Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL3 Removal Help


  • This topic is locked This topic is locked
21 replies to this topic

#1 abc123456789

abc123456789

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 10 August 2010 - 09:54 PM

Hi, to make a long story short, i recently used hitman 3.5 to scan for malware, because i have been getting redirects from google links. After scanning, it showed that a "Possible variant of a TDL3 (alias Alureon) rootkit detected. After much searching, i found out that combofix is the program to use to fix this. Combofix informed me to go to this forum for a guide, which directed me to post in a forum, which directed me to this forum. Here are the combofix logs:

ComboFix 10-08-10.03 - Administrator 08/10/2010 17:06:03.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2814.1918 [GMT -7:00]
Running from: c:usersAdministratorDesktopComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32%appdata%

.
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-11 00:12 . 2010-08-11 00:14 -------- d-----w- c:usersAdministratorAppDataLocaltemp
2010-08-11 00:12 . 2010-08-11 00:12 -------- d-----w- c:usersDefaultAppDataLocaltemp
2010-08-10 23:48 . 2010-08-10 23:48 -------- d-----w- C:32788R22FWJFW
2010-08-10 23:00 . 2010-08-10 23:21 16968 ----a-w- c:windowssystem32driverbleepmanpro35.sys
2010-08-10 22:59 . 2010-08-10 22:59 -------- d-----w- c:programdataHitman Pro
2010-08-10 22:59 . 2010-08-10 22:59 -------- d-----w- c:program filebleepman Pro 3.5
2010-08-10 22:50 . 2010-08-10 22:50 -------- d-----w- c:program filesTrend Micro
2010-08-05 06:22 . 2010-08-05 06:59 -------- d-----w- c:programdataBlizzard Entertainment
2010-08-05 06:22 . 2010-08-06 03:22 -------- d-----w- c:program filesStarCraft II
2010-08-05 06:22 . 2010-08-05 06:52 -------- d-----w- c:program filesCommon FilesBlizzard Entertainment
2010-08-01 21:02 . 2010-08-01 21:02 -------- d-----w- c:usersAdministratorAppDataLocalCrashRpt
2010-08-01 21:02 . 2010-08-01 21:03 -------- d-----w- c:usersAdministratorAppDataLocalProcaster
2010-07-31 20:07 . 2010-07-31 20:07 -------- d-----w- c:usersAdministratorAppDataRoamingchc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-31 19:16 . 2010-07-31 19:16 -------- d-----w- c:programdataALM
2010-07-31 19:10 . 2010-07-31 19:10 -------- d-----w- c:usersAdministratorAdobe Flash Builder 4
2010-07-31 01:47 . 2010-07-31 01:47 -------- d-----w- c:program filesCommon FilesJava
2010-07-31 01:47 . 2010-07-17 12:00 423656 ----a-w- c:windowssystem32deployJava1.dll
2010-07-29 10:19 . 2010-07-29 10:34 -------- d-----w- c:program filesWise Registry Cleaner
2010-07-28 22:22 . 2010-07-28 22:22 -------- d-----w- c:program filesvLite
2010-07-27 19:54 . 2010-07-27 19:56 -------- d-----w- c:program filesSpybot - Search & Destroy
2010-07-27 19:48 . 2010-07-27 20:48 -------- d-----w- c:programdataregid.1986-12.com.adobe
2010-07-27 19:23 . 2010-07-27 19:23 -------- d-----w- c:usersAdministratorAppDataRoamingMalwarebytes
2010-07-27 19:23 . 2010-04-29 22:39 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-07-27 19:23 . 2010-07-27 19:23 -------- d-----w- c:programdataMalwarebytes
2010-07-27 19:23 . 2010-04-29 22:39 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-07-27 19:23 . 2010-07-27 19:23 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-07-27 18:35 . 2010-07-31 18:56 -------- d-----w- c:program filesCommon FilesPX Storage Engine
2010-07-27 18:35 . 2010-07-27 18:35 -------- d-----w- c:program filesMy Company Name
