Active IExplorer Button Not Functioning...

EXTRAS.TXT

OTL Extras logfile created on: 12/29/2010 1:59:45 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\BIG T\Desktop\New Folder
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.04 Gb Total Space | 253.21 Gb Free Space | 88.21% Space Free | Partition Type: NTFS
Drive D: | 11.05 Gb Total Space | 1.85 Gb Free Space | 16.75% Space Free | Partition Type: NTFS

Computer Name: CALBEAR | User Name: BIG T | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C92950-C213-4552-83C6-B71BA879DE74}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{26082E08-7007-4B97-BCB8-1C9DC6289198}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{2800DE66-89B4-448C-B0E0-52658C79FBD3}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{465135B1-89BF-4915-8188-58BCD160FC3C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{56F76C1E-6622-483B-9298-24216C51FB1A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{5D273B4A-6369-48FE-ABE4-041D19DB3892}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{648D65E1-6174-4736-9B76-6F6C1641507E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{7B25D8EE-FE40-4E04-A2C8-41F8B495CBFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{987FA345-0523-444E-B387-6B6DBDC14D67}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A187590B-A495-48EB-8D28-F7169424F61A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{ADB7E5CE-3251-47E7-A9A4-5F4BC9CAAE8C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{B20A3569-C09B-4D62-B645-7677D7357EDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{D50A8C7B-36B7-482B-9DA0-7F0514399F57}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4B8FFD98-90DC-44E4-AFE4-3DB92A406DD4}" = CREDANT EMS 64-bit
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{BB9B16B0-442F-46c6-92EF-8E7F30A66F92}" = PANTECH UM175AL Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"COMODO Internet Security" = COMODO Internet Security
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1ACA994D-3EF6-45E8-9206-19B599BEE31B}" = HP RC Mirror Driver
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22712FAD-DE04-4D50-82A6-3C7AC5D55AA2}" = HP User Guides 0101
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D9044DCB-F8F9-4A81-9B06-ACAC1A59B261}" = QuickConnect
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1A3C3BD-746E-46DE-91E4-658F1F94B956}" = Brother HL-2040
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"avast!" = avast! Antivirus
"FanDraft Football 2009_is1" = FanDraft Football v9.26
"FanDraft Football 2010_is1" = FanDraft Football v10.19(c)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ViewpointMediaPlayer" = Viewpoint Media Player
"vShare" = vShare Plugin
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/13/2010 10:39:19 PM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZN3VW5M\300x250[3].swf
failed, 00000005.

Error - 11/15/2010 8:30:40 PM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\BIG T\AppData\LocalLow\Apple Computer\QuickTime\downloads\13\01\d1c44259-512bb7f5-d38338e1-bfbd6fd4.qtch
failed, 00000005.

Error - 11/29/2010 1:47:12 PM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXDNY1V8\videoplayback[1]
failed, 00000005.

Error - 11/29/2010 1:47:12 PM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPNUEG1D\294__27__315467__prdmw1w3a5a4845b5c6[2].flv
failed, 00000005.

Error - 12/28/2010 6:31:20 AM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso failed, 00000084.


Error - 12/28/2010 6:32:27 AM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso failed, 00000084.


Error - 12/28/2010 6:34:50 AM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso failed, 00000084.


Error - 12/28/2010 7:08:09 AM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso failed, 00000084.


Error - 12/28/2010 7:09:26 AM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso failed, 00000084.


Error - 12/28/2010 7:12:37 AM | Computer Name = CALBEAR | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso failed, 00000084.


[ Application Events ]
Error - 12/18/2010 3:26:41 AM | Computer Name = CALBEAR | Source = Windows Search Service | ID = 3013
Description =

Error - 12/18/2010 3:37:08 AM | Computer Name = CALBEAR | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/19/2010 3:37:44 AM | Computer Name = CALBEAR | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/20/2010 3:38:11 AM | Computer Name = CALBEAR | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/20/2010 2:29:39 PM | Computer Name = CALBEAR | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_Eventlog, version 6.0.6001.18000,
time stamp 0x47919291, faulting module stapo64.dll, version 1.0.6209.0, time stamp
0x4a26e38c, exception code 0xc0000005, fault offset 0x000000000012d3cc, process
id 0x16e0, application start time 0x01cb9a8bb0b8e4f0.

Error - 12/20/2010 11:50:25 PM | Computer Name = CALBEAR | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_Eventlog, version 6.0.6001.18000,
time stamp 0x47919291, faulting module stapo64.dll, version 1.0.6209.0, time stamp
0x4a26e38c, exception code 0xc0000005, fault offset 0x000000000012d3cc, process
id 0x18bc, application start time 0x01cba0740cf340b0.

Error - 12/21/2010 12:21:58 AM | Computer Name = CALBEAR | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18975 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1530 Start Time: 01cb9818ab6f4bd0 Termination Time: 429

Error - 12/21/2010 12:26:43 AM | Computer Name = CALBEAR | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module mshtml.dll, version 8.0.6001.18975, time stamp 0x4c87263d,
exception code 0xc0000005, fault offset 0x000ec3c5, process id 0x256c, application
start time 0x01cba0c6c58946e0.

Error - 12/21/2010 11:20:03 AM | Computer Name = CALBEAR | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/21/2010 7:28:43 PM | Computer Name = CALBEAR | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp
0x4c8710a6, faulting module mshtml.dll, version 8.0.6001.18975, time stamp 0x4c87263d,
exception code 0xc0000005, fault offset 0x000ec3c5, process id 0x2034, application
start time 0x01cba0c6c491b7e0.

[ System Events ]
Error - 9/24/2010 11:09:15 AM | Computer Name = CALBEAR | Source = Service Control Manager | ID = 7000
Description =

Error - 9/24/2010 11:09:49 AM | Computer Name = CALBEAR | Source = Service Control Manager | ID = 7022
Description =

Error - 9/24/2010 11:09:49 AM | Computer Name = CALBEAR | Source = Service Control Manager | ID = 7022
Description =

Error - 10/3/2010 5:33:59 PM | Computer Name = CALBEAR | Source = Service Control Manager | ID = 7011
Description =

Error - 10/4/2010 12:32:03 AM | Computer Name = CALBEAR | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:28:15 AM on 10/4/2010 was unexpected.

Error - 10/4/2010 12:32:11 AM | Computer Name = CALBEAR | Source = HTTP | ID = 15016
Description =

Error - 10/4/2010 12:33:40 AM | Computer Name = CALBEAR | Source = Service Control Manager | ID = 7009
Description =

Error - 10/4/2010 12:33:40 AM | Computer Name = CALBEAR | Source = Service Control Manager | ID = 7000
Description =

Error - 10/4/2010 12:34:24 AM | Computer Name = CALBEAR | Source = Service Control Manager | ID = 7022
Description =

Error - 10/4/2010 12:34:42 AM | Computer Name = CALBEAR | Source = Service Control Manager | ID = 7034
Description =


< End of report >

 

Ok. Are we going to fix the MBR?

=

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  
  :OTL
  IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
  IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
  :Commands
  [purity]
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

So, I would be fixing the problem but losing the ability to do a system retore? I did not receive any type of instal disks with the computer; would it be a huge problem to do a restore if I had a crash?

 

You will not lose system restore. You will lose the ability to restore the lappie to factory settings.
What I would suggest doing is backup all your important files and launch the factory reset so that you can have a fresh start with the lappie.
The other way is to repair the MBR, probably lose the ability to restore factory settings and maybe still not have a fully functioning lappie.
There are never guarantees that removing malware will fix a PC 100%. With vista I have found that it is even more difficult.

