jb30284

Thanks for everything.

It looks like everything is back to normal. Thanks for the help.

ok will do.

ok. So what do I need to do now, just wait?

I really dont know..... it happens so randomly before... On another note, how in the hell did I get this thing on my computer in the first place, and how do I keep it from getting on again?

Ok this is what I got: .\debug.cpp(238) : Debug log started at 06.12.2010 - 18:23:42 .\boot_cleaner.cpp(527) : Bootkit Remover .\boot_cleaner.cpp(528) : © 2009 eSage Lab .\boot_cleaner.cpp(529) : www.esagelab.com .\boot_cleaner.cpp(533) : Program version: 1.2.0.0 .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600) .\debug.cpp(248) : ********************************************** .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] *********** .\debug.cpp(250) : ********************************************** .\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe" .\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll" .\debug.cpp(256) : 0xf7b1b000 0x00002000 "\WINDOWS\system32\KDCOM.DLL" .\debug.cpp(256) : 0xf7a2b000 0x00003000 "\WINDOWS\system32\BOOTVID.dll" .\debug.cpp(256) : 0xf74ec000 0x0002e000 "ACPI.sys" .\debug.cpp(256) : 0xf7b1d000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS" .\debug.cpp(256) : 0xf74db000 0x00011000 "pci.sys" .\debug.cpp(256) : 0xf761b000 0x0000a000 "isapnp.sys" .\debug.cpp(256) : 0xf7be3000 0x00001000 "pciide.sys" .\debug.cpp(256) : 0xf789b000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS" .\debug.cpp(256) : 0xf7b1f000 0x00002000 "intelide.sys" .\debug.cpp(256) : 0xf762b000 0x0000b000 "MountMgr.sys" .\debug.cpp(256) : 0xf74bc000 0x0001f000 "ftdisk.sys" .\debug.cpp(256) : 0xf7b21000 0x00002000 "dmload.sys" .\debug.cpp(256) : 0xf7496000 0x00026000 "dmio.sys" .\debug.cpp(256) : 0xf78a3000 0x00005000 "PartMgr.sys" .\debug.cpp(256) : 0xf763b000 0x0000d000 "VolSnap.sys" .\debug.cpp(256) : 0xf747e000 0x00018000 "atapi.sys" .\debug.cpp(256) : 0xf7461000 0x0001d000 "viamraid.sys" .\debug.cpp(256) : 0xf7449000 0x00018000 "\WINDOWS\system32\DRIVERS\SCSIPORT.SYS" .\debug.cpp(256) : 0xf764b000 0x00009000 "disk.sys" .\debug.cpp(256) : 0xf765b000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS" .\debug.cpp(256) : 0xf7429000 0x00020000 "fltmgr.sys" .\debug.cpp(256) : 0xf7417000 0x00012000 "sr.sys" .\debug.cpp(256) : 0xf766b000 0x0000a000 "PxHelp20.sys" .\debug.cpp(256) : 0xf7400000 0x00017000 "KSecDD.sys" .\debug.cpp(256) : 0xf73ed000 0x00013000 "WudfPf.sys" .\debug.cpp(256) : 0xf7360000 0x0008d000 "Ntfs.sys" .\debug.cpp(256) : 0xf7333000 0x0002d000 "NDIS.sys" .\debug.cpp(256) : 0xf7319000 0x0001a000 "Mup.sys" .\debug.cpp(256) : 0xf77fb000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys" .\debug.cpp(256) : 0xf62c4000 0x007af000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys" .\debug.cpp(256) : 0xf62b0000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS" .\debug.cpp(256) : 0xf794b000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys" .\debug.cpp(256) : 0xf628c000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS" .\debug.cpp(256) : 0xf7953000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys" .\debug.cpp(256) : 0xf6245000 0x00047000 "\SystemRoot\system32\DRIVERS\yk51x86.sys" .\debug.cpp(256) : 0xf5e55000 0x003f0000 "\SystemRoot\system32\drivers\ALCXWDM.SYS" .\debug.cpp(256) : 0xf5e31000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys" .\debug.cpp(256) : 0xf780b000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys" .\debug.cpp(256) : 0xf5e0e000 0x00023000 "\SystemRoot\system32\drivers\ks.sys" .\debug.cpp(256) : 0xf795b000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys" .\debug.cpp(256) : 0xf781b000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys" .\debug.cpp(256) : 0xf7adb000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys" .\debug.cpp(256) : 0xf5dfa000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys" .\debug.cpp(256) : 0xf5d7c000 0x0007e000 "\SystemRoot\system32\drivers\SndTDriverV32.sys" .\debug.cpp(256) : 0xf7cbc000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys" .\debug.cpp(256) : 0xf76ab000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys" .\debug.cpp(256) : 0xf7ae3000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys" .\debug.cpp(256) : 0xf5d65000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys" .\debug.cpp(256) : 0xf76bb000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys" .\debug.cpp(256) : 0xf76cb000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys" .\debug.cpp(256) : 0xf7973000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS" .\debug.cpp(256) : 0xf5d54000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys" .\debug.cpp(256) : 0xf76db000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys" .\debug.cpp(256) : 0xf797b000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys" .\debug.cpp(256) : 0xf7983000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys" .\debug.cpp(256) : 0xf5a24000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys" .\debug.cpp(256) : 0xf76fb000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys" .\debug.cpp(256) : 0xf798b000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys" .\debug.cpp(256) : 0xf7993000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys" .\debug.cpp(256) : 0xf7b4f000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys" .\debug.cpp(256) : 0xf59c6000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys" .\debug.cpp(256) : 0xf7aff000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys" .\debug.cpp(256) : 0xf777b000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS" .\debug.cpp(256) : 0xf782b000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys" .\debug.cpp(256) : 0xf7b69000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS" .\debug.cpp(256) : 0xf7923000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys" .