2010-07-27 18:27 . 2010-07-27 18:27 -------- d-----w- c:program filesCommon FilesAdobe AIR
2010-07-27 18:05 . 2010-07-27 18:06 -------- d-----w- c:program filesDAEMON Tools Lite
2010-07-27 18:03 . 2010-07-27 18:03 -------- d-----w- c:usersAdministratorAppDataRoamingDAEMON Tools Pro
2010-07-27 18:03 . 2010-07-27 18:03 -------- d-----w- c:programdataDAEMON Tools Pro
2010-07-24 22:31 . 2010-07-24 22:31 -------- d-----w- c:programdataIObit
2010-07-24 22:25 . 2010-07-24 22:25 -------- d-----w- c:usersAdministratorAppDataRoamingIObit
2010-07-24 02:15 . 2010-07-24 02:15 -------- d-----w- c:program filesAdobe Media Player
2010-07-24 01:11 . 2010-07-24 01:11 -------- d-----w- c:programdataNexonUS
2010-07-23 07:16 . 2010-07-23 07:16 -------- d-----w- c:program filesiPod
2010-07-20 03:17 . 2010-07-20 03:17 -------- d-----w- c:program filesVVVVVV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 00:17 . 2010-01-10 08:15 -------- d-----w- c:usersAdministratorAppDataRoamingLimeWire
2010-08-09 04:43 . 2010-08-09 04:43 452104 ----a-w- c:usersAdministratorAppDataRoamingRealUpdatesetup3.12setup.exe
2010-08-06 03:23 . 2010-08-06 03:23 47364 ----a-w- c:programdataBlizzard EntertainmentBattle.netCacheDownloadScan.dll
2010-08-05 10:01 . 2010-01-26 02:51 -------- d-----w- c:usersAdministratorAppDataRoaminguTorrent
2010-08-04 02:33 . 2010-07-24 01:11 765952 ----a-w- c:programdataNexonUSNGMNGMDll.dll
2010-07-31 19:12 . 2009-12-23 11:26 -------- d-----w- c:program filesCommon FilesAdobe
2010-07-31 18:56 . 2010-07-31 18:56 10134 ----a-w- c:usersAdministratorAppDataRoamingMicrosoftInstaller{024521CF-C07E-4F8E-8481-0D75695E03AF}ARPPRODUCTICON.exe
2010-07-31 01:46 . 2009-12-23 11:28 -------- d-----w- c:program filesJava
2010-07-28 23:18 . 2009-12-23 11:36 -------- d-----w- c:programdataMicrosoft Help
2010-07-27 20:03 . 2009-12-23 11:33 -------- d-----w- c:programdataSpybot - Search & Destroy
2010-07-27 19:10 . 2009-12-26 00:47 109392 ----a-w- c:usersAdministratorAppDataLocalGDIPFONTCACHEV1.DAT
2010-07-27 18:27 . 2010-07-31 01:39 38784 ----a-w- c:usersAdministratorAppDataRoamingMacromediaFlash Playerwww.macromedia.combinairappinstallerairappinstaller.exe
2010-07-27 18:06 . 2010-05-13 00:11 -------- d-----w- c:program filesDAEMON Tools Toolbar
2010-07-26 23:09 . 2010-01-16 00:07 -------- d-----w- c:program filesReal
2010-07-24 01:12 . 2010-07-24 01:11 98304 ----a-w- c:programdataNexonUSNGMnpNxGameUS.dll
2010-07-24 01:12 . 2010-07-24 01:11 258352 ----a-w- c:programdataNexonUSNGMunicows.dll
2010-07-24 01:11 . 2010-07-24 01:11 401408 ----a-w- c:programdataNexonUSNGMNGMResource.dll
2010-07-24 01:11 . 2010-07-24 01:11 126976 ----a-w- c:programdataNexonUSNGMnxgameus.dll
2010-07-24 01:11 . 2010-07-24 01:11 172032 ----a-w- c:programdataNexonUSNGMNGM.exe
2010-07-23 07:21 . 2009-12-26 05:19 -------- d-----w- c:program filesiTunes
2010-07-23 07:16 . 2009-12-26 05:10 -------- d-----w- c:program filesCommon FilesApple
2010-07-23 07:05 . 2010-07-23 07:05 73000 ----a-w- c:programdataApple ComputerInstaller CacheiTunes 9.2.1.5SetupAdmin.exe
2010-07-16 11:07 . 2010-03-05 04:36 -------- d-----w- c:program filesSafari
2010-07-16 11:02 . 2010-07-16 11:02 71992 ----a-w- c:programdataApple ComputerInstaller CacheSafari 5.33.16.0SetupAdmin.exe
2010-07-01 03:31 . 2010-01-04 05:14 -------- d-----w- c:programdataYahoo! Companion
2010-07-01 00:49 . 2010-07-01 00:49 -------- d-----w- c:programdataOffice Genuine Advantage