 

RunFix Log

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: BIG T
->Flash cache emptied: 135743 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: BIG T
->Temp folder emptied: 366569819 bytes
->Temporary Internet Files folder emptied: 49098599 bytes
->Java cache emptied: 173429 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2287216 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32193725 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 4736051 bytes

Total Files Cleaned = 434.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.18.0 log created on 12292010_194253

Files\Folders moved on Reboot...
C:\Users\BIG T\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USQXIBTG\default[1].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USQXIBTG\InboxLight[1].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQ89JKAS\Messenger[1].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N191JRQL\audmeasure[1].gif moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N191JRQL\data_sync[1].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N191JRQL\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N191JRQL\xmlProxy[2].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8MKMAB4\LocalStorage[1].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87C72GQO\97017-active-iexplorer-button-not-functioning-2[1].html moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87C72GQO\ads[2].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87C72GQO\iframescript[2].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87C72GQO\pid=MSN_Hotmail_WLMUS8_160X600_LF_AdEcn[1].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87C72GQO\pixel[3].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\87C72GQO\xmlProxy[2].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N4ZMHLF\01[1].htm moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N4ZMHLF\audmeasure[1].gif moved successfully.
C:\Users\BIG T\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N4ZMHLF\p-01-0VIaSjnOLg[1].gif moved successfully.
File move failed. C:\Windows\SysNative\SET20F0.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET2132.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET852C.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET85BC.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET876B.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...


QuickScan OTL.Txt Log

OTL logfile created on: 12/29/2010 7:55:12 PM - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\BIG T\Desktop\New Folder
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.04 Gb Total Space | 249.61 Gb Free Space | 86.96% Space Free | Partition Type: NTFS
Drive D: | 11.05 Gb Total Space | 1.85 Gb Free Space | 16.75% Space Free | Partition Type: NTFS

Computer Name: CALBEAR | User Name: BIG T | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 01:19:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\BIG T\Desktop\New Folder\OTL.exe
PRC - [2010/07/06 11:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
PRC - [2009/11/24 17:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/25 18:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
PRC - [2007/05/15 18:13:10 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/12/29 01:19:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\BIG T\Desktop\New Folder\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008/10/31 16:10:16 | 000,143,096 | ---- | M] () -- C:\Windows\SysWOW64\guard32.dll
MOD - [2008/01/20 21:50:31 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/07/31 09:37:34 | 001,429,352 | ---- | M] () [Unknown | Running] -- C:\Windows\SysNative\EmsService.exe -- (EMS)
SRV:64bit: - [2009/06/03 19:43:18 | 000,239,104 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/10/31 16:10:16 | 000,884,984 | ---- | M] () [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/25 18:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/08 11:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 11:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/11/24 17:50:05 | 000,022,096 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/24 17:49:56 | 000,065,616 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/07/31 09:42:30 | 000,338,544 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\CMGShCEF.sys -- (CmgShieldCEF)
DRV:64bit: - [2009/06/03 19:43:18 | 000,486,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/11/21 21:05:22 | 001,253,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/11/17 14:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/10/09 09:17:06 | 000,005,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2008/07/20 15:31:36 | 000,084,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTDLWWAN.sys -- (PTDLWWAN)
DRV:64bit: - [2008/07/20 15:31:34 | 000,066,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTDLVsp.sys -- (PTDLVsp)
DRV:64bit: - [2008/07/20 15:31:32 | 000,070,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTDLMdm.sys -- (PTDLMdm)
DRV:64bit: - [2008/07/20 15:31:30 | 000,066,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTDLBus.sys -- (PTDLBus)
DRV:64bit: - [2008/07/17 11:38:16 | 000,143,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/12 13:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/06/04 12:55:16 | 000,129,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/04/15 05:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/31 18:23:14 | 000,195,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:46:57 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 21:46:57 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 21:13:22 | 000,550,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/09 11:42:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/09/10 12:27:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/10 12:28:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/29 19:46:50 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
O4:64bit: - HKLM..\Run: [EmsService] C:\Windows\SysNative\EmsServiceHelper.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\BIG T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll ()
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{257cb6fd-bcb2-11de-aa6a-001eec8b5b86}\Shell\access\command - " " = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe -- File not found
O33 - MountPoints2\{257cb6fd-bcb2-11de-aa6a-001eec8b5b86}\Shell\AutoRun\command - " " = F:\_Encryption_Data_Do_Not_Delete_\autorun.exe -- File not found
O33 - MountPoints2\{360f5567-a37e-11dd-8209-001eec8b5b86}\Shell - " " = AutoRun
O33 - MountPoints2\{360f5567-a37e-11dd-8209-001eec8b5b86}\Shell\AutoRun\command - " " = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{360f5646-a37e-11dd-8209-001eec8b5b86}\Shell - " " = AutoRun
O33 - MountPoints2\{360f5646-a37e-11dd-8209-001eec8b5b86}\Shell\AutoRun\command - " " = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 19:42:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/29 19:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/29 18:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/29 00:03:58 | 000,000,000 | ---D | C] -- C:\Users\BIG T\AppData\Roaming\Malwarebytes
[2010/12/29 00:03:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/29 00:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/29 00:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/28 08:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/12/27 21:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/12/19 23:33:13 | 000,000,000 | ---D | C] -- C:\Users\BIG T\AppData\Roaming\iScreensaver
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/29 19:54:54 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/29 19:54:53 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/29 19:54:53 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/29 19:51:45 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010/12/29 19:51:43 | 000,002,329 | ---- | M] () -- C:\Users\BIG T\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/12/29 19:50:09 | 000,000,260 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/12/29 19:48:06 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 19:48:06 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/29 19:47:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/29 19:47:56 | 4257,173,504 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/29 19:47:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/29 19:27:59 | 000,189,728 | ---- | M] () -- C:\Windows\SysNative\javaws.exe
[2010/12/29 19:27:59 | 000,171,808 | ---- | M] () -- C:\Windows\SysNative\javaw.exe
[2010/12/29 19:27:59 | 000,171,808 | ---- | M] () -- C:\Windows\SysNative\java.exe
[2010/12/29 19:27:58 | 000,521,448 | ---- | M] () -- C:\Windows\SysNative\deployJava1.dll
[2010/12/29 00:05:17 | 000,000,732 | ---- | M] () -- C:\Users\BIG T\AppData\Local\d3d9caps64.dat
[2010/12/28 23:42:28 | 000,000,249 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/12/28 20:29:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\QuickConnectSupportTask.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/19 23:31:59 | 000,048,640 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSResPlugin3542.dll
[2010/12/19 23:31:59 | 000,036,352 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSFolderitemsPlugin3542.dll
[2010/12/19 23:31:58 | 000,030,720 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSMemoryPlugin3542.dll
[2010/12/19 23:31:57 | 000,044,032 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSMainPlugin3542.dll
[2010/12/19 23:31:55 | 000,025,600 | -H-- | M] () -- C:\Users\BIG T\AppData\Roaming\MBSVersionPlugin3581.dll
[2010/12/07 16:58:26 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/07 16:50:58 | 000,308,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/29 19:28:10 | 000,521,448 | ---- | C] () -- C:\Windows\SysNative\deployJava1.dll
[2010/12/29 19:28:10 | 000,189,728 | ---- | C] () -- C:\Windows\SysNative\javaws.exe
[2010/12/29 19:28:10 | 000,171,808 | ---- | C] () -- C:\Windows\SysNative\javaw.exe
[2010/12/29 19:28:10 | 000,171,808 | ---- | C] () -- C:\Windows\SysNative\java.exe
[2010/12/29 13:31:40 | 4257,173,504 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/29 00:05:17 | 000,000,732 | ---- | C] () -- C:\Users\BIG T\AppData\Local\d3d9caps64.dat
[2010/12/29 00:03:15 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/19 23:31:59 | 000,036,352 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSFolderitemsPlugin3542.dll
[2010/12/19 23:31:58 | 000,048,640 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSResPlugin3542.dll
[2010/12/19 23:31:58 | 000,030,720 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSMemoryPlugin3542.dll
[2010/12/19 23:31:57 | 000,044,032 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSMainPlugin3542.dll
[2010/12/19 23:31:55 | 000,025,600 | -H-- | C] () -- C:\Users\BIG T\AppData\Roaming\MBSVersionPlugin3581.dll
[2010/12/07 16:57:56 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/07 16:19:59 | 000,316,416 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/12/07 15:51:27 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/12/07 15:50:22 | 002,751,488 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/12/07 15:50:12 | 000,461,824 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/12/07 15:50:11 | 000,179,712 | ---- | C] () -- C:\Windows\SysNative\srvsvc.dll
[2010/12/07 15:50:11 | 000,175,104 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/12/07 15:50:11 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2010/12/07 15:50:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\sscore.dll
[2010/12/07 15:50:09 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/12/07 15:49:25 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/12/07 15:49:22 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/12/07 15:48:57 | 009,257,472 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/12/07 15:48:55 | 012,474,368 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/12/07 15:48:50 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/12/07 15:48:50 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/12/07 15:48:50 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2010/12/07 15:48:49 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/12/07 15:48:49 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2010/12/07 15:48:47 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2010/12/07 15:48:45 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/12/07 15:48:45 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/12/07 15:48:44 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/12/07 15:48:44 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/12/07 15:48:43 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/12/07 15:48:43 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/12/07 15:48:42 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/12/07 15:48:42 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/12/07 15:48:42 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/12/07 15:48:41 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/12/07 15:48:41 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/12/07 15:48:38 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/12/07 15:48:38 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/12/07 15:48:35 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/12/07 15:48:35 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/07 15:48:34 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/12/07 15:48:04 | 013,425,152 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/12/07 15:47:28 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/12/07 15:45:52 | 001,923,584 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2010/12/07 15:45:45 | 000,633,856 | ---- | C] () -- C:\Windows\SysNative\comctl32.dll
[2010/12/07 15:45:41 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/12/07 15:45:38 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/12/07 15:45:34 | 000,189,952 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/12/07 15:45:14 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/12/07 15:44:35 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/12/07 15:44:30 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/12/07 15:44:27 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/12/07 15:33:49 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/12/07 15:30:21 | 001,090,048 | ---- | C] () -- C:\Windows\SysNative\wmpmde.dll
[2010/09/02 13:18:58 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/02 13:18:49 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/02 13:18:49 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/02 13:18:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/02 13:18:47 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2040.INI
[2010/09/02 13:16:51 | 000,000,249 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/07/02 02:04:59 | 000,000,036 | ---- | C] () -- C:\Users\BIG T\AppData\Local\housecall.guid.cache
[2010/04/10 00:16:43 | 000,003,584 | ---- | C] () -- C:\Users\BIG T\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 15:32:37 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Jazz Kit
[2009/11/16 15:32:37 | 000,000,268 | RH-- | C] () -- C:\Users\BIG T\AppData\Roaming\Internet Plug-Ins
[2009/11/16 15:32:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/08/28 17:34:23 | 000,000,000 | ---- | C] () -- C:\Users\BIG T\AppData\Local\FnF4.txt
[2009/08/28 16:38:27 | 000,006,002 | ---- | C] () -- C:\ProgramData\fandraft_template.xml
[2008/10/31 16:10:17 | 000,143,096 | ---- | C] () -- C:\Windows\SysWow64\guard32.dll
[2008/10/26 10:40:21 | 000,000,000 | ---- | C] () -- C:\Users\BIG T\AppData\Local\QSwitch.txt
[2008/10/26 10:40:21 | 000,000,000 | ---- | C] () -- C:\Users\BIG T\AppData\Local\DSwitch.txt
[2008/10/26 10:40:21 | 000,000,000 | ---- | C] () -- C:\Users\BIG T\AppData\Local\AtStart.txt
[2008/06/25 03:40:39 | 000,000,731 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/14 15:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll

========== LOP Check ==========

[2010/07/03 11:03:29 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\Amazon
[2010/12/19 23:33:13 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\iScreensaver
[2009/11/16 15:34:35 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\Nikon
[2010/07/01 03:13:22 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\ofugwrlsl
[2008/10/26 13:33:58 | 000,000,000 | ---D | M] -- C:\Users\BIG T\AppData\Roaming\Smith Micro
[2010/12/28 20:29:00 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\QuickConnectSupportTask.job
[2010/12/29 19:47:06 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :Files
  C:\Users\BIG T\AppData\Roaming\ofugwrlsl
  
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

==

What do you think of my earlier suggestion?

 

Think I wll take your advice and skip the MBR fix for now.

With regards to the next OTL/RunFix...I ran the fix but did not reboot. Notepad opened with the log, and I immediately got an alarm on COMODO Firewall with the following two messages:

1...Notepad is trying to instal global hook dwmapi.dll This could be malware or a program used for keylogging, screen capturing, or controlling legitimate programs.

2...Notepad.exe is trying to access explorer.exe in memory security considerations. This could be malware.

I hit the BLOCK REQUEST key...

Here is the log that was run (without a reboot):

========== FILES ==========
C:\Users\BIG T\AppData\Roaming\ofugwrlsl folder moved successfully.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.2.18.0 log created on 12292010_211203

Awaiting further instruction...

 

If the MBR is not repaired one way or another, you will continue to have problems. Browser hijacks/re-directs are a symptom of that.

Looks like that folder got removed OK.

What symptoms still exist now?

 

Heh..Heh...Guess I'm still confused about the MBR?

Could you comment on the Firewall alerts I listed...Are they safe to allow?

Everything seems to be back to normal. Able to access all programs,files, perform downloads, and system checks.

 

dwmapi.dll is a legit file on Vista. If you only got the alert from running that script in OTL, I would not worry.
Only thing you need worry about is the MBR.

 

So even a System restore, to the original factory settings may not take care of the MBR? Guess we need to knock that Bad-Boy out then...Let's do it!

 

Ok.

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see (HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

 

Sorry Disregard.

 

-Burned Disk
-Set Computer to Boot from disk first

Following Error:

"Can't open CD Driver CDRCACH
SHSUCDX Can't Install

ERRROR: Failure loading; unable to find CD-ROM Drive!
ERROR: Please reboot

 

Not sure what is going on there . Sounds like there is some sort of driver issue there.

Try this instead:

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
• After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