\debug.cpp(256) : 0xf7b73000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS" .\debug.cpp(256) : 0xf7c95000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS" .\debug.cpp(256) : 0xf7b75000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS" .\debug.cpp(256) : 0xf79ab000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS" .\debug.cpp(256) : 0xf79bb000 0x00006000 "\SystemRoot\System32\drivers\vga.sys" .\debug.cpp(256) : 0xf7b77000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS" .\debug.cpp(256) : 0xf7b79000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys" .\debug.cpp(256) : 0xf79c3000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS" .\debug.cpp(256) : 0xf79d3000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS" .\debug.cpp(256) : 0xf7b0f000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys" .\debug.cpp(256) : 0xf378a000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys" .\debug.cpp(256) : 0xf3731000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys" .\debug.cpp(256) : 0xf3709000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys" .\debug.cpp(256) : 0xf36e3000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys" .\debug.cpp(256) : 0xf779b000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys" .\debug.cpp(256) : 0xf36c1000 0x00022000 "\SystemRoot\System32\drivers\afd.sys" .\debug.cpp(256) : 0xf77ab000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys" .\debug.cpp(256) : 0xf79db000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys" .\debug.cpp(256) : 0xf3696000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys" .\debug.cpp(256) : 0xf3626000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys" .\debug.cpp(256) : 0xf3801000 0x00003000 "\SystemRoot\System32\Drivers\kbfilter.SYS" .\debug.cpp(256) : 0xf77eb000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS" .\debug.cpp(256) : 0xf79eb000 0x00005000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys" .\debug.cpp(256) : 0xf3603000 0x00023000 "\SystemRoot\system32\DRIVERS\avipbb.sys" .\debug.cpp(256) : 0xf7b7d000 0x00002000 "\??\F:\Program Files\Avira\AntiVir Desktop\avgio.sys" .\debug.cpp(256) : 0xf79f3000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS" .\debug.cpp(256) : 0xf78b3000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys" .\debug.cpp(256) : 0xf6a7b000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys" .\debug.cpp(256) : 0xf776b000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS" .\debug.cpp(256) : 0xf78fb000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys" .\debug.cpp(256) : 0xf7903000 0x00006000 "\SystemRoot\system32\DRIVERS\HPZius12.sys" .\debug.cpp(256) : 0xf7ad7000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys" .\debug.cpp(256) : 0xf792b000 0x00007000 "\SystemRoot\system32\DRIVERS\NuidFltr.sys" .\debug.cpp(256) : 0xf785b000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS" .\debug.cpp(256) : 0xf3560000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys" .\debug.cpp(256) : 0xf7b03000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys" .\debug.cpp(256) : 0xf7933000 0x00006000 "\SystemRoot\system32\DRIVERS\point32.sys" .\debug.cpp(256) : 0xf783b000 0x0000d000 "\SystemRoot\system32\DRIVERS\HPZid412.sys" .\debug.cpp(256) : 0xf37c1000 0x00004000 "\SystemRoot\system32\DRIVERS\HPZipr12.sys" .\debug.cpp(256) : 0xf3548000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys" .\debug.cpp(256) : 0xf7b8d000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS" .\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys" .\debug.cpp(256) : 0xf35eb000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys" .\debug.cpp(256) : 0xf78eb000 0x00005000 "\SystemRoot\System32\watchdog.sys" .\debug.cpp(256) : 0xbd000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys" .\debug.cpp(256) : 0xf7d63000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys" .\debug.cpp(256) : 0xbd012000 0x005a0000 "\SystemRoot\System32\nv4_disp.dll" .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL" .\debug.cpp(256) : 0xb5583000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys" .\debug.cpp(256) : 0xb53c7000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys" .\debug.cpp(256) : 0xb520e000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys" .\debug.cpp(256) : 0xb51d1000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys" .\debug.cpp(256) : 0xb52a3000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys" .\debug.cpp(256) : 0xf7b93000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS" .\debug.cpp(256) : 0xb4e98000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys" .\debug.cpp(256) : 0xb540b000 0x00009000 "\SystemRoot\system32\DRIVERS\ipfltdrv.sys" .\debug.cpp(256) : 0xb4d3f000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys" .\debug.cpp(256) : 0xf7bc7000 0x00002000 "\SystemRoot\System32\Drivers\MCSTRM.SYS" .\debug.cpp(256) : 0xb4c4f000 0x0000a000 "\SystemRoot\system32\DRIVERS\secdrv.sys" .\debug.cpp(256) : 0xf78e3000 0x00005000 "\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS" .\debug.cpp(256) : 0xb3b69000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS" .\debug.cpp(256) : 0xb4ef9000 0x00004000 "\SystemRoot\system32\DRIVERS\asyncmac.sys" .\debug.cpp(256) : 0xb374a000 0x00018000 "\??\C:\WINDOWS\TEMP\uwqiakod.sys" .\debug.cpp(256) : 0xb1023000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys" .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll" .\debug.cpp(263) : ********************************************** .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] *********** .\debug.cpp(308) : ********************************************** .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2658&SUBSYS_26581458&REV_03#3&13c0b0c5&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{91724b42-62aa-11da-a544-806d6172696f}" .