Jump to content

Something funky going on


jb30284
 Share

Recommended Posts

My computer is just not acting quite right and I think I may have gotten a virus or something. Can someone take a look for me?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:38:20 AM, on 11/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

F:\Program Files\Avira\AntiVir Desktop\avguard.exe

F:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

F:\Program Files\Java\jre6\bin\jqs.exe

F:\Program Files\Leapfrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciServiceHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\Explorer.EXE

F:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Internet Explorer\iexplore.exe

F:\Program Files\OFFICE11\OUTLOOK.EXE

F:\Program Files\OFFICE11\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188748302000

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - F:\Program Files\Leapfrog\LeapFrog Connect\CommandService.exe

O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciServiceHost.exe

O23 - Service: NMSAccess - Unknown owner - F:\Program Files\CDBurnerXP\NMSAccessU.exe

--

End of file - 4226 bytes

Link to post
Share on other sites

Hello jb30284! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post and a new fresh log file of HiJackThis.

Link to post
Share on other sites

Alright, here it is a new log file for you.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5098

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/12/2010 7:32:07 AM

mbam-log-2010-11-12 (07-32-07).txt

Scan type: Quick scan

Objects scanned: 175493

Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Perform a full scan with Avira and let it delete everything it is finding.

Then reboot.

After reboot, open your Avira and select "reports".

There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.

Link to post
Share on other sites

Here it is

Avira AntiVir Personal

Report file date: Tuesday, November 16, 2010 03:00

Scanning for 3046032 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : BASTARD-891BFE7

Version information:

BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00

AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/2/2010 11:21:32

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 08:22:25

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 08:21:59

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:26:56

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:42:27

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 20:41:39

VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 12:17:30

VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 12:17:30

VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 12:17:30

VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 12:17:30

VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 11:22:14

VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 01:48:20

VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 10:08:16

VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 14:16:15

VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 14:16:15

VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 14:16:15

VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 14:16:15

VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 14:16:15

VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 14:16:16

VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 14:16:16

VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 14:16:16

VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 14:16:16

VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 14:16:17

VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 14:16:17

VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 14:16:17

VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 14:16:17

VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 14:16:17

VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 14:16:17

VBASE031.VDF : 7.10.13.238 100352 Bytes 11/14/2010 01:19:52

Engineversion : 8.2.4.98

AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 00:40:30

AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/3/2010 12:18:42

AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 12:16:37

AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 08:23:39

AERDL.DLL : 8.1.9.2 635252 Bytes 9/22/2010 03:22:15

AEPACK.DLL : 8.2.3.11 471416 Bytes 10/11/2010 20:04:32

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/22/2010 15:43:36

AEHEUR.DLL : 8.1.2.41 3043703 Bytes 11/12/2010 14:16:33

AEHELP.DLL : 8.1.14.0 246134 Bytes 10/11/2010 20:04:28

AEGEN.DLL : 8.1.3.24 401781 Bytes 11/3/2010 12:17:44

AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 08:23:37

AECORE.DLL : 8.1.17.0 196982 Bytes 9/25/2010 22:25:47

AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 08:23:36

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40

AVREG.DLL : 10.0.3.2 53096 Bytes 11/2/2010 11:21:32

AVSCPLR.DLL : 10.0.3.1 83816 Bytes 11/2/2010 11:21:32

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 08:22:25

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/2/2010 11:21:32

Configuration settings for the scan:

Jobname.............................: Local Hard Disks

Configuration file..................: F:\Program Files\Avira\AntiVir Desktop\alldiscs.avp

Logging.............................: low

Primary action......................: quarantine

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, F:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Tuesday, November 16, 2010 03:00

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'rsmsink.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'vssvc.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'logon.scr' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'msdtc.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'WMPNetwk.exe' - '1' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned

Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'McciServiceHost.exe' - '1' Module(s) have been scanned

Scan process 'McciCMService.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'CommandService.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'ACService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'avshadow.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1676' files ).

Starting the file scan:

Begin scan in 'C:\'

Begin scan in 'F:\' <Second Drive>

End of the scan: Tuesday, November 16, 2010 05:03

Used time: 2:02:57 Hour(s)

The scan has been done completely.

22699 Scanned directories

796244 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

796244 Files not concerned

5653 Archives were scanned

0 Warnings

0 Notes

62747 Objects were scanned with rootkit scan

0 Hidden objects were found

Link to post
Share on other sites

Ok here it is.

Avira AntiVir Personal

Report file date: Wednesday, November 17, 2010 03:00

Scanning for 3056103 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : BASTARD-891BFE7

Version information:

BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00

AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/2/2010 11:21:32

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 08:22:25

LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 08:21:59

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 00:26:56

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 00:42:27

VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 20:41:39

VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 12:17:30

VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 12:17:30

VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 12:17:30

VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 12:17:30

VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 11:22:14

VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 01:48:20

VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 10:08:16

VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 14:16:15

VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 13:36:45

VBASE018.VDF : 7.10.13.244 2048 Bytes 11/15/2010 13:36:45

VBASE019.VDF : 7.10.13.245 2048 Bytes 11/15/2010 13:36:45

VBASE020.VDF : 7.10.13.246 2048 Bytes 11/15/2010 13:36:45

VBASE021.VDF : 7.10.13.247 2048 Bytes 11/15/2010 13:36:45

VBASE022.VDF : 7.10.13.248 2048 Bytes 11/15/2010 13:36:45

VBASE023.VDF : 7.10.13.249 2048 Bytes 11/15/2010 13:36:46

VBASE024.VDF : 7.10.13.250 2048 Bytes 11/15/2010 13:36:46

VBASE025.VDF : 7.10.13.251 2048 Bytes 11/15/2010 13:36:46

VBASE026.VDF : 7.10.13.252 2048 Bytes 11/15/2010 13:36:46

VBASE027.VDF : 7.10.13.253 2048 Bytes 11/15/2010 13:36:46

VBASE028.VDF : 7.10.13.254 2048 Bytes 11/15/2010 13:36:46

VBASE029.VDF : 7.10.13.255 2048 Bytes 11/15/2010 13:36:47

VBASE030.VDF : 7.10.14.0 2048 Bytes 11/15/2010 13:36:47

VBASE031.VDF : 7.10.14.10 91136 Bytes 11/16/2010 13:36:47

Engineversion : 8.2.4.98

AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 00:40:30

AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/3/2010 12:18:42

AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 12:16:37

AESBX.DLL : 8.1.3.1 254324 Bytes 4/24/2010 08:23:39

AERDL.DLL : 8.1.9.2 635252 Bytes 9/22/2010 03:22:15

AEPACK.DLL : 8.2.3.11 471416 Bytes 10/11/2010 20:04:32

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/22/2010 15:43:36

AEHEUR.DLL : 8.1.2.41 3043703 Bytes 11/12/2010 14:16:33

AEHELP.DLL : 8.1.14.0 246134 Bytes 10/11/2010 20:04:28

AEGEN.DLL : 8.1.3.24 401781 Bytes 11/3/2010 12:17:44

AEEMU.DLL : 8.1.2.0 393588 Bytes 4/24/2010 08:23:37

AECORE.DLL : 8.1.17.0 196982 Bytes 9/25/2010 22:25:47

AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 08:23:36

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40

AVREG.DLL : 10.0.3.2 53096 Bytes 11/2/2010 11:21:32

AVSCPLR.DLL : 10.0.3.1 83816 Bytes 11/2/2010 11:21:32

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 08:22:25

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/2/2010 11:21:32

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: f:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: quarantine

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, F:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Wednesday, November 17, 2010 03:00

Starting search for hidden objects.

HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Preferences\backgroundscancompletedate

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'msdtc.exe' - '40' Module(s) have been scanned

Scan process 'dllhost.exe' - '61' Module(s) have been scanned

Scan process 'dllhost.exe' - '45' Module(s) have been scanned

Scan process 'vssvc.exe' - '48' Module(s) have been scanned

Scan process 'avscan.exe' - '62' Module(s) have been scanned

Scan process 'TomTomHOMEService.exe' - '9' Module(s) have been scanned

Scan process 'TomTomHOMERunner.exe' - '27' Module(s) have been scanned

Scan process 'alg.exe' - '33' Module(s) have been scanned

Scan process 'WMPNSCFG.exe' - '28' Module(s) have been scanned

Scan process 'ctfmon.exe' - '25' Module(s) have been scanned

Scan process 'avgnt.exe' - '53' Module(s) have been scanned

Scan process 'WMPNetwk.exe' - '67' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'HPZipm12.exe' - '18' Module(s) have been scanned

Scan process 'NMSAccessU.exe' - '14' Module(s) have been scanned

Scan process 'MDM.EXE' - '21' Module(s) have been scanned

Scan process 'McciServiceHost.exe' - '78' Module(s) have been scanned

Scan process 'McciCMService.exe' - '27' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '19' Module(s) have been scanned

Scan process 'CommandService.exe' - '17' Module(s) have been scanned

Scan process 'jqs.exe' - '33' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned

Scan process 'ACService.exe' - '20' Module(s) have been scanned

Scan process 'Explorer.EXE' - '111' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'sched.exe' - '45' Module(s) have been scanned

Scan process 'spoolsv.exe' - '61' Module(s) have been scanned

Scan process 'svchost.exe' - '47' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '30' Module(s) have been scanned

Scan process 'svchost.exe' - '159' Module(s) have been scanned

Scan process 'svchost.exe' - '40' Module(s) have been scanned

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned

Scan process 'avshadow.exe' - '26' Module(s) have been scanned

Scan process 'avguard.exe' - '55' Module(s) have been scanned

Scan process 'lsass.exe' - '58' Module(s) have been scanned

Scan process 'services.exe' - '27' Module(s) have been scanned

Scan process 'winlogon.exe' - '79' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1679' files ).

Starting the file scan:

Begin scan in 'C:\'

Begin scan in 'F:\' <Second Drive>

End of the scan: Wednesday, November 17, 2010 04:09

Used time: 1:09:21 Hour(s)

The scan has been done completely.

13673 Scanned directories

537082 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

537082 Files not concerned

4778 Archives were scanned

0 Warnings

0 Notes

681827 Objects were scanned with rootkit scan

26 Hidden objects were found

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

ok here is the scan

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - delete file error:The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=26fbd81761b38544ac15e30e7a03275e

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-11-19 09:41:17

# local_time=2010-11-19 04:41:17 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 66281575 66281575 0 0

# compatibility_mode=1797 16775165 100 93 0 48305279 0 0

# compatibility_mode=4864 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=136434

# found=0

# cleaned=0

# scan_time=7893

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

ok here you go:

ComboFix 10-11-26.07 - Joshua Barrett 11/27/2010 9:14.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.555 [GMT -5:00]

Running from: c:\documents and settings\Joshua Barrett\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

F:\install.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_USNJSVC

-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))

.