BootKit Log Part 1 of 2

.\debug.cpp(238) : Debug log started at 30.12.2010 - 07:13:45
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6001), 64-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x02462000 0x00518000 "\SystemRoot\system32\ntoskrnl.exe "
.\debug.cpp(256) : 0x0241c000 0x00046000 "\SystemRoot\system32\hal.dll "
.\debug.cpp(256) : 0x00605000 0x0000a000 "\SystemRoot\system32\kdcom.dll "
.\debug.cpp(256) : 0x0060f000 0x0002d000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll "
.\debug.cpp(256) : 0x0063c000 0x00014000 "\SystemRoot\system32\PSHED.dll "
.\debug.cpp(256) : 0x00650000 0x0005d000 "\SystemRoot\system32\CLFS.SYS "
.\debug.cpp(256) : 0x006ad000 0x000b2000 "\SystemRoot\system32\CI.dll "
.\debug.cpp(256) : 0x00803000 0x000da000 "\SystemRoot\system32\drivers\Wdf01000.sys "
.\debug.cpp(256) : 0x008dd000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS "
.\debug.cpp(256) : 0x008eb000 0x00056000 "\SystemRoot\system32\drivers\acpi.sys "
.\debug.cpp(256) : 0x00941000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS "
.\debug.cpp(256) : 0x0094a000 0x0000a000 "\SystemRoot\system32\drivers\msisadrv.sys "
.\debug.cpp(256) : 0x00954000 0x00030000 "\SystemRoot\system32\drivers\pci.sys "
.\debug.cpp(256) : 0x00984000 0x00009000 "\SystemRoot\system32\drivers\isapnp.sys "
.\debug.cpp(256) : 0x0098d000 0x00022000 "\SystemRoot\system32\drivers\mpio.sys "
.\debug.cpp(256) : 0x009af000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys "
.\debug.cpp(256) : 0x009c4000 0x00004000 "\SystemRoot\system32\DRIVERS\compbatt.sys "
.\debug.cpp(256) : 0x009c8000 0x0000c000 "\SystemRoot\system32\DRIVERS\BATTC.SYS "
.\debug.cpp(256) : 0x009d4000 0x00014000 "\SystemRoot\system32\drivers\volmgr.sys "
.\debug.cpp(256) : 0x0075f000 0x00066000 "\SystemRoot\System32\drivers\volmgrx.sys "
.\debug.cpp(256) : 0x009e8000 0x00008000 "\SystemRoot\system32\drivers\intelide.sys "
.\debug.cpp(256) : 0x009f0000 0x00010000 "\SystemRoot\system32\drivers\PCIIDEX.SYS "
.\debug.cpp(256) : 0x007c5000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys "
.\debug.cpp(256) : 0x007cc000 0x00007000 "\SystemRoot\system32\drivers\aliide.sys "
.\debug.cpp(256) : 0x007d3000 0x00007000 "\SystemRoot\system32\drivers\amdide.sys "
.\debug.cpp(256) : 0x007da000 0x00008000 "\SystemRoot\system32\drivers\cmdide.sys "
.\debug.cpp(256) : 0x007e2000 0x00013000 "\SystemRoot\System32\drivers\mountmgr.sys "
.\debug.cpp(256) : 0x00a01000 0x0001e000 "\SystemRoot\system32\drivers\msdsm.sys "
.\debug.cpp(256) : 0x00a1f000 0x00023000 "\SystemRoot\system32\drivers\nvraid.sys "
.\debug.cpp(256) : 0x00a42000 0x0002c000 "\SystemRoot\system32\drivers\CLASSPNP.SYS "
.\debug.cpp(256) : 0x00a6e000 0x00008000 "\SystemRoot\system32\drivers\viaide.sys "
.\debug.cpp(256) : 0x00a76000 0x000c7000 "\SystemRoot\system32\drivers\iastorv.sys "
.\debug.cpp(256) : 0x00b3d000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys "
.\debug.cpp(256) : 0x00b45000 0x00024000 "\SystemRoot\system32\drivers\ataport.SYS "
.\debug.cpp(256) : 0x00b69000 0x0001e000 "\SystemRoot\system32\drivers\lsi_scsi.sys "
.\debug.cpp(256) : 0x00b87000 0x0005d000 "\SystemRoot\system32\drivers\storport.sys "
.\debug.cpp(256) : 0x00be4000 0x00010000 "\SystemRoot\system32\drivers\nvstor.sys "
.\debug.cpp(256) : 0x00bf4000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys "
.\debug.cpp(256) : 0x00c09000 0x0000e000 "\SystemRoot\system32\drivers\hpcisss.sys "
.\debug.cpp(256) : 0x00c17000 0x00079000 "\SystemRoot\system32\drivers\adp94xx.sys "
.\debug.cpp(256) : 0x00c90000 0x00056000 "\SystemRoot\system32\drivers\adpahci.sys "
.\debug.cpp(256) : 0x00ce6000 0x00021000 "\SystemRoot\system32\drivers\adpu160m.sys "
.\debug.cpp(256) : 0x00d07000 0x0002e000 "\SystemRoot\system32\drivers\SCSIPORT.SYS "
.\debug.cpp(256) : 0x00d35000 0x0002f000 "\SystemRoot\system32\drivers\adpu320.sys "
.\debug.cpp(256) : 0x00d64000 0x00018000 "\SystemRoot\system32\drivers\djsvs.sys "
.\debug.cpp(256) : 0x00d7c000 0x00019000 "\SystemRoot\system32\drivers\arc.sys "
.\debug.cpp(256) : 0x00d95000 0x00019000 "\SystemRoot\system32\drivers\arcsas.sys "
.\debug.cpp(256) : 0x00e01000 0x000a3000 "\SystemRoot\system32\drivers\elxstor.sys "
.\debug.cpp(256) : 0x00ea4000 0x0000b000 "\SystemRoot\system32\drivers\i2omp.sys "
.\debug.cpp(256) : 0x00eaf000 0x00011000 "\SystemRoot\system32\drivers\iirsp.sys "
.\debug.cpp(256) : 0x00ec0000 0x0000d000 "\SystemRoot\system32\drivers\iteatapi.sys "
.\debug.cpp(256) : 0x00ecd000 0x0000d000 "\SystemRoot\system32\drivers\iteraid.sys "
.\debug.cpp(256) : 0x00eda000 0x0001e000 "\SystemRoot\system32\drivers\lsi_fc.sys "
.\debug.cpp(256) : 0x00ef8000 0x0001c000 "\SystemRoot\system32\drivers\lsi_sas.sys "
.\debug.cpp(256) : 0x00f14000 0x0000c000 "\SystemRoot\system32\drivers\megasas.sys "
.\debug.cpp(256) : 0x00f20000 0x000c7000 "\SystemRoot\system32\drivers\megasr.sys "
.\debug.cpp(256) : 0x00fe7000 0x0000d000 "\SystemRoot\system32\drivers\mraid35x.sys "
.\debug.cpp(256) : 0x00dae000 0x00010000 "\SystemRoot\system32\drivers\nfrd960.sys "
.\debug.cpp(256) : 0x0100e000 0x00152000 "\SystemRoot\system32\drivers\ql2300.sys "
.\debug.cpp(256) : 0x01160000 0x0005e000 "\SystemRoot\system32\drivers\ql40xx.sys "
.\debug.cpp(256) : 0x011be000 0x0000e000 "\SystemRoot\system32\drivers\sisraid2.sys "
.\debug.cpp(256) : 0x011cc000 0x00016000 "\SystemRoot\system32\drivers\sisraid4.sys "
.\debug.cpp(256) : 0x011e2000 0x0000e000 "\SystemRoot\system32\drivers\symc8xx.sys "
.\debug.cpp(256) : 0x011f0000 0x0000d000 "\SystemRoot\system32\drivers\sym_hi.sys "
.\debug.cpp(256) : 0x01000000 0x0000e000 "\SystemRoot\system32\drivers\sym_u3.sys "
.\debug.cpp(256) : 0x01204000 0x00049000 "\SystemRoot\system32\drivers\uliahci.sys "