2010-07-01 00:47 . 2010-02-21 05:05 -------- d-----w- c:program filesMicrosoft Silverlight
2010-06-22 05:05 . 2010-01-26 02:51 -------- d-----w- c:program filesAsk.com
2010-06-22 04:53 . 2010-02-23 23:55 -------- d-----w- c:programdataMcAfee Security Scan
2010-06-22 04:51 . 2009-12-26 05:17 -------- d-----w- c:program filesQuickTime
2010-06-22 04:50 . 2010-06-22 04:50 -------- d-----w- c:program filesApple Software Update
2010-06-22 04:50 . 2009-12-26 05:17 -------- d-----w- c:program filesBonjour
2010-06-22 04:21 . 2010-06-22 04:21 2944904 ----a-w- c:usersAdministratorAppDataRoamingMozillaFirefoxProfiles1ldcdv8r.defaultextensionstoolbar@ask.comchrometempaskToolbar.exe
2010-06-10 05:32 . 2010-06-10 05:32 45056 ----a-w- c:usersAdministratorAppDataRoamingMicrosoftInstaller{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}SIMEditor.exe_DAC0B88953594FDC893A2B8EF6B71B6F.exe
2010-06-10 05:32 . 2010-06-10 05:32 10134 ----a-w- c:usersAdministratorAppDataRoamingMicrosoftInstaller{DAC0B889-5359-4FDC-893A-2B8EF6B71B6F}ARPPRODUCTICON.exe
2010-05-27 07:24 . 2010-06-22 04:20 34304 ----a-w- c:windowssystem32atmlib.dll
2010-05-27 03:49 . 2010-06-22 04:20 293888 ----a-w- c:windowssystem32atmfd.dll
2010-05-21 21:14 . 2009-12-23 11:40 221568 ------w- c:windowssystem32MpSigStub.exe
2010-05-21 05:18 . 2010-06-22 04:20 977920 ----a-w- c:windowssystem32wininet.dll
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:windowssystem32dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:windowssystem32dns-sd.exe
2010-05-17 23:23 . 2010-05-17 23:22 30544 ----a-w- c:windowsdirdib.drv
2010-05-17 23:23 . 2010-05-17 23:22 30464 ----a-w- c:windowsmacromix.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:windowsFontsStaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:windowswinsxsx86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86cWinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:program filesAsk.comGenericAskToolbar.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program filesAsk.comGenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program filesAsk.comGenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Pando Media Booster"="c:program filesPando NetworksMedia BoosterPMB.exe" [2009-12-26 2935480]
"Search Protection"="c:program filesYahoo!Search ProtectionSearchProtection.exe" [2009-02-23 111856]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-01-16 39408]
"DAEMON Tools Lite"="c:program filesDAEMON Tools LiteDTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"RtHDVCpl"="c:program filesRealtekAudioHDARtHDVCpl.exe" [2009-10-22 7858720]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2010-05-14 248552]
"RemoteControl"="c:program filesCyberLinkPowerDVDPDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:program filesCyberLinkPowerDVDLanguageLanguage.exe" [2006-12-06 54832]
"GrooveMonitor"="c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe" [2008-10-25 31072]
"YSearchProtection"="c:program filesYahoo!Search ProtectionSearchProtection.exe" [2009-02-23 111856]
"TkBellExe"="c:program filesCommon FilesRealUpdate_OBrealsched.exe" [2010-01-16 185896]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2010-07-13 47904]
"SBAMTray"="c:program filesSunbelt SoftwareVIPRESBAMTray.exe" [2010-04-19 1291600]
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2010-07-21 141608]
"AdobeAAMUpdater-1.0"="c:program filesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:program filesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096]

c:usersAdministratorAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
LimeWire On Startup.lnk - c:program filesLimeWireLimeWire.exe [2010-3-23 503808]
OneNote 2007 Screen Clipper and Launcher.lnk - c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2009-2-26 97680]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
McAfee Security Scan Plus.lnk - c:program filesMcAfee Security Scan2.0.181SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalSBPIMSvc]
@="Service"

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesMcAfee Security Scan2.0.181McCHSvc.exe [2010-01-15 227232]
R3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des [2009-09-03 3347280]
R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:program filesCommon FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-05-13 1343400]
R4 sptd;sptd;c:windowssystem32Driverssptd.sys [2010-05-13 691696]
S1 SBRE;SBRE;c:windowssystem32driversSBREDrv.sys [2009-10-13 95024]
S1 SbTis;SbTis;c:windowssystem32driverssbtis.sys [2010-03-11 204632]
S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2009-08-18 176128]
S2 SBAMSvc;VIPRE Antivirus;c:program filesSunbelt SoftwareVIPRESBAMSvc.exe [2010-04-19 2726000]
S2 sbapifs;sbapifs;c:windowssystem32DRIVERSsbapifs.sys [2010-01-04 69720]
S2 SBPIMSvc;SB Recovery Service;c:program filesSunbelt SoftwareVIPRESBPIMSvc.exe [2010-04-19 181584]
S2 SBSDWSCService;SBSD Security Center Service;c:program filesSpybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]
S2 XobniService;XobniService;c:program filesXobniXobniService.exe [2009-07-14 44776]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:windowssystem32driverbleepmanpro35.sys [2010-08-11 16968]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60x.sys [2009-07-13 229888]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - HITMANPRO35
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} -
FF - ProfilePath - c:usersAdministratorAppDataRoamingMozillaFirefoxProfiles1ldcdv8r.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15153&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=1B8D4C3F-8EF9-49EC-92BD-35B62C691F57&apn_ptnrs=UF&apn_sauid=A1A15E1E-1B60-4FEC-8A4A-118FB6949941&apn_dtid=&q=
FF - component: c:program filesAdobeAdobe Contribute CS5PluginsFirefoxPlugin{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}componentsContribute.dll
FF - component: c:usersAdministratorAppDataRoamingMozillaFirefoxProfiles1ldcdv8r.defaultextensionsDTToolbar@toolbarnet.comcomponentsDTToolbarFF.dll
FF - plugin: c:program filesJavajre6binnew_pluginnpdeployJava1.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpContribute.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpdeployJava1.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpPandoWebInst.dll
FF - plugin: c:programdataNexonUSNGMnpNxGameUS.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

BHO-{5B291E6C-9A74-4034-971B-A4B007A0B315} - c:program filesPlayBoxtoolbar.ni.dll
Toolbar-Locked - (no file)
Toolbar-{5B291E6C-9A74-4034-971B-A4B007A0B315} - c:program filesPlayBoxtoolbar.ni.dll
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - c:program filesPlayBoxtoolbar.ni.dll
AddRemove-{FBB02B04-C034-4382-A3F6-57416E2752C4} - c:program filesCommon FilesAdobeOOBEPDAppcorePDApp.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86415B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x85203dc0
QueryNameProcedure -> 0x85203f50
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINEsystemControlSet001servicesnpggsvc]
"ImagePath"="c:windowssystem32GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,a9,8f,a9,22,3f,a4,4a,9f,c9,f9,
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,18,e8,e1,3b,b5,1f,49,b3,1c,1f,
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,18,e8,e1,3b,b5,1f,49,b3,1c,1f,