2010-11-19 02:49 . 2010-11-19 02:49 -------- d-----w- c:\program files\ESET

2010-11-16 17:15 . 2010-11-16 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom

2010-11-16 17:15 . 2010-11-16 17:15 -------- d-----w- c:\documents and settings\Joshua Barrett\Local Settings\Application Data\TomTom

2010-11-16 17:15 . 2010-11-16 17:15 -------- d-----w- c:\documents and settings\Joshua Barrett\Application Data\TomTom

2010-11-16 17:15 . 2010-11-16 17:15 -------- d-----w- c:\program files\TomTom International B.V

2010-11-16 17:14 . 2010-11-16 17:14 -------- d-----w- c:\program files\TomTom DesktopSuite

2010-11-14 01:17 . 2010-11-20 02:35 -------- d-----w- c:\documents and settings\Mindi.BASTARD-891BFE7

2010-11-14 01:17 . 2010-11-14 01:17 -------- d-----w- c:\documents and settings\TEMP

2010-11-01 12:27 . 2010-11-01 12:27 -------- d-----w- c:\program files\Common Files\4Team

2010-11-01 12:27 . 2010-11-01 12:27 -------- d-----w- c:\documents and settings\Joshua Barrett\Application Data\4Team

2010-11-01 12:27 . 2010-11-01 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\4Team

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-22 16:23 . 2010-04-01 11:55 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-11-02 11:21 . 2010-04-01 11:55 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 12:00 974848 ------w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 12:00 953856 ------w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-01 19:00 . 2005-12-07 20:33 286720 ------w- c:\windows\Setup1.exe

2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Joshua Barrett^Start Menu^Programs^Startup^Walgreens PictureMover.lnk]

backup=c:\windows\pss\Walgreens PictureMover.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 13:58 40368 ----a-w- f:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2008-11-07 19:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2009-07-10 17:59 195072 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asus USB Switch]

2005-10-27 19:34 20480 ----a-w- c:\windows\system32\AsusUSBSwitch\AsUsbSw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]

2009-02-03 15:46 323216 ----a-w- c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-05-01 04:30 13750272 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2009-05-01 04:31 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 19:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"f:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"f:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4100:UDP"= 4100:UDP:uPNP Router Control Port

R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [1/20/2008 9:03 AM 11886]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [4/1/2010 6:55 AM 135336]

R2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [6/24/2010 12:41 PM 315392]

R2 TomTomHOMEService;TomTomHOMEService;f:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]

S2 ServiceName;ServiceDiscript;"" --> [?]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2009 8:25 PM 18560]

S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [11/11/2008 12:11 PM 27904]

S4 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [9/22/2009 6:07 PM 52888]

.

Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\Disk Cleanup.job

- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]

2010-11-27 c:\windows\Tasks\GlaryInitialize.job

- f:\program files\Glary Utilities\initialize.exe [2009-12-09 01:55]

2010-09-07 c:\windows\Tasks\photostageShakeIcon.job

- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-04-09 02:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

mWindow Title =

Trusted Zone: att.com\ufix

Trusted Zone: flightsim.com\www

Trusted Zone: msn.com\www

Trusted Zone: simroutes.com

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-PhilipsLime - c:\program files\Philips\Philips Lime Service\bin\LimeAlive.exe

AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-27 11:13

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceName]

"ImagePath"="\"\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-57989841-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(896)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

f:\program files\Avira\AntiVir Desktop\avguard.exe

f:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

f:\program files\Java\jre6\bin\jqs.exe

f:\program files\Leapfrog\LeapFrog Connect\CommandService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

f:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Windows Media Player\WMPNetwk.exe

.

**************************************************************************

.

Completion time: 2010-11-27 11:17:28 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-27 16:17

ComboFix2.txt 2010-04-06 01:12

Pre-Run: 23,843,954,688 bytes free

Post-Run: 23,811,194,880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - E2A6CC06A4A8742F1AEE9B1293F66632

Link to post
Share on other sites

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

ok here are the results:

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-12-05 13:34:14

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 ST3120827AS rev.3.42

Running: f9yywtxh.exe; Driver: C:\WINDOWS\TEMP\uwqiakod.sys

---- System - GMER 1.0.15 ----

SSDT F7CA0126 ZwCreateKey

SSDT F7CA011C ZwCreateThread

SSDT F7CA012B ZwDeleteKey

SSDT F7CA0135 ZwDeleteValueKey

SSDT F7CA013A ZwLoadKey

SSDT F7CA0108 ZwOpenProcess

SSDT F7CA010D ZwOpenThread

SSDT F7CA0144 ZwReplaceKey

SSDT F7CA013F ZwRestoreKey

SSDT F7CA0130 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF62C4360, 0x3CEED5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[12344] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13480] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[13872] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:152] 868752A0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Link to post
Share on other sites

ok here it is:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x00000025

Kernel Drivers (total 133):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E4000 \WINDOWS\system32\hal.dll

0xF7B1B000 \WINDOWS\system32\KDCOM.DLL

0xF7A2B000 \WINDOWS\system32\BOOTVID.dll

0xF74EC000 ACPI.sys

0xF7B1D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF74DB000 pci.sys

0xF761B000 isapnp.sys

0xF7BE3000 pciide.sys

0xF789B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7B1F000 intelide.sys

0xF762B000 MountMgr.sys

0xF74BC000 ftdisk.sys

0xF7B21000 dmload.sys

0xF7496000 dmio.sys

0xF78A3000 PartMgr.sys

0xF763B000 VolSnap.sys

0xF747E000 atapi.sys

0xF7461000 viamraid.sys

0xF7449000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

0xF764B000 disk.sys

0xF765B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF7429000 fltmgr.sys

0xF7417000 sr.sys

0xF766B000 PxHelp20.sys

0xF7400000 KSecDD.sys

0xF73ED000 WudfPf.sys

0xF7360000 Ntfs.sys

0xF7333000 NDIS.sys

0xF7319000 Mup.sys

0xF77FB000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF62C4000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF62B0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF794B000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF628C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7953000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF6245000 \SystemRoot\system32\DRIVERS\yk51x86.sys