.\debug.cpp(256) : 0x0124d000 0x0002f000 "\SystemRoot\system32\drivers\ulsata.sys "
.\debug.cpp(256) : 0x0127c000 0x00042000 "\SystemRoot\system32\drivers\ulsata2.sys "
.\debug.cpp(256) : 0x012be000 0x00027000 "\SystemRoot\system32\drivers\vsmraid.sys "
.\debug.cpp(256) : 0x012e5000 0x00046000 "\SystemRoot\system32\drivers\fltmgr.sys "
.\debug.cpp(256) : 0x0132b000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys "
.\debug.cpp(256) : 0x0133f000 0x00079000 "\SystemRoot\system32\DRIVERS\CMGShCEF.sys "
.\debug.cpp(256) : 0x013b8000 0x00047000 "\SystemRoot\system32\DRIVERS\CmgCrypt.SYS "
.\debug.cpp(256) : 0x01404000 0x00087000 "\SystemRoot\System32\Drivers\ksecdd.sys "
.\debug.cpp(256) : 0x0160e000 0x001c3000 "\SystemRoot\system32\drivers\ndis.sys "
.\debug.cpp(256) : 0x0148b000 0x00050000 "\SystemRoot\system32\drivers\msrpc.sys "
.\debug.cpp(256) : 0x014db000 0x00058000 "\SystemRoot\system32\drivers\NETIO.SYS "
.\debug.cpp(256) : 0x01800000 0x00174000 "\SystemRoot\System32\drivers\tcpip.sys "
.\debug.cpp(256) : 0x01974000 0x0002c000 "\SystemRoot\System32\drivers\fwpkclnt.sys "
.\debug.cpp(256) : 0x01a0f000 0x00184000 "\SystemRoot\System32\Drivers\Ntfs.sys "
.\debug.cpp(256) : 0x01b93000 0x00008000 "\SystemRoot\system32\drivers\wd.sys "
.\debug.cpp(256) : 0x01b9b000 0x00044000 "\SystemRoot\system32\drivers\volsnap.sys "
.\debug.cpp(256) : 0x01bdf000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys "
.\debug.cpp(256) : 0x01be7000 0x00019000 "\SystemRoot\system32\drivers\sbp2port.sys "
.\debug.cpp(256) : 0x019a0000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys "
.\debug.cpp(256) : 0x019b2000 0x0002c000 "\SystemRoot\System32\drivers\ecache.sys "
.\debug.cpp(256) : 0x01a00000 0x0000a000 "\SystemRoot\system32\DRIVERS\hpdskflt.sys "
.\debug.cpp(256) : 0x019de000 0x00014000 "\SystemRoot\system32\drivers\disk.sys "
.\debug.cpp(256) : 0x019f2000 0x0000a000 "\SystemRoot\system32\drivers\crcdisk.sys "
.\debug.cpp(256) : 0x01600000 0x0000c000 "\SystemRoot\system32\DRIVERS\tunnel.sys "
.\debug.cpp(256) : 0x01533000 0x00013000 "\SystemRoot\system32\DRIVERS\intelppm.sys "
.\debug.cpp(256) : 0x01a0a000 0x00005000 "\SystemRoot\system32\DRIVERS\CmBatt.sys "
.\debug.cpp(256) : 0x02a04000 0x0078c000 "\SystemRoot\system32\DRIVERS\igdkmd64.sys "
.\debug.cpp(256) : 0x03403000 0x000df000 "\SystemRoot\System32\drivers\dxgkrnl.sys "
.\debug.cpp(256) : 0x034e2000 0x0000f000 "\SystemRoot\System32\drivers\watchdog.sys "
.\debug.cpp(256) : 0x034f1000 0x0000c000 "\SystemRoot\system32\DRIVERS\usbuhci.sys "
.\debug.cpp(256) : 0x034fd000 0x00046000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS "
.\debug.cpp(256) : 0x03543000 0x00011000 "\SystemRoot\system32\DRIVERS\usbehci.sys "
.\debug.cpp(256) : 0x03554000 0x00013000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys "
.\debug.cpp(256) : 0x03607000 0x00492000 "\SystemRoot\system32\DRIVERS\NETw5v64.sys "
.\debug.cpp(256) : 0x03a99000 0x0002b000 "\SystemRoot\system32\DRIVERS\Rtlh64.sys "
.\debug.cpp(256) : 0x03ac4000 0x00027000 "\SystemRoot\system32\DRIVERS\jmcr.sys "
.\debug.cpp(256) : 0x03aeb000 0x00016000 "\SystemRoot\system32\DRIVERS\i8042prt.sys "
.\debug.cpp(256) : 0x03b01000 0x0000c000 "\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys "
.\debug.cpp(256) : 0x03b0d000 0x0000e000 "\SystemRoot\system32\DRIVERS\kbdclass.sys "
.\debug.cpp(256) : 0x03b1b000 0x00034000 "\SystemRoot\system32\DRIVERS\Apfiltr.sys "
.\debug.cpp(256) : 0x03b4f000 0x0000c000 "\SystemRoot\system32\DRIVERS\mouclass.sys "
.\debug.cpp(256) : 0x03b5b000 0x0001c000 "\SystemRoot\system32\DRIVERS\cdrom.sys "
.\debug.cpp(256) : 0x03b77000 0x0000d000 "\SystemRoot\system32\DRIVERS\Accelerometer.sys "
.\debug.cpp(256) : 0x03b84000 0x0001c000 "\SystemRoot\system32\DRIVERS\enecir.sys "
.\debug.cpp(256) : 0x03ba0000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys "
.\debug.cpp(256) : 0x03ba9000 0x00007000 "\SystemRoot\system32\DRIVERS\rcmirror.sys "
.\debug.cpp(256) : 0x03bb0000 0x00025000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS "
.\debug.cpp(256) : 0x03567000 0x00038000 "\SystemRoot\system32\DRIVERS\msiscsi.sys "
.\debug.cpp(256) : 0x03bd5000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS "
.\debug.cpp(256) : 0x0359f000 0x00023000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys "
.\debug.cpp(256) : 0x03be2000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys "
.\debug.cpp(256) : 0x035c2000 0x00031000 "\SystemRoot\system32\DRIVERS\ndiswan.sys "
.\debug.cpp(256) : 0x03bee000 0x00010000 "\SystemRoot\system32\DRIVERS\raspppoe.sys "
.\debug.cpp(256) : 0x03190000 0x0001e000 "\SystemRoot\system32\DRIVERS\raspptp.sys "
.\debug.cpp(256) : 0x031ae000 0x00018000 "\SystemRoot\system32\DRIVERS\rassstp.sys "
.\debug.cpp(256) : 0x031c6000 0x00018000 "\SystemRoot\system32\DRIVERS\inspect.sys "
.\debug.cpp(256) : 0x031de000 0x00012000 "\SystemRoot\system32\DRIVERS\termdd.sys "
.\debug.cpp(256) : 0x03bfe000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys "
.\debug.cpp(256) : 0x01546000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys "
.\debug.cpp(256) : 0x0157a000 0x00011000 "\SystemRoot\system32\DRIVERS\circlass.sys "
.\debug.cpp(256) : 0x035f3000 0x0000b000 "\SystemRoot\system32\DRIVERS\mssmbios.sys "
.\debug.cpp(256) : 0x031f0000 0x00010000 "\SystemRoot\system32\DRIVERS\umbus.sys "
.\debug.cpp(256) : 0x0158b000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys "
.\debug.cpp(256) : 0x01599000 0x00047000 "\SystemRoot\system32\DRIVERS\usbhub.sys "
.\debug.cpp(256) : 0x015e0000 0x00014000 "\SystemRoot\System32\Drivers\NDProxy.SYS "
.\debug.cpp(256) : 0x17a04000 0x0007b000 "\SystemRoot\system32\DRIVERS\stwrt64.sys "