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.3g2UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.3gpUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.3gp2UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.3gppUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.AACUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ADTUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ADTSUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aifUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aifcUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aiffUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.asfUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.asxUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.auUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.aviUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cdaUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.cddaUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.gifUserChoice]
@Denied: (2) (Administrator)
"Progid"="Applicationsphotoviewer.dll"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ipaUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ipgUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ipswUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.itdbUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.iteUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ite"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.itlUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.itlpUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itlp"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.itmsUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.itpcUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.jpgUserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m1vUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m2tUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m2tsUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m2vUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m3uUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m3u8UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m4aUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m4bUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m4pUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m4rUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.m4vUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mhtUserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mhtmlUserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.midUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.midiUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.modUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.movUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mp2UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mp2vUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mp3UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mp4UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mp4vUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mpaUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mpeUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mpegUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mpgUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mpv2UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.mtsUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.oldUserChoice]
@Denied: (2) (Administrator)
"Progid"="old_auto_file"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pcastUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.plsUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.pngUserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.rmiUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.sndUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.tsUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.ttsUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.urlUserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wavUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.waveUserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.waxUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmaUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmdUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmsUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmvUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmxUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wmzUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wplUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.wvxUserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERSS-1-5-21-890758347-3072624808-1394239574-500SoftwareSecuROMLicense information*]
"datasecu"=hex:e1,f7,43,48,06,41,c0,43,bc,98,67,bd,49,16,51,14,fc,51,94,f3,eb,
54,a6,58,47,c1,75,64,8f,f9,a4,0d,53,ea,44,85,1b,8b,23,e2,b8,7a,11,8f,1e,13,
"rkeysecu"=hex:66,54,7a,6a,df,63,25,22,ce,92,e0,57,3d,56,9d,44

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]
@="c:Windowssystem32MacromedFlashFlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3180)
c:program filesSunbelt SoftwareVIPREoehook.dll
.
------------------------ Other Running Processes ------------------------
.
c:windowssystem32atieclxx.exe
c:program filesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
c:program filesBonjourmDNSResponder.exe
c:windowssystem32DRIVERSxaudio.exe
c:program filesYahoo!SoftwareUpdateYahooAUService.exe
c:windowssystem32taskhost.exe
c:windowssystem32conhost.exe
c:program filesiPodbiniPodService.exe
c:program filesWindows Media Playerwmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-08-10 17:24:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-11 00:24

Pre-Run: 165,693,235,200 bytes free
Post-Run: 165,759,295,488 bytes free

- - End Of File - - B3F8890B5E0FC39A50E65E19E1DE9DDD


Awaiting your response

UPDATE: Ever since running combofix, the google link redirecting has stopped. However, Hitman is still detecting a TDL3 variant, and tracking cookies from places like ad(.)yieldmanager(.)com (sans the parenthesis) that cannot be removed.

Merged posts. ~ OB
Merged another post ~BP


Google redirect is back.

Edited by Budapest, 14 August 2010 - 07:00 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:10 PM

Posted 17 August 2010 - 04:48 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 abc123456789

abc123456789
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 17 August 2010 - 08:50 PM


DDS (Ver_10-03-17.01) - NTFSx86
DDS log:
Run by Administrator at 18:13:13.85 on Tue 08/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2814.1522 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0GJEY49\dds[1].scr
C:\Windows\system32\conhost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE

============== Pseudo HJT Report ===============

mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 133.1.16.172:3128
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} -
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\1ldcdv8r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15153&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=1B8D4C3F-8EF9-49EC-92BD-35B62C691F57&apn_ptnrs=UF&apn_sauid=A1A15E1E-1B60-4FEC-8A4A-118FB6949941&apn_dtid=&q=
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\1ldcdv8r.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-5-27 204632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-4-19 2726000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-1-4 69720]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-4-19 181584]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-27 1153368]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-7-14 44776]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-8-10 16968]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]