0xF5E55000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xF5E31000 \SystemRoot\system32\drivers\portcls.sys

0xF780B000 \SystemRoot\system32\drivers\drmk.sys

0xF5E0E000 \SystemRoot\system32\drivers\ks.sys

0xF795B000 \SystemRoot\system32\DRIVERS\fdc.sys

0xF781B000 \SystemRoot\system32\DRIVERS\serial.sys

0xF7ADB000 \SystemRoot\system32\DRIVERS\serenum.sys

0xF5DFA000 \SystemRoot\system32\DRIVERS\parport.sys

0xF5D7C000 \SystemRoot\system32\drivers\SndTDriverV32.sys

0xF7CBC000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF76AB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7AE3000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF5D65000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF76BB000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF76CB000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7973000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF5D54000 \SystemRoot\system32\DRIVERS\psched.sys

0xF76DB000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF797B000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7983000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF5A24000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF76FB000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF798B000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7993000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7B4F000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF59C6000 \SystemRoot\system32\DRIVERS\update.sys

0xF7AFF000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF777B000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF782B000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7B69000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7923000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0xF7B73000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7C95000 \SystemRoot\System32\Drivers\Null.SYS

0xF7B75000 \SystemRoot\System32\Drivers\Beep.SYS

0xF79AB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF79BB000 \SystemRoot\System32\drivers\vga.sys

0xF7B77000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7B79000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF79C3000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF79D3000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7B0F000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF378A000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF3731000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF3709000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF36E3000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF779B000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF36C1000 \SystemRoot\System32\drivers\afd.sys

0xF77AB000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF79DB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0xF3696000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF3626000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF3801000 \SystemRoot\System32\Drivers\kbfilter.SYS

0xF77EB000 \SystemRoot\System32\Drivers\Fips.SYS

0xF79EB000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

0xF3603000 \SystemRoot\system32\DRIVERS\avipbb.sys

0xF7B7D000 \??\F:\Program Files\Avira\AntiVir Desktop\avgio.sys

0xF79F3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF78B3000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF6A7B000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF776B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF78FB000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xF7903000 \SystemRoot\system32\DRIVERS\HPZius12.sys

0xF7AD7000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF792B000 \SystemRoot\system32\DRIVERS\NuidFltr.sys

0xF785B000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xF3560000 \SystemRoot\system32\DRIVERS\Wdf01000.sys

0xF7B03000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF7933000 \SystemRoot\system32\DRIVERS\point32.sys

0xF783B000 \SystemRoot\system32\DRIVERS\HPZid412.sys

0xF37C1000 \SystemRoot\system32\DRIVERS\HPZipr12.sys

0xF3548000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7B8D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF35EB000 \SystemRoot\System32\drivers\Dxapi.sys

0xF78EB000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xF7D63000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xB5583000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0xB53C7000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB520E000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB51D1000 \SystemRoot\system32\drivers\wdmaud.sys

0xB52A3000 \SystemRoot\system32\drivers\sysaudio.sys

0xF7B93000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB4E98000 \SystemRoot\System32\Drivers\HTTP.sys

0xB540B000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0xB4D3F000 \SystemRoot\system32\DRIVERS\srv.sys

0xF7BC7000 \SystemRoot\System32\Drivers\MCSTRM.SYS

0xB4C4F000 \SystemRoot\system32\DRIVERS\secdrv.sys

0xF78E3000 \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

0xB3B69000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xB4EF9000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xB374A000 \??\C:\WINDOWS\TEMP\uwqiakod.sys

0xB371F000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):

0 System Idle Process

4 System

480 C:\WINDOWS\system32\smss.exe

528 csrss.exe

552 C:\WINDOWS\system32\winlogon.exe

596 C:\WINDOWS\system32\services.exe

608 C:\WINDOWS\system32\lsass.exe

776 F:\Program Files\Avira\AntiVir Desktop\avguard.exe

824 F:\Program Files\Avira\AntiVir Desktop\avshadow.exe

976 C:\WINDOWS\system32\nvsvc32.exe

1000 C:\WINDOWS\system32\svchost.exe

1072 svchost.exe

1140 C:\WINDOWS\system32\svchost.exe

1184 C:\WINDOWS\system32\svchost.exe

1280 svchost.exe

1344 svchost.exe

1452 C:\WINDOWS\system32\spoolsv.exe

1496 F:\Program Files\Avira\AntiVir Desktop\sched.exe

1572 svchost.exe

2008 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

168 C:\WINDOWS\system32\svchost.exe

192 F:\Program Files\Java\jre6\bin\jqs.exe

364 F:\Program Files\Leapfrog\LeapFrog Connect\CommandService.exe

460 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

512 C:\Program Files\Common Files\Motive\McciCMService.exe

124 C:\Program Files\Common Files\Motive\McciServiceHost.exe

804 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

1336 F:\Program Files\CDBurnerXP\NMSAccessU.exe

1284 C:\WINDOWS\system32\HPZipm12.exe

1488 C:\WINDOWS\system32\svchost.exe

2112 F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

2284 C:\WINDOWS\system32\rundll32.exe

2772 wmpnetwk.exe

3316 alg.exe

324 C:\WINDOWS\system32\dllhost.exe

6236 msdtc.exe

19740 C:\WINDOWS\explorer.exe

18472 F:\Program Files\Avira\AntiVir Desktop\avgnt.exe

19468 C:\WINDOWS\system32\ctfmon.exe

19444 F:\Program Files\Glary Utilities\memdefrag.exe

18520 C:\Documents and Settings\Joshua Barrett\desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3120827AS, Rev: 3.42