\debug.cpp(400) : Destination "\Device\Floppy0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS" .\debug.cpp(400) : Destination "\Device\Ndis" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice" .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:" .\debug.cpp(400) : Destination "\Device\Ide\IdePort1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1" .\debug.cpp(400) : Destination "\Device\Video0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3164&SUBSYS_31641106&REV_06#4&10a6a55&0&30F0#{2accfe60-c130-11d2-b082-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000038" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_00#7&8f147&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000086" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_8604#TH62M1516104K8#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-7" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2" .\debug.cpp(400) : Destination "\Device\Video1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon" .\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000004b" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip" .\debug.cpp(400) : Destination "\Device\Ip" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3" .\debug.cpp(400) : Destination "\Device\Video2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000037" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06a3&Pid_053c#00048494#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-8" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev" .\debug.cpp(400) : Destination "\Device\IPSEC" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio" .\debug.cpp(400) : Destination "\Device\avgio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4" .\debug.cpp(400) : Destination "\Device\Video3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4122D90F-8A29-49E0-A2AA-BD8D3289CD3B}" .\debug.cpp(400) : Destination "\Device\{4122D90F-8A29-49E0-A2AA-BD8D3289CD3B}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\KSENUM#0000000c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY" .\debug.cpp(400) : Destination "\Device\NDProxy" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement" .\debug.cpp(400) : Destination "\Device\ProcessManagement" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col01#7&13390d85&0&0000#{1e0886f0-4876-47fe-b3fd-c9851b2bcff2}" .\debug.cpp(400) : Destination "\Device\00000087" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:" .\debug.cpp(400) : Destination "\Device\Scsi\viamraid1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{70156B52-FF59-491E-84A6-D6D8CF7598AF}" .\debug.cpp(400) : Destination "\Device\{70156B52-FF59-491E-84A6-D6D8CF7598AF}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP" .\debug.cpp(400) : Destination "\Device\PxHelperDevice0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265B&SUBSYS_265A1458&REV_03#3&13c0b0c5&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1" .\debug.cpp(400) : Destination "\Device\ParallelVdm0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000030" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr" .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination "\Device\0000002f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice" .\debug.cpp(400) : Destination "\Device\WMIDataDevice" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature1EE91EE8Offset7E00Length1BF26F0400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&1253a9a1&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\FloppyPDO0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_1207#4950E9#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-5" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1" .\debug.cpp(400) : Destination "\Device\Serial0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt" .\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination "\Device\00000030" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM2" .\debug.cpp(400) : Destination "\Device\Serial1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4FED216D-A191-4BFC-B8B7-F75DFFA21048}" .\debug.cpp(400) : Destination "\Device\{4FED216D-A191-4BFC-B8B7-F75DFFA21048}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE" .\debug.cpp(400) : Destination "\Device\NamedPipe" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000030" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_AE011458&REV_03#3&13c0b0c5&0&F2#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\POINT32FILTER" .\debug.cpp(400) : Destination "\Device\Point32Filter" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9f81ea60-62a9-11da-a5e5-806d6172696f}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC" .\debug.cpp(400) : Destination "\Device\Mup" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched" .\debug.cpp(400) : Destination "\Device\PSched" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col03#7&13390d85&0&0002#{1e0886f0-4876-47fe-b3fd-c9851b2bcff2}" .\debug.cpp(400) : Destination "\Device\00000089" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT" .\debug.cpp(400) : Destination "\Device\IPNAT" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0" .\debug.cpp(400) : Destination "\Device\USBFDO-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\uwqiakod" .\debug.cpp(400) : Destination "\Device\uwqiakod" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000030" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg" .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp" .\debug.cpp(400) : Destination "\Device\Tcp" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FAAD245F-CDE8-43DA-A9BC-082FE7A760C7}" .\debug.cpp(400) : Destination "\Device\{FAAD245F-CDE8-43DA-A9BC-082FE7A760C7}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1" .\debug.cpp(400) : Destination "\Device\USBFDO-1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000040" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPFILTERDRIVER" .