.\debug.cpp(256) : 0x17a7f000 0x0003b000 "\SystemRoot\system32\DRIVERS\portcls.sys "
.\debug.cpp(256) : 0x17aba000 0x00023000 "\SystemRoot\system32\DRIVERS\drmk.sys "
.\debug.cpp(256) : 0x17add000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys "
.\debug.cpp(256) : 0x17c09000 0x0013c000 "\SystemRoot\system32\DRIVERS\agrsm64.sys "
.\debug.cpp(256) : 0x17d45000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS "
.\debug.cpp(256) : 0x17d47000 0x0000f000 "\SystemRoot\system32\drivers\modem.sys "
.\debug.cpp(256) : 0x17d56000 0x00025000 "\SystemRoot\system32\drivers\IntcHdmi.sys "
.\debug.cpp(256) : 0x17d7b000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidir.sys "
.\debug.cpp(256) : 0x17d86000 0x00012000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS "
.\debug.cpp(256) : 0x17d98000 0x00008000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS "
.\debug.cpp(256) : 0x17da0000 0x0000a000 "\SystemRoot\system32\DRIVERS\kbdhid.sys "
.\debug.cpp(256) : 0x17daa000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys "
.\debug.cpp(256) : 0x17db5000 0x00013000 "\SystemRoot\system32\DRIVERS\monitor.sys "
.\debug.cpp(256) : 0x17dc8000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys "
.\debug.cpp(256) : 0x17dd1000 0x0001c000 "\SystemRoot\system32\DRIVERS\usbccgp.sys "
.\debug.cpp(256) : 0x17ae3000 0x0002a000 "\SystemRoot\System32\Drivers\usbvideo.sys "
.\debug.cpp(256) : 0x17b0d000 0x0001b000 "\SystemRoot\System32\DRIVERS\cmdguard.sys "
.\debug.cpp(256) : 0x17ded000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS "
.\debug.cpp(256) : 0x17df7000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS "
.\debug.cpp(256) : 0x17c00000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys "
.\debug.cpp(256) : 0x17b28000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys "
.\debug.cpp(256) : 0x17b31000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS "
.\debug.cpp(256) : 0x17b3c000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS "
.\debug.cpp(256) : 0x17b4d000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys "
.\debug.cpp(256) : 0x17b56000 0x0001d000 "\SystemRoot\system32\DRIVERS\tdx.sys "
.\debug.cpp(256) : 0x17b73000 0x0000a000 "\SystemRoot\System32\DRIVERS\cmdhlp.sys "
.\debug.cpp(256) : 0x17b7d000 0x0001b000 "\SystemRoot\system32\DRIVERS\smb.sys "
.\debug.cpp(256) : 0x17b98000 0x00010000 "\SystemRoot\System32\Drivers\aswTdi.SYS "
.\debug.cpp(256) : 0x17e0f000 0x0006d000 "\SystemRoot\system32\drivers\afd.sys "
.\debug.cpp(256) : 0x17e7c000 0x00009000 "\SystemRoot\System32\Drivers\aswRdr.SYS "
.\debug.cpp(256) : 0x17e85000 0x00044000 "\SystemRoot\System32\DRIVERS\netbt.sys "
.\debug.cpp(256) : 0x17ec9000 0x0001e000 "\SystemRoot\system32\DRIVERS\pacer.sys "
.\debug.cpp(256) : 0x17ee7000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys "
.\debug.cpp(256) : 0x17ef6000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys "
.\debug.cpp(256) : 0x17f11000 0x0004e000 "\SystemRoot\system32\DRIVERS\rdbss.sys "
.\debug.cpp(256) : 0x17f5f000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys "
.\debug.cpp(256) : 0x17f6b000 0x0001d000 "\SystemRoot\System32\Drivers\dfsc.sys "
.\debug.cpp(256) : 0x17f88000 0x0001c000 "\SystemRoot\System32\Drivers\aswSP.SYS "
.\debug.cpp(256) : 0x17fa4000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys "
.\debug.cpp(256) : 0x17fb2000 0x0000c000 "\SystemRoot\System32\Drivers\dump_dumpata.sys "
.\debug.cpp(256) : 0x17fbe000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys "
.\debug.cpp(256) : 0x00090000 0x002b4000 "\SystemRoot\System32\win32k.sys "
.\debug.cpp(256) : 0x17fc8000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys "
.\debug.cpp(256) : 0x004c0000 0x0000a000 "\SystemRoot\System32\TSDDD.dll "
.\debug.cpp(256) : 0x00600000 0x00011000 "\SystemRoot\System32\cdd.dll "
.\debug.cpp(256) : 0x17fd4000 0x00022000 "\SystemRoot\system32\drivers\luafv.sys "
.\debug.cpp(256) : 0x17ba8000 0x0001a000 "\SystemRoot\system32\DRIVERS\aswMonFlt.sys "
.\debug.cpp(256) : 0x17ff6000 0x00009000 "\SystemRoot\system32\DRIVERS\aswFsBlk.sys "
.\debug.cpp(256) : 0x18e0e000 0x0009a000 "\SystemRoot\system32\drivers\spsys.sys "
.\debug.cpp(256) : 0x18ea8000 0x00014000 "\SystemRoot\system32\DRIVERS\lltdio.sys "
.\debug.cpp(256) : 0x18ebc000 0x00034000 "\SystemRoot\system32\DRIVERS\nwifi.sys "
.\debug.cpp(256) : 0x18ef0000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndisuio.sys "
.\debug.cpp(256) : 0x18efb000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys "
.\debug.cpp(256) : 0x18f13000 0x0009f000 "\SystemRoot\system32\drivers\HTTP.sys "
.\debug.cpp(256) : 0x18fb2000 0x00029000 "\SystemRoot\System32\DRIVERS\srvnet.sys "
.\debug.cpp(256) : 0x18fdb000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys "
.\debug.cpp(256) : 0x17bc2000 0x0001a000 "\SystemRoot\System32\drivers\mpsdrv.sys "
.\debug.cpp(256) : 0x017d1000 0x00029000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys "
.\debug.cpp(256) : 0x19601000 0x00049000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys "
.\debug.cpp(256) : 0x1964a000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys "
.\debug.cpp(256) : 0x19669000 0x00032000 "\SystemRoot\System32\DRIVERS\srv2.sys "
.\debug.cpp(256) : 0x1969b000 0x00096000 "\SystemRoot\System32\DRIVERS\srv.sys "
.\debug.cpp(256) : 0x19731000 0x000b6000 "\SystemRoot\system32\drivers\peauth.sys "
.\debug.cpp(256) : 0x197e7000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS "
.\debug.cpp(256) : 0x17e00000 0x0000f000 "\SystemRoot\System32\drivers\tcpipreg.sys "
.\debug.cpp(256) : 0x17bdc000 0x0001c000 "\SystemRoot\system32\DRIVERS\cdfs.sys "
.\debug.cpp(256) : 0x76f80000 0x00180000 "\Windows\System32\ntdll.dll "
.\debug.cpp(263) :