PhysicalDrive1 Model Number: ST3120827AS, Rev: 3.42

Size Device Name MBR Status

--------------------------------------------

111 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

111 GB \\.\PhysicalDrive1 Unknown MBR code

SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Link to post
Share on other sites

  1. Download Bootkit remover to your Desktop.
  2. Extract Remover to your desktop.
  3. Open Notepad. Copy and paste the following text into it:
    @ECHO OFF
    START remover.exe fix \\.\PhysicalDrive1
    EXIT


  4. Save it as Fix.bat at the desktop. Make sure the Save as type: is All Files (*.*).
  5. Double click on Fix.bat to run it. Allow if prompted by any security software.
  6. Finally, please post your log file in your next reply.

Link to post
Share on other sites

Ok this is what I got:

.\debug.cpp(238) : Debug log started at 06.12.2010 - 18:23:42

.\boot_cleaner.cpp(527) : Bootkit Remover

.\boot_cleaner.cpp(528) : © 2009 eSage Lab

.\boot_cleaner.cpp(529) : www.esagelab.com

.\boot_cleaner.cpp(533) : Program version: 1.2.0.0

.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

.\debug.cpp(248) : **********************************************

.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********

.\debug.cpp(250) : **********************************************

.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"

.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"

.\debug.cpp(256) : 0xf7b1b000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"

.\debug.cpp(256) : 0xf7a2b000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"

.\debug.cpp(256) : 0xf74ec000 0x0002e000 "ACPI.sys"

.\debug.cpp(256) : 0xf7b1d000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"

.\debug.cpp(256) : 0xf74db000 0x00011000 "pci.sys"

.\debug.cpp(256) : 0xf761b000 0x0000a000 "isapnp.sys"

.\debug.cpp(256) : 0xf7be3000 0x00001000 "pciide.sys"

.\debug.cpp(256) : 0xf789b000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"

.\debug.cpp(256) : 0xf7b1f000 0x00002000 "intelide.sys"

.\debug.cpp(256) : 0xf762b000 0x0000b000 "MountMgr.sys"

.\debug.cpp(256) : 0xf74bc000 0x0001f000 "ftdisk.sys"

.\debug.cpp(256) : 0xf7b21000 0x00002000 "dmload.sys"

.\debug.cpp(256) : 0xf7496000 0x00026000 "dmio.sys"

.\debug.cpp(256) : 0xf78a3000 0x00005000 "PartMgr.sys"

.\debug.cpp(256) : 0xf763b000 0x0000d000 "VolSnap.sys"

.\debug.cpp(256) : 0xf747e000 0x00018000 "atapi.sys"

.\debug.cpp(256) : 0xf7461000 0x0001d000 "viamraid.sys"

.\debug.cpp(256) : 0xf7449000 0x00018000 "\WINDOWS\system32\DRIVERS\SCSIPORT.SYS"

.\debug.cpp(256) : 0xf764b000 0x00009000 "disk.sys"

.\debug.cpp(256) : 0xf765b000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"

.\debug.cpp(256) : 0xf7429000 0x00020000 "fltmgr.sys"

.\debug.cpp(256) : 0xf7417000 0x00012000 "sr.sys"

.\debug.cpp(256) : 0xf766b000 0x0000a000 "PxHelp20.sys"

.\debug.cpp(256) : 0xf7400000 0x00017000 "KSecDD.sys"

.\debug.cpp(256) : 0xf73ed000 0x00013000 "WudfPf.sys"

.\debug.cpp(256) : 0xf7360000 0x0008d000 "Ntfs.sys"

.\debug.cpp(256) : 0xf7333000 0x0002d000 "NDIS.sys"

.\debug.cpp(256) : 0xf7319000 0x0001a000 "Mup.sys"

.\debug.cpp(256) : 0xf77fb000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"

.\debug.cpp(256) : 0xf62c4000 0x007af000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"

.\debug.cpp(256) : 0xf62b0000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"

.\debug.cpp(256) : 0xf794b000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"

.\debug.cpp(256) : 0xf628c000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"

.\debug.cpp(256) : 0xf7953000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"

.\debug.cpp(256) : 0xf6245000 0x00047000 "\SystemRoot\system32\DRIVERS\yk51x86.sys"

.\debug.cpp(256) : 0xf5e55000 0x003f0000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"

.\debug.cpp(256) : 0xf5e31000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"

.\debug.cpp(256) : 0xf780b000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"

.\debug.cpp(256) : 0xf5e0e000 0x00023000 "\SystemRoot\system32\drivers\ks.sys"

.\debug.cpp(256) : 0xf795b000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"

.\debug.cpp(256) : 0xf781b000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"

.\debug.cpp(256) : 0xf7adb000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"

.\debug.cpp(256) : 0xf5dfa000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"

.\debug.cpp(256) : 0xf5d7c000 0x0007e000 "\SystemRoot\system32\drivers\SndTDriverV32.sys"

.\debug.cpp(256) : 0xf7cbc000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"

.\debug.cpp(256) : 0xf76ab000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"

.\debug.cpp(256) : 0xf7ae3000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"

.\debug.cpp(256) : 0xf5d65000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"

.\debug.cpp(256) : 0xf76bb000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"

.\debug.cpp(256) : 0xf76cb000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"

.\debug.cpp(256) : 0xf7973000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"

.\debug.cpp(256) : 0xf5d54000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"

.\debug.cpp(256) : 0xf76db000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"