\debug.cpp(400) : Destination "\Device\IPFILTERDRIVER" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD" .\debug.cpp(400) : Destination "\Device\VideoPdo0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&b23c43c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2" .\debug.cpp(400) : Destination "\Device\USBFDO-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0" .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_AE011458&REV_03#3&13c0b0c5&0&F2#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN" .\debug.cpp(400) : Destination "\DosDevices\LPT1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265A&SUBSYS_265A1458&REV_03#3&13c0b0c5&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3" .\debug.cpp(400) : Destination "\Device\USBFDO-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\0000003a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1" .\debug.cpp(400) : Destination "\Device\Harddisk1\DR1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MCSTRM" .\debug.cpp(400) : Destination "\Device\MCSTRM" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio" .\debug.cpp(400) : Destination "\Device\sysaudio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap" .\debug.cpp(400) : Destination "\Device\FsWrap" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4" .\debug.cpp(400) : Destination "\Device\USBFDO-4" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3120827AS_____________________________3.42____#5&635e7a3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP3T0L0-22" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination "\Device\0000002e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global" .\debug.cpp(400) : Destination "\GLOBAL??" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\KBFILTER0" .\debug.cpp(400) : Destination "\Device\KBFILTER0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}" .\debug.cpp(400) : Destination "\Device\0000004e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureCA69CA69Offset7E00Length1BF1F18200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\00000064" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0" .\debug.cpp(400) : Destination "\Device\PxHelperDevice0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv" .\debug.cpp(400) : Destination "\Device\Secdrv" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}" .\debug.cpp(400) : Destination "\Device\00000065" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&27392e3a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&10872b3e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination "\Device\00000049" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265C&SUBSYS_50061458&REV_03#3&13c0b0c5&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2659&SUBSYS_26591458&REV_03#3&13c0b0c5&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3120827AS_____________________________3.42____#5&18ef9848&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-17" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col04#7&13390d85&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\0000008a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DC92A35C-0C6A-4620-AB7F-AE9F78220228}" .\debug.cpp(400) : Destination "\Device\{DC92A35C-0C6A-4620-AB7F-AE9F78220228}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002e" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DOT4#Vid_03f0&Pid_8604&MI_01&DOT4&PRINT_HPZ#8&7f8bdab&2&0#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}" .\debug.cpp(400) : Destination "\Device\HPZID412PRINT_HPZ1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination "\Device\00000064" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{98F8601F-2E64-4450-B57A-DEF7C9DEFA2A}" .\debug.cpp(400) : Destination "\Device\{98F8601F-2E64-4450-B57A-DEF7C9DEFA2A}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col01#7&13390d85&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\00000087" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col02#7&13390d85&0&0001#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000088" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&1d12e461&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}" .\debug.cpp(400) : Destination "\Device\Parallel0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_AE011458&REV_03#3&13c0b0c5&0&F2#{6994ad04-93ef-11d0-a3cc-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager" .\debug.cpp(400) : Destination "\Device\MountPointManager" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000036" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl" .\debug.cpp(400) : Destination "\Device\ssmctl" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5CB17815-3DEE-4E44-A170-E15CDD0C9C44}" .\debug.cpp(400) : Destination "\Device\{5CB17815-3DEE-4E44-A170-E15CDD0C9C44}" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32" .\debug.cpp(400) : Destination "\Device\PxHelperDevice0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig" .\debug.cpp(400) : Destination "\Device\DmControl\DmConfig" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MRESP50" .\debug.cpp(400) : Destination "\Device\MRESP50" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp" .\debug.cpp(400) : Destination "\Device\WANARP" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\00000003" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination "\Device\0000002c" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace" .\debug.cpp(400) : Destination "\Device\DmControl\DmTrace" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:" .\debug.cpp(400) : Destination "\Device\Floppy0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&c80c3fc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP" .\debug.cpp(400) : Destination "\Device\NdisWanIp" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}" .