 

BootKit Log Part 2 of 2

**********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5 "
.\debug.cpp(400) : Destination "\Device\Video4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000005d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C00B#5&388abde9&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col06#2&d6067ab&0&0005#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\000000b1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0 "
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1 "
.\debug.cpp(400) : Destination "\Device\Video0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\00000006 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00B#6&340a079b&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\000000b5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature1E00CD02Offset7E00Length47C28F8200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000063 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000065 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0004#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000068 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0002#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000066 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_09B8&MI_00#6&f5a83c4&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\000000b6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b9900a61-a3a9-11dd-afee-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E: "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000077 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{46F58194-1717-4CA9-ADAD-FE13A4DF3BD8} "
.\debug.cpp(400) : Destination "\Device\NDMP11 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C30F7&REV_1003#4&2ca905b1&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000} "
.\debug.cpp(400) : Destination "\Device\000000a3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched "
.\debug.cpp(400) : Destination "\Device\Psched "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000006b "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature1E00CD02Offset47C2900000Length2C3100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C30F7&REV_1003#4&2ca905b1&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\000000a3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_30F7103C&REV_07#3&e89b380&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000060 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{7951772d-cd50-49b7-b103-2baac494fc57} "
.\debug.cpp(400) : Destination "\Device\0000006d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C137E&REV_1002#4&2ca905b1&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e301f73} "
.\debug.cpp(400) : Destination "\Device\000000a4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000066 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio "
.\debug.cpp(400) : Destination "\Device\Ndisuio "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd "
.\debug.cpp(400) : Destination "\Device\AscKmd "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_09B8&MI_00#6&f5a83c4&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\000000b6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col07#2&d6067ab&0&0006#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\000000b2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0 "
.\debug.cpp(400) : Destination "\Device\CdRom0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00#4&37ba8cc&0&04E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0027 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_30F7103C&REV_03#3&e89b380&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\000000b9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7BF0230D-91B9-4D24-B93A-D9DE27B646A9} "
.\debug.cpp(400) : Destination "\Device\NDMP3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5 "
.\debug.cpp(400) : Destination "\Device\USBFDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000005f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0003#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000067 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&198d4db5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C30F7&REV_1003#4&2ca905b1&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14} "
.\debug.cpp(400) : Destination "\Device\000000a3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_30F7103C&REV_07#3&e89b380&0&10#{1ca05180-a699-450a-9a0c-de4fbe3ddd89} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000076 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1 "
.\debug.cpp(400) : Destination "\Device\USBFDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#DISPLAY#0001#{5b45201d-f2f2-4f3b-85bb-30ff1f953599} "
.\debug.cpp(400) : Destination "\Device\00000007 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{68DB6E38-B6DA-46E4-814B-FA031D72C0A2} "
.\debug.cpp(400) : Destination "\Device\NDMP14 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0001#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000065 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&b6abd8f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth "
.\debug.cpp(400) : Destination "\Device\PEAuth "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice "
.\debug.cpp(400) : Destination "\Device\WMIDataDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{73303DA7-21E2-4E88-8C12-62E7E2C1C126} "
.\debug.cpp(400) : Destination "\Device\NDMP2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_30F7103C&REV_03#3&e89b380&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A01C08D3-0C31-46C4-9D8D-86AA3AE783D5} "
.\debug.cpp(400) : Destination "\Device\NDMP12 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems HDA Modem "
.\debug.cpp(400) : Destination "\Device\000000a4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000#4&2ca905b1&0&0201#{86841137-ed8e-4d97-9975-f2ed56b4430e} "
.\debug.cpp(400) : Destination "\Device\000000a5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6 "
.\debug.cpp(400) : Destination "\Device\Video5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskTOSHIBA_MK3252GSX_______________________LV011C__#5&33b1dbe4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00#4&37ba8cc&0&00E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_30F7103C&REV_03#3&e89b380&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2 "
.\debug.cpp(400) : Destination "\Device\Video1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP "
.\debug.cpp(400) : Destination "\Device\NDMP8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{686F09FA-C184-410F-82E1-68E569F89A45} "
.\debug.cpp(400) : Destination "\Device\NDMP18 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1fac0c02&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC "
.\debug.cpp(400) : Destination "\Device\Mup "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&19cb71af&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp "
.\debug.cpp(400) : Destination "\Device\Tcp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_30F7103C&REV_07#3&e89b380&0&10#{e6dfdc31-31d0-46ac-86af-da1eb05fc599} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice "
.\debug.cpp(400) : Destination "\Device\SpDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD "
.\debug.cpp(400) : Destination "\Device\0000009c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000062 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000069 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN "
.\debug.cpp(400) : Destination "\DosDevices\LPT1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp "
.\debug.cpp(400) : Destination "\Device\WANARP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#4#{629758ee-986e-4d9e-8e47-de27f8ab054d} "
.\debug.cpp(400) : Destination "\Device\00000081 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery "
.\debug.cpp(400) : Destination "\Device\CompositeBattery "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C30F7&REV_1003#4&2ca905b1&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800} "
.\debug.cpp(400) : Destination "\Device\000000a3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface "
.\debug.cpp(400) : Destination "\Device\AGRSM_xface "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR "
.\debug.cpp(400) : Destination "\Device\ASWRDR "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col03#2&d6067ab&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\000000ae "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b9900a5c-a3a9-11dd-afee-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0014#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000068 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\0000006a "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CMGShieldCEF "
.\debug.cpp(400) : Destination "\Device\CMGShieldCEF "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col01#2&d6067ab&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\000000ac "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b9900a5d-a3a9-11dd-afee-806e6f6e6963} "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6 "
.\debug.cpp(400) : Destination "\Device\USBFDO-6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager "
.\debug.cpp(400) : Destination "\Device\MountPointManager "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice "
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2 "
.\debug.cpp(400) : Destination "\Device\USBFDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000005d "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D2AE8352-ECE3-45F7-A112-4A71580C824F} "
.\debug.cpp(400) : Destination "\Device\NDMP10 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000061 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col07#2&d6067ab&0&0006#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\000000b2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col05#2&d6067ab&0&0004#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\000000b0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar "
.\debug.cpp(400) : Destination "\Device\aswSP_Avar "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global "
.\debug.cpp(400) : Destination "\GLOBAL?? "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_30F7103C&REV_03#3&e89b380&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000005e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\0000005f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3938dc2b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY7 "
.\debug.cpp(400) : Destination "\Device\Video6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3 "
.\debug.cpp(400) : Destination "\Device\Video2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C137E&REV_1002#4&2ca905b1&0&0101#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4} "
.\debug.cpp(400) : Destination "\Device\000000a4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8086&DEV_2802&SUBSYS_80860101&REV_1000#4&2ca905b1&0&0201#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b} "
.\debug.cpp(400) : Destination "\Device\000000a5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3: "
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col05#2&d6067ab&0&0004#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\000000b0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip "
.\debug.cpp(400) : Destination "\Device\nativewifip "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG: "
.\debug.cpp(400) : Destination "\clfs "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col04#2&d6067ab&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\000000af "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a} "
.\debug.cpp(400) : Destination "\Device\00000079 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#3#{629758ee-986e-4d9e-8e47-de27f8ab054d} "
.\debug.cpp(400) : Destination "\Device\00000080 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MPIOControl "
.\debug.cpp(400) : Destination "\Device\MPIOControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E5308193-5C72-4971-97F1-FE01F1BE2197} "
.\debug.cpp(400) : Destination "\Device\NDMP4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_30F7103C&REV_02#4&ae83a0d&0&00E3#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col02#2&d6067ab&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\000000ad "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMonFltProxy "
.\debug.cpp(400) : Destination "\Device\aswMonFltProxy "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&19cb71af&0&5#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#HPQ0004#3&e89b380&0#{dd2a6682-735e-4e8e-8a59-d9dccf1ebece} "