.\debug.cpp(256) : 0xf797b000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"

.\debug.cpp(256) : 0xf7983000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"

.\debug.cpp(256) : 0xf5a24000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"

.\debug.cpp(256) : 0xf76fb000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"

.\debug.cpp(256) : 0xf798b000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"

.\debug.cpp(256) : 0xf7993000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"

.\debug.cpp(256) : 0xf7b4f000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"

.\debug.cpp(256) : 0xf59c6000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"

.\debug.cpp(256) : 0xf7aff000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"

.\debug.cpp(256) : 0xf777b000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"

.\debug.cpp(256) : 0xf782b000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"

.\debug.cpp(256) : 0xf7b69000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"

.\debug.cpp(256) : 0xf7923000 0x00005000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"

.\debug.cpp(256) : 0xf7b73000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"

.\debug.cpp(256) : 0xf7c95000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"

.\debug.cpp(256) : 0xf7b75000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"

.\debug.cpp(256) : 0xf79ab000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"

.\debug.cpp(256) : 0xf79bb000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"

.\debug.cpp(256) : 0xf7b77000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"

.\debug.cpp(256) : 0xf7b79000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"

.\debug.cpp(256) : 0xf79c3000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"

.\debug.cpp(256) : 0xf79d3000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"

.\debug.cpp(256) : 0xf7b0f000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"

.\debug.cpp(256) : 0xf378a000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"

.\debug.cpp(256) : 0xf3731000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"

.\debug.cpp(256) : 0xf3709000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"

.\debug.cpp(256) : 0xf36e3000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"

.\debug.cpp(256) : 0xf779b000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"

.\debug.cpp(256) : 0xf36c1000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"

.\debug.cpp(256) : 0xf77ab000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"

.\debug.cpp(256) : 0xf79db000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"

.\debug.cpp(256) : 0xf3696000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"

.\debug.cpp(256) : 0xf3626000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"

.\debug.cpp(256) : 0xf3801000 0x00003000 "\SystemRoot\System32\Drivers\kbfilter.SYS"

.\debug.cpp(256) : 0xf77eb000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"

.\debug.cpp(256) : 0xf79eb000 0x00005000 "\SystemRoot\System32\Drivers\ElbyCDIO.sys"

.\debug.cpp(256) : 0xf3603000 0x00023000 "\SystemRoot\system32\DRIVERS\avipbb.sys"

.\debug.cpp(256) : 0xf7b7d000 0x00002000 "\??\F:\Program Files\Avira\AntiVir Desktop\avgio.sys"

.\debug.cpp(256) : 0xf79f3000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"

.\debug.cpp(256) : 0xf78b3000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"

.\debug.cpp(256) : 0xf6a7b000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"

.\debug.cpp(256) : 0xf776b000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"

.\debug.cpp(256) : 0xf78fb000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"

.\debug.cpp(256) : 0xf7903000 0x00006000 "\SystemRoot\system32\DRIVERS\HPZius12.sys"

.\debug.cpp(256) : 0xf7ad7000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"

.\debug.cpp(256) : 0xf792b000 0x00007000 "\SystemRoot\system32\DRIVERS\NuidFltr.sys"

.\debug.cpp(256) : 0xf785b000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS"

.\debug.cpp(256) : 0xf3560000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys"

.\debug.cpp(256) : 0xf7b03000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"

.\debug.cpp(256) : 0xf7933000 0x00006000 "\SystemRoot\system32\DRIVERS\point32.sys"

.\debug.cpp(256) : 0xf783b000 0x0000d000 "\SystemRoot\system32\DRIVERS\HPZid412.sys"

.\debug.cpp(256) : 0xf37c1000 0x00004000 "\SystemRoot\system32\DRIVERS\HPZipr12.sys"

.\debug.cpp(256) : 0xf3548000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"

.\debug.cpp(256) : 0xf7b8d000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"

.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"

.\debug.cpp(256) : 0xf35eb000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"

.\debug.cpp(256) : 0xf78eb000 0x00005000 "\SystemRoot\System32\watchdog.sys"

.\debug.cpp(256) : 0xbd000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"

.\debug.cpp(256) : 0xf7d63000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"

.\debug.cpp(256) : 0xbd012000 0x005a0000 "\SystemRoot\System32\nv4_disp.dll"

.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"

.\debug.cpp(256) : 0xb5583000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"

.\debug.cpp(256) : 0xb53c7000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"

.\debug.cpp(256) : 0xb520e000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"

.\debug.cpp(256) : 0xb51d1000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"

.\debug.cpp(256) : 0xb52a3000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"

.\debug.cpp(256) : 0xf7b93000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"

.\debug.cpp(256) : 0xb4e98000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"

.\debug.cpp(256) : 0xb540b000 0x00009000 "\SystemRoot\system32\DRIVERS\ipfltdrv.sys"

.\debug.cpp(256) : 0xb4d3f000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"

.\debug.cpp(256) : 0xf7bc7000 0x00002000 "\SystemRoot\System32\Drivers\MCSTRM.SYS"

.\debug.cpp(256) : 0xb4c4f000 0x0000a000 "\SystemRoot\system32\DRIVERS\secdrv.sys"

.\debug.cpp(256) : 0xf78e3000 0x00005000 "\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS"

.\debug.cpp(256) : 0xb3b69000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"

.\debug.cpp(256) : 0xb4ef9000 0x00004000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"

.\debug.cpp(256) : 0xb374a000 0x00018000 "\??\C:\WINDOWS\TEMP\uwqiakod.sys"

.\debug.cpp(256) : 0xb1023000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"

.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"