\debug.cpp(400) : Destination "\Device\00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col03#7&13390d85&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\00000089" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC" .\debug.cpp(400) : Destination "\Device\ASYNCMAC" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}" .\debug.cpp(400) : Destination "\Device\KSENUM#00000002" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:" .\debug.cpp(400) : Destination "\Device\Ide\IdePort0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO" .\debug.cpp(400) : Destination "\Device\ElbyCDIO" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4320&SUBSYS_E0001458&REV_13#4&10a6a55&0&28F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&40474c7&0#{97f76ef0-f883-11d0-af1f-0000f800845c}" .\debug.cpp(400) : Destination "\Device\00000066" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}" .\debug.cpp(400) : Destination "\Device\00000039" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\0000002f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_AE011458&REV_03#3&13c0b0c5&0&F2#{65e8773e-8f56-11d0-a3b9-00a0c9223196}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1" .\debug.cpp(400) : Destination "\Device\ParTechInc0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3aa33e6c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}" .\debug.cpp(400) : Destination "\Device\USBPDO-0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}" .\debug.cpp(400) : Destination "\Device\00000044" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col02#7&13390d85&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\00000088" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI" .\debug.cpp(400) : Destination "\Device\NdisTapi" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan" .\debug.cpp(400) : Destination "\Device\NdisWan" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd" .\debug.cpp(400) : Destination "\Device\AscKmd" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:" .\debug.cpp(400) : Destination "\Device\Ide\IdePort2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST" .\debug.cpp(400) : Destination "\Device\IPMULTICAST" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1" .\debug.cpp(400) : Destination "\Device\Parallel0" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2" .\debug.cpp(400) : Destination "\Device\ParTechInc1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader" .\debug.cpp(400) : Destination "\Device\DmLoader" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow" .\debug.cpp(400) : Destination "\Device\LanmanRedirector" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_06a3&Pid_053c#6&1c4262ac&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\0000008f" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_045e&Pid_00f9#5&357256dc&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}" .\debug.cpp(400) : Destination "\Device\USBPDO-6" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}" .\debug.cpp(400) : Destination "\Device\00000065" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3" .\debug.cpp(400) : Destination "\Device\ParTechInc2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr" .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0402&SUBSYS_0440196E&REV_A1#4&1657b0f4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}" .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl" .\debug.cpp(400) : Destination "\Device\FtControl" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:" .\debug.cpp(400) : Destination "\Device\HarddiskVolume1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT" .\debug.cpp(400) : Destination "\Device\MailSlot" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_8604&MI_00#6&9715da4&2&0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}" .\debug.cpp(400) : Destination "\Device\00000083" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{dda54a40-1e4c-11d1-a050-405705c10000}" .\debug.cpp(400) : Destination "\Device\0000002d" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX" .\debug.cpp(400) : Destination "\DosDevices\COM1" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{778471a2-62de-11da-b46f-000fea2ce77a}" .\debug.cpp(400) : Destination "\Device\HarddiskVolume2" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT" .\debug.cpp(400) : Destination "" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_00#7&8f147&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}" .\debug.cpp(400) : Destination "\Device\00000086" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio" .\debug.cpp(400) : Destination "\Device\Ndisuio" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000043" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:" .\debug.cpp(400) : Destination "\Device\Ide\IdePort3" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL" .\debug.cpp(400) : Destination "\Device\Null" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}" .\debug.cpp(400) : Destination "\Device\0000004a" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}" .\debug.cpp(400) : Destination "\Device\00000042" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb" .\debug.cpp(400) : Destination "\Device\avipbb" .\debug.cpp(409) : -- .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo" .\debug.cpp(400) : Destination "\Device\DmControl\DmInfo" .\debug.cpp(409) : -- .\debug.cpp(453) : ********************************************** .\boot_cleaner.cpp(565) : System volume is \\.\C: .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 .\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd .\boot_cleaner.cpp(1060) : .\boot_cleaner.cpp(1061) : Size Device Name MBR Status .\boot_cleaner.cpp(1062) : -------------------------------------------- .\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) .\boot_cleaner.cpp(1112) : .\boot_cleaner.cpp(1151) : Done;