=============== Created Last 30 ================

2010-08-17 02:13:39 0 d-----w- c:\users\admini~1\appdata\roaming\cYo
2010-08-17 00:31:46 0 d-----w- c:\program files\ComicRack
2010-08-16 08:00:00 0 ----a-w- c:\windows\system32\SBRC.dat
2010-08-11 00:24:01 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-11 00:21:49 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-10 23:51:04 98816 ----a-w- c:\windows\sed.exe
2010-08-10 23:51:04 77312 ----a-w- c:\windows\MBR.exe
2010-08-10 23:51:04 256512 ----a-w- c:\windows\PEV.exe
2010-08-10 23:51:04 161792 ----a-w- c:\windows\SWREG.exe
2010-08-10 23:00:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-10 22:59:47 0 d-----w- c:\programdata\Hitman Pro
2010-08-10 22:59:42 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-10 22:50:23 0 d-----w- c:\program files\Trend Micro
2010-08-05 06:22:52 0 d-----w- c:\programdata\Blizzard Entertainment
2010-08-05 06:22:51 0 d-----w- c:\program files\StarCraft II
2010-08-05 06:22:51 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-07-31 20:07:26 0 d-----w- c:\users\admini~1\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-07-31 19:16:01 0 d-----w- c:\programdata\ALM
2010-07-31 19:10:36 0 d-----w- c:\users\administrator\Adobe Flash Builder 4
2010-07-31 01:47:42 0 d-----w- c:\programdata\Sun
2010-07-31 01:47:16 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-29 10:19:53 0 d-----w- c:\program files\Wise Registry Cleaner
2010-07-28 22:22:50 0 d-----w- c:\program files\vLite
2010-07-27 19:54:27 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 19:48:02 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-07-27 19:23:48 0 d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2010-07-27 19:23:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 19:23:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 19:23:36 0 d-----w- c:\programdata\Malwarebytes
2010-07-27 19:23:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 18:35:42 0 d-----w- c:\program files\My Company Name
2010-07-27 18:35:42 0 d-----w- c:\program files\common files\PX Storage Engine
2010-07-27 18:05:39 0 d-----w- c:\program files\DAEMON Tools Lite
2010-07-27 18:03:49 0 d-----w- c:\users\admini~1\appdata\roaming\DAEMON Tools Pro
2010-07-27 18:03:49 0 d-----w- c:\programdata\DAEMON Tools Pro
2010-07-24 22:31:24 0 d-----w- c:\programdata\IObit
2010-07-24 22:25:40 0 d-----w- c:\users\admini~1\appdata\roaming\IObit
2010-07-24 01:11:51 0 d-----w- c:\programdata\NexonUS
2010-07-23 07:16:49 0 d-----w- c:\program files\iPod
2010-07-20 03:17:18 0 d-----w- c:\program files\VVVVVV

==================== Find3M ====================

2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-23 04:38:40 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-29 00:58:08 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:16:24.60 ===============

Attached Files

  • Attached File  ark.txt   33.83KB   4 downloads


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:10 PM

Posted 18 August 2010 - 04:04 PM

Hello abc123456789,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

3.
Download Bootkit remover to your desktop

1. Extract the file to your desktop.
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose Select All.
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.

4.
Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"



Things to include in your next reply::
TDSS-Killer log
MBRcheck log
Bootkit remover log
RkuUnhooker log
How is your amchine running now?
Does your computer connect to the internet through a Router?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 abc123456789

abc123456789
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 18 August 2010 - 04:37 PM