.\debug.cpp(263) : **********************************************

.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********

.\debug.cpp(308) : **********************************************

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2658&SUBSYS_26581458&REV_03#3&13c0b0c5&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{91724b42-62aa-11da-a544-806d6172696f}"

.\debug.cpp(400) : Destination "\Device\Floppy0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"

.\debug.cpp(400) : Destination "\Device\Ndis"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"

.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"

.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"

.\debug.cpp(400) : Destination "\Device\Video0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3164&SUBSYS_31641106&REV_06#4&10a6a55&0&30F0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000038"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_00#7&8f147&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\00000086"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_8604#TH62M1516104K8#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-7"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"

.\debug.cpp(400) : Destination "\Device\Video1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"

.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination "\Device\0000004b"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"

.\debug.cpp(400) : Destination "\Device\Ip"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"

.\debug.cpp(400) : Destination "\Device\Video2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000037"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_06a3&Pid_053c#00048494#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-8"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"

.\debug.cpp(400) : Destination "\Device\IPSEC"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"

.\debug.cpp(400) : Destination "\Device\avgio"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"

.\debug.cpp(400) : Destination "\Device\Video3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4122D90F-8A29-49E0-A2AA-BD8D3289CD3B}"

.\debug.cpp(400) : Destination "\Device\{4122D90F-8A29-49E0-A2AA-BD8D3289CD3B}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\KSENUM#0000000c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"

.\debug.cpp(400) : Destination "\Device\NDProxy"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"

.\debug.cpp(400) : Destination "\Device\ProcessManagement"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col01#7&13390d85&0&0000#{1e0886f0-4876-47fe-b3fd-c9851b2bcff2}"

.\debug.cpp(400) : Destination "\Device\00000087"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"

.\debug.cpp(400) : Destination "\Device\Scsi\viamraid1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{70156B52-FF59-491E-84A6-D6D8CF7598AF}"

.\debug.cpp(400) : Destination "\Device\{70156B52-FF59-491E-84A6-D6D8CF7598AF}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"

.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265B&SUBSYS_265A1458&REV_03#3&13c0b0c5&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"

.\debug.cpp(400) : Destination "\Device\ParallelVdm0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000030"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"

.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination "\Device\0000002f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"

.\debug.cpp(400) : Destination "\Device\WMIDataDevice"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature1EE91EE8Offset7E00Length1BF26F0400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&1253a9a1&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\FloppyPDO0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_1207#4950E9#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-5"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"

.\debug.cpp(400) : Destination "\Device\Serial0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"

.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination "\Device\00000030"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM2"

.\debug.cpp(400) : Destination "\Device\Serial1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4FED216D-A191-4BFC-B8B7-F75DFFA21048}"

.\debug.cpp(400) : Destination "\Device\{4FED216D-A191-4BFC-B8B7-F75DFFA21048}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"

.\debug.cpp(400) : Destination "\Device\NamedPipe"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000030"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_AE011458&REV_03#3&13c0b0c5&0&F2#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\POINT32FILTER"

.\debug.cpp(400) : Destination "\Device\Point32Filter"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9f81ea60-62a9-11da-a5e5-806d6172696f}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"

.\debug.cpp(400) : Destination "\Device\Mup"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"

.\debug.cpp(400) : Destination "\Device\PSched"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col03#7&13390d85&0&0002#{1e0886f0-4876-47fe-b3fd-c9851b2bcff2}"

.\debug.cpp(400) : Destination "\Device\00000089"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"

.\debug.cpp(400) : Destination "\Device\IPNAT"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"

.\debug.cpp(400) : Destination "\Device\USBFDO-0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\uwqiakod"

.\debug.cpp(400) : Destination "\Device\uwqiakod"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000030"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"

.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"

.\debug.cpp(400) : Destination "\Device\Tcp"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FAAD245F-CDE8-43DA-A9BC-082FE7A760C7}"

.\debug.cpp(400) : Destination "\Device\{FAAD245F-CDE8-43DA-A9BC-082FE7A760C7}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"

.\debug.cpp(400) : Destination "\Device\USBFDO-1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000040"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPFILTERDRIVER"

.\debug.cpp(400) : Destination "\Device\IPFILTERDRIVER"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"

.\debug.cpp(400) : Destination "\Device\VideoPdo0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&b23c43c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"

.\debug.cpp(400) : Destination "\Device\USBFDO-2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"

.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_AE011458&REV_03#3&13c0b0c5&0&F2#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"

.\debug.cpp(400) : Destination "\DosDevices\LPT1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265A&SUBSYS_265A1458&REV_03#3&13c0b0c5&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"

.\debug.cpp(400) : Destination "\Device\USBFDO-3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\0000003a"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"

.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MCSTRM"

.\debug.cpp(400) : Destination "\Device\MCSTRM"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"

.\debug.cpp(400) : Destination "\Device\sysaudio"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"

.\debug.cpp(400) : Destination "\Device\FsWrap"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"

.\debug.cpp(400) : Destination "\Device\USBFDO-4"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3120827AS_____________________________3.42____#5&635e7a3&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP3T0L0-22"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination "\Device\0000002e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"

.\debug.cpp(400) : Destination "\GLOBAL??"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\KBFILTER0"

.\debug.cpp(400) : Destination "\Device\KBFILTER0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"

.\debug.cpp(400) : Destination "\Device\0000004e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureCA69CA69Offset7E00Length1BF1F18200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(400) : Destination "\Device\00000064"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"

.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"

.\debug.cpp(400) : Destination "\Device\Secdrv"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"