Ok I dont have anything to open .rar files with

ok here it is: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x00000025 Kernel Drivers (total 133): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xF7B1B000 \WINDOWS\system32\KDCOM.DLL 0xF7A2B000 \WINDOWS\system32\BOOTVID.dll 0xF74EC000 ACPI.sys 0xF7B1D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF74DB000 pci.sys 0xF761B000 isapnp.sys 0xF7BE3000 pciide.sys 0xF789B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7B1F000 intelide.sys 0xF762B000 MountMgr.sys 0xF74BC000 ftdisk.sys 0xF7B21000 dmload.sys 0xF7496000 dmio.sys 0xF78A3000 PartMgr.sys 0xF763B000 VolSnap.sys 0xF747E000 atapi.sys 0xF7461000 viamraid.sys 0xF7449000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF764B000 disk.sys 0xF765B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7429000 fltmgr.sys 0xF7417000 sr.sys 0xF766B000 PxHelp20.sys 0xF7400000 KSecDD.sys 0xF73ED000 WudfPf.sys 0xF7360000 Ntfs.sys 0xF7333000 NDIS.sys 0xF7319000 Mup.sys 0xF77FB000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF62C4000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xF62B0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF794B000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF628C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7953000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF6245000 \SystemRoot\system32\DRIVERS\yk51x86.sys 0xF5E55000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xF5E31000 \SystemRoot\system32\drivers\portcls.sys 0xF780B000 \SystemRoot\system32\drivers\drmk.sys 0xF5E0E000 \SystemRoot\system32\drivers\ks.sys 0xF795B000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF781B000 \SystemRoot\system32\DRIVERS\serial.sys 0xF7ADB000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF5DFA000 \SystemRoot\system32\DRIVERS\parport.sys 0xF5D7C000 \SystemRoot\system32\drivers\SndTDriverV32.sys 0xF7CBC000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF76AB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7AE3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5D65000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF76BB000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF76CB000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7973000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF5D54000 \SystemRoot\system32\DRIVERS\psched.sys 0xF76DB000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF797B000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7983000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF5A24000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF76FB000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF798B000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7993000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7B4F000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF59C6000 \SystemRoot\system32\DRIVERS\update.sys 0xF7AFF000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF777B000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF782B000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7B69000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7923000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF7B73000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7C95000 \SystemRoot\System32\Drivers\Null.SYS 0xF7B75000 \SystemRoot\System32\Drivers\Beep.SYS 0xF79AB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF79BB000 \SystemRoot\System32\drivers\vga.sys 0xF7B77000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7B79000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF79C3000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF79D3000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7B0F000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF378A000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF3731000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF3709000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF36E3000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF779B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF36C1000 \SystemRoot\System32\drivers\afd.sys 0xF77AB000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF79DB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xF3696000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF3626000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF3801000 \SystemRoot\System32\Drivers\kbfilter.SYS 0xF77EB000 \SystemRoot\System32\Drivers\Fips.SYS 0xF79EB000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0xF3603000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF7B7D000 \??\F:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xF79F3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xF78B3000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF6A7B000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF776B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF78FB000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xF7903000 \SystemRoot\system32\DRIVERS\HPZius12.sys 0xF7AD7000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF792B000 \SystemRoot\system32\DRIVERS\NuidFltr.sys 0xF785B000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xF3560000 \SystemRoot\system32\DRIVERS\Wdf01000.sys 0xF7B03000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xF7933000 \SystemRoot\system32\DRIVERS\point32.sys 0xF783B000 \SystemRoot\system32\DRIVERS\HPZid412.sys 0xF37C1000 \SystemRoot\system32\DRIVERS\HPZipr12.sys 0xF3548000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7B8D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF35EB000 \SystemRoot\System32\drivers\Dxapi.sys 0xF78EB000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0xF7D63000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB5583000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xB53C7000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB520E000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB51D1000 \SystemRoot\system32\drivers\wdmaud.sys 0xB52A3000 \SystemRoot\system32\drivers\sysaudio.sys 0xF7B93000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xB4E98000 \SystemRoot\System32\Drivers\HTTP.sys 0xB540B000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys 0xB4D3F000 \SystemRoot\system32\DRIVERS\srv.sys 0xF7BC7000 \SystemRoot\System32\Drivers\MCSTRM.SYS 0xB4C4F000 \SystemRoot\system32\DRIVERS\secdrv.sys 0xF78E3000 \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 0xB3B69000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xB4EF9000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xB374A000 \??\C:\WINDOWS\TEMP\uwqiakod.sys 0xB371F000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 41): 0 System Idle Process 4 System 480 C:\WINDOWS\system32\smss.exe 528 csrss.exe 552 C:\WINDOWS\system32\winlogon.exe 596 C:\WINDOWS\system32\services.exe 608 C:\WINDOWS\system32\lsass.exe 776 F:\Program Files\Avira\AntiVir Desktop\avguard.exe 824 F:\Program Files\Avira\AntiVir Desktop\avshadow.exe 976 C:\WINDOWS\system32\nvsvc32.exe 1000 C:\WINDOWS\system32\svchost.exe 1072 svchost.exe 1140 C:\WINDOWS\system32\svchost.exe 1184 C:\WINDOWS\system32\svchost.exe 1280 svchost.exe 1344 svchost.exe 1452 C:\WINDOWS\system32\spoolsv.exe 1496 F:\Program Files\Avira\AntiVir Desktop\sched.exe 1572 svchost.exe 2008 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 168 C:\WINDOWS\system32\svchost.exe 192 F:\Program Files\Java\jre6\bin\jqs.exe 364 F:\Program Files\Leapfrog\LeapFrog Connect\CommandService.exe 460 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 512 C:\Program Files\Common Files\Motive\McciCMService.exe 124 C:\Program Files\Common Files\Motive\McciServiceHost.exe 804 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1336 F:\Program Files\CDBurnerXP\NMSAccessU.exe 1284 C:\WINDOWS\system32\HPZipm12.exe 1488 C:\WINDOWS\system32\svchost.exe 2112 F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 2284 C:\WINDOWS\system32\rundll32.exe 2772 wmpnetwk.exe 3316 alg.exe 324 C:\WINDOWS\system32\dllhost.exe 6236 msdtc.exe 19740 C:\WINDOWS\explorer.exe 18472 F:\Program Files\Avira\AntiVir Desktop\avgnt.exe 19468 C:\WINDOWS\system32\ctfmon.exe 19444 F:\Program Files\Glary Utilities\memdefrag.exe 18520 C:\Documents and Settings\Joshua Barrett\desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST3120827AS, Rev: 3.42 PhysicalDrive1 Model Number: ST3120827AS, Rev: 3.42 Size Device Name MBR Status -------------------------------------------- 111 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A 111 GB \\.\PhysicalDrive1 Unknown MBR code SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit:

ok here are the results: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-05 13:34:14 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 ST3120827AS rev.3.42 Running: f9yywtxh.exe; Driver: C:\WINDOWS\TEMP\uwqiakod.sys ---- System - GMER 1.0.15 ---- SSDT F7CA0126 ZwCreateKey SSDT F7CA011C ZwCreateThread SSDT F7CA012B ZwDeleteKey SSDT F7CA0135 ZwDeleteValueKey SSDT F7CA013A ZwLoadKey SSDT F7CA0108 ZwOpenProcess SSDT F7CA010D ZwOpenThread SSDT F7CA0144 ZwReplaceKey SSDT F7CA013F ZwRestoreKey SSDT F7CA0130 ZwSetValueKey ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF62C4360, 0x3CEED5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:152] 868752A0 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ... ---- EOF - GMER 1.0.15 ----

The computer is still acting like there is something wrong. The other day the screen scrambled and the computer locked up. I had to do a hard boot to get it working again.