It says no problems were found.
2010/08/18 14:21:14.0843 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/18 14:21:14.0844 ================================================================================
2010/08/18 14:21:14.0844 SystemInfo:
2010/08/18 14:21:14.0844
2010/08/18 14:21:14.0844 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/18 14:21:14.0844 Product type: Workstation
2010/08/18 14:21:14.0844 ComputerName: MININT-IOIGUVH
2010/08/18 14:21:14.0846 UserName: Administrator
2010/08/18 14:21:14.0846 Windows directory: C:\Windows
2010/08/18 14:21:14.0846 System windows directory: C:\Windows
2010/08/18 14:21:14.0846 Processor architecture: Intel x86
2010/08/18 14:21:14.0846 Number of processors: 2
2010/08/18 14:21:14.0847 Page size: 0x1000
2010/08/18 14:21:14.0847 Boot type: Normal boot
2010/08/18 14:21:14.0847 ================================================================================
2010/08/18 14:21:15.0217 Initialize success
2010/08/18 14:21:18.0162 ================================================================================
2010/08/18 14:21:18.0163 Scan started
2010/08/18 14:21:18.0163 Mode: Manual;
2010/08/18 14:21:18.0163 ================================================================================
2010/08/18 14:21:20.0440 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/18 14:21:20.0535 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/18 14:21:20.0576 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/18 14:21:20.0713 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/18 14:21:20.0775 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/18 14:21:20.0825 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/18 14:21:20.0945 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/18 14:21:20.0988 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/18 14:21:21.0041 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/18 14:21:21.0102 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/18 14:21:21.0147 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/18 14:21:21.0189 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/18 14:21:21.0237 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/18 14:21:21.0294 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/18 14:21:21.0355 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/18 14:21:21.0406 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/18 14:21:21.0471 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/18 14:21:21.0518 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/18 14:21:21.0695 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/18 14:21:21.0753 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/18 14:21:21.0850 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/18 14:21:21.0905 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/18 14:21:21.0993 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2010/08/18 14:21:22.0288 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/18 14:21:22.0594 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/18 14:21:22.0692 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/18 14:21:22.0773 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/18 14:21:22.0862 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/18 14:21:22.0932 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/18 14:21:22.0971 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/18 14:21:23.0006 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/18 14:21:23.0075 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/18 14:21:23.0112 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/18 14:21:23.0157 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/18 14:21:23.0198 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/18 14:21:23.0241 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/18 14:21:23.0520 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/18 14:21:23.0624 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/18 14:21:23.0686 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/18 14:21:23.0748 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/18 14:21:23.0843 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/18 14:21:23.0891 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/18 14:21:23.0963 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/18 14:21:24.0019 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/18 14:21:24.0075 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/18 14:21:24.0138 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/18 14:21:24.0229 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/18 14:21:24.0346 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/18 14:21:24.0398 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/18 14:21:24.0459 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/18 14:21:24.0556 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/18 14:21:24.0635 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/18 14:21:24.0902 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/18 14:21:25.0095 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/18 14:21:25.0149 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/18 14:21:25.0238 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/18 14:21:25.0290 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/18 14:21:25.0330 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/18 14:21:25.0428 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/18 14:21:25.0469 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/18 14:21:25.0502 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/18 14:21:25.0578 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/18 14:21:25.0648 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/18 14:21:25.0692 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/18 14:21:25.0737 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/18 14:21:25.0799 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/18 14:21:25.0870 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/18 14:21:25.0941 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/18 14:21:26.0007 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/08/18 14:21:26.0064 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/18 14:21:26.0111 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/18 14:21:26.0147 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/18 14:21:26.0201 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/18 14:21:26.0257 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/18 14:21:26.0348 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/18 14:21:26.0442 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/08/18 14:21:26.0519 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/08/18 14:21:26.0592 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/18 14:21:26.0669 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/18 14:21:26.0722 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/18 14:21:26.0791 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/18 14:21:26.0848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/18 14:21:27.0062 IntcAzAudAddService (810ad686e0c342817b24a631f734850c) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/18 14:21:27.0271 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/18 14:21:27.0325 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/18 14:21:27.0373 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/18 14:21:27.0430 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/18 14:21:27.0473 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/18 14:21:27.0560 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/18 14:21:27.0604 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/18 14:21:27.0655 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/18 14:21:27.0724 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/08/18 14:21:27.0785 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/18 14:21:27.0836 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/18 