.\debug.cpp(400) : Destination "\Device\00000065"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&27392e3a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&10872b3e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination "\Device\00000049"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_265C&SUBSYS_50061458&REV_03#3&13c0b0c5&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2659&SUBSYS_26591458&REV_03#3&13c0b0c5&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3120827AS_____________________________3.42____#5&18ef9848&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-17"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col04#7&13390d85&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\0000008a"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DC92A35C-0C6A-4620-AB7F-AE9F78220228}"

.\debug.cpp(400) : Destination "\Device\{DC92A35C-0C6A-4620-AB7F-AE9F78220228}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002e"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DOT4#Vid_03f0&Pid_8604&MI_01&DOT4&PRINT_HPZ#8&7f8bdab&2&0#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"

.\debug.cpp(400) : Destination "\Device\HPZID412PRINT_HPZ1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"

.\debug.cpp(400) : Destination "\Device\00000064"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{98F8601F-2E64-4450-B57A-DEF7C9DEFA2A}"

.\debug.cpp(400) : Destination "\Device\{98F8601F-2E64-4450-B57A-DEF7C9DEFA2A}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col01#7&13390d85&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\00000087"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col02#7&13390d85&0&0001#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\00000088"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&1d12e461&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"

.\debug.cpp(400) : Destination "\Device\Parallel0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_AE011458&REV_03#3&13c0b0c5&0&F2#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"

.\debug.cpp(400) : Destination "\Device\MountPointManager"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000036"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"

.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"

.\debug.cpp(400) : Destination "\Device\ssmctl"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5CB17815-3DEE-4E44-A170-E15CDD0C9C44}"

.\debug.cpp(400) : Destination "\Device\{5CB17815-3DEE-4E44-A170-E15CDD0C9C44}"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"

.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"

.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MRESP50"

.\debug.cpp(400) : Destination "\Device\MRESP50"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"

.\debug.cpp(400) : Destination "\Device\WANARP"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\00000003"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination "\Device\0000002c"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"

.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"

.\debug.cpp(400) : Destination "\Device\Floppy0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&c80c3fc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"

.\debug.cpp(400) : Destination "\Device\NdisWanIp"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

.\debug.cpp(400) : Destination "\Device\00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col03#7&13390d85&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\00000089"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"

.\debug.cpp(400) : Destination "\Device\ASYNCMAC"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"

.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"

.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ElbyCDIO"

.\debug.cpp(400) : Destination "\Device\ElbyCDIO"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11AB&DEV_4320&SUBSYS_E0001458&REV_13#4&10a6a55&0&28F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&40474c7&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"

.\debug.cpp(400) : Destination "\Device\00000066"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"

.\debug.cpp(400) : Destination "\Device\00000039"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\0000002f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_266E&SUBSYS_AE011458&REV_03#3&13c0b0c5&0&F2#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"

.\debug.cpp(400) : Destination "\Device\ParTechInc0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3aa33e6c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"

.\debug.cpp(400) : Destination "\Device\USBPDO-0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"

.\debug.cpp(400) : Destination "\Device\00000044"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_01&Col02#7&13390d85&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\00000088"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"

.\debug.cpp(400) : Destination "\Device\NdisTapi"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"

.\debug.cpp(400) : Destination "\Device\NdisWan"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"

.\debug.cpp(400) : Destination "\Device\AscKmd"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"

.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"

.\debug.cpp(400) : Destination "\Device\IPMULTICAST"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"

.\debug.cpp(400) : Destination "\Device\Parallel0"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"

.\debug.cpp(400) : Destination "\Device\ParTechInc1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"

.\debug.cpp(400) : Destination "\Device\DmLoader"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"

.\debug.cpp(400) : Destination "\Device\LanmanRedirector"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_06a3&Pid_053c#6&1c4262ac&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\0000008f"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_045e&Pid_00f9#5&357256dc&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"

.\debug.cpp(400) : Destination "\Device\USBPDO-6"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}"

.\debug.cpp(400) : Destination "\Device\00000065"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"

.\debug.cpp(400) : Destination "\Device\ParTechInc2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"

.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0402&SUBSYS_0440196E&REV_A1#4&1657b0f4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"

.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"

.\debug.cpp(400) : Destination "\Device\FtControl"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"

.\debug.cpp(400) : Destination "\Device\MailSlot"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_03f0&Pid_8604&MI_00#6&9715da4&2&0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"

.\debug.cpp(400) : Destination "\Device\00000083"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{dda54a40-1e4c-11d1-a050-405705c10000}"

.\debug.cpp(400) : Destination "\Device\0000002d"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"

.\debug.cpp(400) : Destination "\DosDevices\COM1"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{778471a2-62de-11da-b46f-000fea2ce77a}"

.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"

.\debug.cpp(400) : Destination ""

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_00f9&MI_00#7&8f147&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"

.\debug.cpp(400) : Destination "\Device\00000086"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"

.\debug.cpp(400) : Destination "\Device\Ndisuio"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\00000043"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"

.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"

.\debug.cpp(400) : Destination "\Device\Null"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_4#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"

.\debug.cpp(400) : Destination "\Device\0000004a"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"

.\debug.cpp(400) : Destination "\Device\00000042"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"

.\debug.cpp(400) : Destination "\Device\avipbb"

.\debug.cpp(409) : --

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"

.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"

.\debug.cpp(409) : --

.\debug.cpp(453) : **********************************************

.\boot_cleaner.cpp(565) : System volume is \\.\C:

.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

.\boot_cleaner.cpp(1060) :

.\boot_cleaner.cpp(1061) : Size Device Name MBR Status

.\boot_cleaner.cpp(1062) : --------------------------------------------

.\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

.\boot_cleaner.cpp(1112) :

.\boot_cleaner.cpp(1151) : Done;

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.