Just one problem...... for some reason, I cant run this file.

ok here you go: ComboFix 10-11-26.07 - Joshua Barrett 11/27/2010 9:14.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.555 [GMT -5:00] Running from: c:\documents and settings\Joshua Barrett\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\install.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_USNJSVC -------\Service_usnjsvc ((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 ))))))))))))))))))))))))))))))) . 2010-11-19 02:49 . 2010-11-19 02:49 -------- d-----w- c:\program files\ESET 2010-11-16 17:15 . 2010-11-16 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom 2010-11-16 17:15 . 2010-11-16 17:15 -------- d-----w- c:\documents and settings\Joshua Barrett\Local Settings\Application Data\TomTom 2010-11-16 17:15 . 2010-11-16 17:15 -------- d-----w- c:\documents and settings\Joshua Barrett\Application Data\TomTom 2010-11-16 17:15 . 2010-11-16 17:15 -------- d-----w- c:\program files\TomTom International B.V 2010-11-16 17:14 . 2010-11-16 17:14 -------- d-----w- c:\program files\TomTom DesktopSuite 2010-11-14 01:17 . 2010-11-20 02:35 -------- d-----w- c:\documents and settings\Mindi.BASTARD-891BFE7 2010-11-14 01:17 . 2010-11-14 01:17 -------- d-----w- c:\documents and settings\TEMP 2010-11-01 12:27 . 2010-11-01 12:27 -------- d-----w- c:\program files\Common Files\4Team 2010-11-01 12:27 . 2010-11-01 12:27 -------- d-----w- c:\documents and settings\Joshua Barrett\Application Data\4Team 2010-11-01 12:27 . 2010-11-01 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\4Team . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-22 16:23 . 2010-04-01 11:55 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-02 11:21 . 2010-04-01 11:55 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 12:00 974848 ------w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 12:00 953856 ------w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 19:00 . 2005-12-07 20:33 286720 ------w- c:\windows\Setup1.exe 2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] backup=c:\windows\pss\Kodak software updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Joshua Barrett^Start Menu^Programs^Startup^Walgreens PictureMover.lnk] backup=c:\windows\pss\Walgreens PictureMover.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 13:58 40368 ----a-w- f:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2008-11-07 19:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2009-07-10 17:59 195072 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asus USB Switch] 2005-10-27 19:34 20480 ----a-w- c:\windows\system32\AsusUSBSwitch\AsUsbSw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell] 2009-02-03 15:46 323216 ----a-w- c:\program files\Napster\napster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-05-01 04:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-05-01 04:31 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2007-04-16 19:28 577536 ----a-w- c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "nwiz"=nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "f:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4100:UDP"= 4100:UDP:uPNP Router Control Port R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [1/20/2008 9:03 AM 11886] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [4/1/2010 6:55 AM 135336] R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [6/24/2010 12:41 PM 315392] R2 TomTomHOMEService;TomTomHOMEService;f:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008] R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?] S2 ServiceName;ServiceDiscript;"" --> [?] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2009 8:25 PM 18560] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [11/11/2008 12:11 PM 27904] S4 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [9/22/2009 6:07 PM 52888] . Contents of the 'Scheduled Tasks' folder 2010-11-27 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2004-08-04 00:12] 2010-11-27 c:\windows\Tasks\GlaryInitialize.job - f:\program files\Glary Utilities\initialize.exe [2009-12-09 01:55] 2010-09-07 c:\windows\Tasks\photostageShakeIcon.job - c:\program files\NCH Software\PhotoStage\photostage.exe [2010-04-09 02:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ mWindow Title = Trusted Zone: att.com\ufix Trusted Zone: flightsim.com\www Trusted Zone: msn.com\www Trusted Zone: simroutes.com . - - - - ORPHANS REMOVED - - - - Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-PhilipsLime - c:\program files\Philips\Philips Lime Service\bin\LimeAlive.exe AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-27 11:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceName] "ImagePath"="\"\"" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1229272821-57989841-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(896) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . f:\program files\Avira\AntiVir Desktop\avguard.exe f:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe f:\program files\Java\jre6\bin\jqs.exe f:\program files\Leapfrog\LeapFrog Connect\CommandService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE f:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Windows Media Player\WMPNetwk.exe . ************************************************************************** . Completion time: 2010-11-27 11:17:28 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-27 16:17 ComboFix2.txt 2010-04-06 01:12 Pre-Run: 23,843,954,688 bytes free Post-Run: 23,811,194,880 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - E2A6CC06A4A8742F1AEE9B1293F66632

It is doing some really funky stuff still. When I log off, it will freeze sometimes. Sometimes i will click IE and it will come up and then shut down. Just really funky.