.\debug.cpp(400) : Destination "\Device\00000087 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr "
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH "
.\debug.cpp(400) : Destination "\Device\NDMP7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C30F7&REV_1003#4&2ca905b1&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\000000a3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&22f41a56&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000091 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT "
.\debug.cpp(400) : Destination "\Device\MailSlot "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI "
.\debug.cpp(400) : Destination "\Device\ASWTDI "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl "
.\debug.cpp(400) : Destination "\Device\VolMgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&19cb71af&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000070 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_30F7103C&REV_03#3&e89b380&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000061 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&307e77f6&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{31A3A943-76BA-4031-AE95-D5D6E9CBA643} "
.\debug.cpp(400) : Destination "\Device\NDMP15 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6 "
.\debug.cpp(400) : Destination "\Device\WANARPV6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\cmdGuard "
.\debug.cpp(400) : Destination "\Device\cmdGuard "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#1#{629758ee-986e-4d9e-8e47-de27f8ab054d} "
.\debug.cpp(400) : Destination "\Device\0000007e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000001 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap "
.\debug.cpp(400) : Destination "\Device\FsWrap "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi "
.\debug.cpp(400) : Destination "\Device\Nsi "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000086 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#2#{629758ee-986e-4d9e-8e47-de27f8ab054d} "
.\debug.cpp(400) : Destination "\Device\0000007f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#8#{629758ee-986e-4d9e-8e47-de27f8ab054d} "
.\debug.cpp(400) : Destination "\Device\00000085 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7 "
.\debug.cpp(400) : Destination "\Device\USBFDO-7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C8BE8EED-3152-4A06-BFA6-1433AF5DDE0D} "
.\debug.cpp(400) : Destination "\Device\NDMP17 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C30F7&REV_1003#4&2ca905b1&0&0001#{cb0b7def-63d0-44d6-bcd7-a5e6d1f8b362} "
.\debug.cpp(400) : Destination "\Device\000000a3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL0133#4&1a99b422&0&UID67568640#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7} "
.\debug.cpp(400) : Destination "\Device\0000009c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col08#2&d6067ab&0&0007#{4d1e55b2-f16f-11cf-88cb-001111000030} "
.\debug.cpp(400) : Destination "\Device\000000b3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000075 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3C832789-1CB7-4AC5-8482-01E61FC74FED} "
.\debug.cpp(400) : Destination "\Device\NDMP5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3 "
.\debug.cpp(400) : Destination "\Device\USBFDO-3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_30F7103C&REV_03#3&e89b380&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{82B2FBFD-8DCC-4547-8923-CAFDD6BF8A29} "
.\debug.cpp(400) : Destination "\Device\NDMP16 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv "
.\debug.cpp(400) : Destination "\Device\Secdrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f} "
.\debug.cpp(400) : Destination "\Device\0000006f "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Inspect "
.\debug.cpp(400) : Destination "\Device\Inspect "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633L________________0400____#5&20f82b3f&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C30F7&REV_1003#4&2ca905b1&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d} "
.\debug.cpp(400) : Destination "\Device\000000a3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C30F7&REV_1003#4&2ca905b1&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f} "
.\debug.cpp(400) : Destination "\Device\000000a3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0013#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_30F7103C&REV_03#3&e89b380&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3 "
.\debug.cpp(400) : Destination "\Device\AgereModem5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\cmdhlp "
.\debug.cpp(400) : Destination "\Device\cmdhlp "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice "
.\debug.cpp(400) : Destination "\Device\NXTIPSEC "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857} "
.\debug.cpp(400) : Destination "\Device\00000078 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4 "
.\debug.cpp(400) : Destination "\Device\Video3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8F40FDFC-51B7-4EE3-9529-431D559884BA} "
.\debug.cpp(400) : Destination "\Device\NDMP6 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C00B#6&340a079b&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\000000b5 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv "
.\debug.cpp(400) : Destination "\Device\SstpDrv "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#6#{629758ee-986e-4d9e-8e47-de27f8ab054d} "
.\debug.cpp(400) : Destination "\Device\00000083 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&19cb71af&0&4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{029B3E06-ACEB-4BD5-A6E5-F35535200B19} "
.\debug.cpp(400) : Destination "\Device\NDMP1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4237&SUBSYS_12118086&REV_00#4&1254cb4e&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ENE0100#3&e89b380&0#{064f8c82-77b2-445e-b85d-c4e20f942fe1} "
.\debug.cpp(400) : Destination "\Device\00000088 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev "
.\debug.cpp(400) : Destination "\Device\WFP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633L________________0400____#5&20f82b3f&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#7#{629758ee-986e-4d9e-8e47-de27f8ab054d} "
.\debug.cpp(400) : Destination "\Device\00000084 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000060 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000062 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&253c7470&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-2 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS "
.\debug.cpp(400) : Destination "\Device\Ndis "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle "
.\debug.cpp(400) : Destination "\Device\WfpAle "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice "
.\debug.cpp(400) : Destination "\Device\MPS "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl "
.\debug.cpp(400) : Destination "\Device\PartmgrControl "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4237&SUBSYS_12118086&REV_00#4&1254cb4e&0&00E2#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000005e "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col08#2&d6067ab&0&0007#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\000000b3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE "
.\debug.cpp(400) : Destination "\Device\NamedPipe "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0013#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000002 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00#4&37ba8cc&0&03E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_30F7103C&REV_03#3&e89b380&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP "
.\debug.cpp(400) : Destination "\Device\aswSP "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT "
.\debug.cpp(400) : Destination " "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Apfiltr "
.\debug.cpp(400) : Destination "\Device\Apfiltr "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C: "
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6 "
.\debug.cpp(400) : Destination "\Device\NDMP9 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0005#{cac88484-7515-4c03-82e6-71a87abac361} "
.\debug.cpp(400) : Destination "\Device\00000069 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\0000006c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_09B8#5&1f2fc82a&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} "
.\debug.cpp(400) : Destination "\Device\USBPDO-8 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL0133#4&1a99b422&0&UID67568640#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8} "
.\debug.cpp(400) : Destination "\Device\0000009c "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX "
.\debug.cpp(400) : Destination "\DosDevices\COM1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi7: "
.\debug.cpp(400) : Destination "\Device\Scsi\JMCR4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C32#5#{629758ee-986e-4d9e-8e47-de27f8ab054d} "
.\debug.cpp(400) : Destination "\Device\00000082 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EneCirIndexIoInterface "
.\debug.cpp(400) : Destination "\Device\EneCirIndexIoInterface "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8136&SUBSYS_30F7103C&REV_02#4&ae83a0d&0&00E3#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\00000008 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_EM64T_Family_6_Model_23#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000073 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_111D&DEV_76B2&SUBSYS_103C30F7&REV_1003#4&2ca905b1&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196} "
.\debug.cpp(400) : Destination "\Device\000000a3 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL "
.\debug.cpp(400) : Destination "\Device\Null "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AUI0216#4&22f41a56&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\00000092 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00#4&37ba8cc&0&02E4#{2accfe60-c130-11d2-b082-00a0c91efb8b} "
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4 "
.\debug.cpp(400) : Destination "\Device\USBFDO-4 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#NT_INSPECTMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000067 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#IrDevice&Col06#2&d6067ab&0&0005#{884b96c3-56ef-11d1-bc8c-00a0c91405dd} "
.\debug.cpp(400) : Destination "\Device\000000b1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} "
.\debug.cpp(400) : Destination "\Device\00000063 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_EM64T_Family_6_Model_23#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0} "
.\debug.cpp(400) : Destination "\Device\00000072 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3063e15&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-1 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1c386ff&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8} "
.\debug.cpp(400) : Destination "\Device\USBPDO-7 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi8: "
.\debug.cpp(400) : Destination "\Device\RaidPort0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan "
.\debug.cpp(400) : Destination "\Device\NdisWan "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0 "
.\debug.cpp(400) : Destination "\Device\USBFDO-0 "
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A87C2E0F-9A46-46b8-8EC4-E33355FBE1F7}#KeyboardFilter#5&7da642c&0&01#{3569dbe5-fa4f-4e7e-96ec-540202073739} "
.\debug.cpp(400) : Destination "\Device\00000098 "
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 2404788b716b45266811c1294c3c975c
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 298 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;

 

Open Notepad
Copy and paste following text into Notepad:

Code:

@ECHO OFF
START remover.exe fix \\.\PhysicalDrive0
EXIT

Go FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.bat.
Save fix.bat to your Desktop.

Run fix.bat by double clicking.
You may see a black box appear; this is normal.

When done, run remover.exe again and post its output.

 

Got the following ERROR message when I ran fix.bat:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Restoring boot code at \\.\PhysicalDrive0...
ATA_Write(): DeviceIoControl() ERROR 1
ERROR: Can't write first sector of the disk.

Done;
Press any key to quit...

 

Try this then. I may have already asked you to download it, but I'll just repeat it .

Download MBRCheck to your desktop

Run MBRCheck.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 3 for Windows VISTA, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot and run MBRCheck again and post that log.