LMIRfsDevice"
.\debug.cpp(400) : Destination="\Device\LMIRFS\Control"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination="\Device\NamedPipe\Spooler\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EIO"
.\debug.cpp(400) : Destination="\Device\EIO"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INCDPASS_REAL_DEVICE00000000"
.\debug.cpp(400) : Destination="\Device\INCDPASS_REAL_DEVICE00000000"

one more
 
#3

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1095&DEV_3114&SUBSYS_81361043&REV_02#4&23c0b1c&0&28F0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SRTSP"
.\debug.cpp(400) : Destination="\Device\SRTSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_SiImage&Prod_&Rev_0000#5&23d7da25&0&0100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Scsi\Si3114r51Port4Path0Target10Lun0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_5B70&SUBSYS_002B1043&REV_00#4&37ad8b77&0&0108#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e8d7f015-f69b-11dd-af99-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYMC_TEEFER2MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000045"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_8023&SUBSYS_808B1043&REV_00#4&23c0b1c&0&18F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NONSPOOLED_LPT1"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2b857f1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{96569E7B-B3A1-45E3-B293-A9C0906EC098}"
.\debug.cpp(400) : Destination="\Device\{96569E7B-B3A1-45E3-B293-A9C0906EC098}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CD604AB4-117D-4A58-86D1-A43DFCB95466}"
.\debug.cpp(400) : Destination="\Device\{CD604AB4-117D-4A58-86D1-A43DFCB95466}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EraserUtilRebootDrv"
.\debug.cpp(400) : Destination="\Device\EraserUtilDrv11010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2658&SUBSYS_80A61043&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 467 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;
 
Status
Not open for further replies.
Back