ok here is the scan ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process. OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process. OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=26fbd81761b38544ac15e30e7a03275e # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-11-19 09:41:17 # local_time=2010-11-19 04:41:17 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 66281575 66281575 0 0 # compatibility_mode=1797 16775165 100 93 0 48305279 0 0 # compatibility_mode=4864 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=136434 # found=0 # cleaned=0 # scan_time=7893

Ok here it is. Avira AntiVir Personal Report file date: Wednesday, November 17, 2010 03:00 Scanning for 3056103 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : BASTARD-891BFE7 Version information: BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/2/2010 11:21:32 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 08:22:25 LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 08:21:59 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:26:56 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:42:27 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 20:41:39 VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 12:17:30 VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 12:17:30 VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 12:17:30 VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 12:17:30 VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 11:22:14 VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 01:48:20 VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 10:08:16 VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 14:16:15 VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 13:36:45 VBASE018.VDF : 7.10.13.244 2048 Bytes 11/15/2010 13:36:45 VBASE019.VDF : 7.10.13.245 2048 Bytes 11/15/2010 13:36:45 VBASE020.VDF : 7.10.13.246 2048 Bytes 11/15/2010 13:36:45 VBASE021.VDF : 7.10.13.247 2048 Bytes 11/15/2010 13:36:45 VBASE022.VDF : 7.10.13.248 2048 Bytes 11/15/2010 13:36:45 VBASE023.VDF : 7.10.13.249 2048 Bytes 11/15/2010 13:36:46 VBASE024.VDF : 7.10.13.250 2048 Bytes 11/15/2010 13:36:46 VBASE025.VDF : 7.10.13.251 2048 Bytes 11/15/2010 13:36:46 VBASE026.VDF : 7.10.13.252 2048 Bytes 11/15/2010 13:36:46 VBASE027.VDF : 7.10.13.253 2048 Bytes 11/15/2010 13:36:46 VBASE028.VDF : 7.10.13.254 2048 Bytes 11/15/2010 13:36:46 VBASE029.VDF : 7.10.13.255 2048 Bytes 11/15/2010 13:36:47 VBASE030.VDF : 7.10.14.0 2048 Bytes 11/15/2010 13:36:47 VBASE031.VDF : 7.10.14.10 91136 Bytes 11/16/2010 13:36:47 Engineversion : 8.2.4.98 AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 00:40:30 AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/3/2010 12:18:42 AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 12:16:37 AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 08:23:39 AERDL.DLL : 8.1.9.2 635252 Bytes 9/22/2010 03:22:15 AEPACK.DLL : 8.2.3.11 471416 Bytes 10/11/2010 20:04:32 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/22/2010 15:43:36 AEHEUR.DLL : 8.1.2.41 3043703 Bytes 11/12/2010 14:16:33 AEHELP.DLL : 8.1.14.0 246134 Bytes 10/11/2010 20:04:28 AEGEN.DLL : 8.1.3.24 401781 Bytes 11/3/2010 12:17:44 AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 08:23:37 AECORE.DLL : 8.1.17.0 196982 Bytes 9/25/2010 22:25:47 AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 08:23:36 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40 AVREG.DLL : 10.0.3.2 53096 Bytes 11/2/2010 11:21:32 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 11/2/2010 11:21:32 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 08:22:25 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/2/2010 11:21:32 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: f:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: quarantine Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, F:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Wednesday, November 17, 2010 03:00 Starting search for hidden objects. HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Preferences\backgroundscancompletedate [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '62' Module(s) have been scanned Scan process 'TomTomHOMEService.exe' - '9' Module(s) have been scanned Scan process 'TomTomHOMERunner.exe' - '27' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'WMPNSCFG.exe' - '28' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'avgnt.exe' - '53' Module(s) have been scanned Scan process 'WMPNetwk.exe' - '67' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'HPZipm12.exe' - '18' Module(s) have been scanned Scan process 'NMSAccessU.exe' - '14' Module(s) have been scanned Scan process 'MDM.EXE' - '21' Module(s) have been scanned Scan process 'McciServiceHost.exe' - '78' Module(s) have been scanned Scan process 'McciCMService.exe' - '27' Module(s) have been scanned Scan process 'LSSrvc.exe' - '19' Module(s) have been scanned Scan process 'CommandService.exe' - '17' Module(s) have been scanned Scan process 'jqs.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned Scan process 'ACService.exe' - '20' Module(s) have been scanned Scan process 'Explorer.EXE' - '111' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '45' Module(s) have been scanned Scan process 'spoolsv.exe' - '61' Module(s) have been scanned Scan process 'svchost.exe' - '47' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '159' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '52' Module(s) have been scanned Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'avguard.exe' - '55' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '79' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1679' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'F:\' <Second Drive> End of the scan: Wednesday, November 17, 2010 04:09 Used time: 1:09:21 Hour(s) The scan has been done completely. 13673 Scanned directories 537082 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 537082 Files not concerned 4778 Archives were scanned 0 Warnings 0 Notes 681827 Objects were scanned with rootkit scan 26 Hidden objects were found