14:21:27.0915 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/18 14:21:27.0954 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/18 14:21:28.0072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/18 14:21:28.0171 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/18 14:21:28.0212 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/18 14:21:28.0256 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/18 14:21:28.0298 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/18 14:21:28.0355 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/18 14:21:28.0416 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/08/18 14:21:28.0456 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/18 14:21:28.0520 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/18 14:21:28.0593 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/18 14:21:28.0645 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/18 14:21:28.0701 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/18 14:21:28.0765 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/18 14:21:28.0820 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/18 14:21:28.0865 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/18 14:21:28.0925 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/18 14:21:28.0982 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/18 14:21:29.0044 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/18 14:21:29.0096 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/18 14:21:29.0169 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/18 14:21:29.0239 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/18 14:21:29.0277 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/18 14:21:29.0382 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/18 14:21:29.0422 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/18 14:21:29.0456 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/18 14:21:29.0548 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/18 14:21:29.0586 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/18 14:21:29.0632 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/18 14:21:29.0684 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/18 14:21:29.0740 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/18 14:21:29.0779 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/18 14:21:29.0828 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/18 14:21:29.0871 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/18 14:21:29.0954 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/18 14:21:30.0018 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/18 14:21:30.0075 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/18 14:21:30.0129 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/18 14:21:30.0174 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/18 14:21:30.0213 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/18 14:21:30.0255 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/18 14:21:30.0325 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/18 14:21:30.0363 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/18 14:21:30.0525 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/18 14:21:30.0598 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/18 14:21:30.0693 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/18 14:21:30.0804 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/18 14:21:30.0915 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/18 14:21:30.0976 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/18 14:21:31.0019 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/18 14:21:31.0072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/18 14:21:31.0123 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/18 14:21:31.0236 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/18 14:21:31.0304 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/18 14:21:31.0341 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/18 14:21:31.0427 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/18 14:21:31.0472 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/18 14:21:31.0522 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/18 14:21:31.0570 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/18 14:21:31.0623 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/18 14:21:31.0891 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/18 14:21:31.0933 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/18 14:21:32.0031 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/18 14:21:32.0086 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/18 14:21:32.0198 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/18 14:21:32.0314 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/18 14:21:32.0372 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/18 14:21:32.0412 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/18 14:21:32.0486 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/18 14:21:32.0542 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/18 14:21:32.0608 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/18 14:21:32.0652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/18 14:21:32.0733 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/18 14:21:32.0775 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/18 14:21:32.0819 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/18 14:21:32.0876 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/18 14:21:32.0932 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/18 14:21:32.0988 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/18 14:21:33.0046 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/18 14:21:33.0121 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/18 14:21:33.0270 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/18 14:21:33.0309 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/18 14:21:33.0457 sbapifs (9215ce4563c5d1e402c85e5cfbf51488) C:\Windows\system32\DRIVERS\sbapifs.sys
2010/08/18 14:21:33.0525 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/18 14:21:33.0624 SBRE (06cf3163f98aa1b8b6812b7d2d60941a) C:\Windows\system32\drivers\SBREDrv.sys
2010/08/18 14:21:33.0706 SbTis (bc43437fd8472d0bea2e142b04c4d5fa) C:\Windows\system32\drivers\sbtis.sys
2010/08/18 14:21:33.0776 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/18 14:21:33.0861 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/18 14:21:33.0981 Ser2pl (cb3e852b818946f396e35a976ee6b552) C:\Windows\system32\DRIVERS\ser2pl.sys
2010/08/18 14:21:34.0018 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/18 14:21:34.0057 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/18 14:21:34.0097 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/18 14:21:34.0193 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/18 14:21:34.0237 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/18 14:21:34.0277 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/18 14:21:34.0320 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/18 14:21:34.0392 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/18 14:21:34.0469 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/18 14:21:34.0515 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/18 14:21:34.0564 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/18 14:21:34.0664 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/18 14:21:34.0832 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/08/18 14:21:34.0926 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/18 14:21:34.0992 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/18 14:21:35.0077 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/08/18 14:21:35.0169 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/08/18 14:21:35.0258 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/08/18 14:21:35.0338 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/18 14:21:35.0420 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/18 14:21:35.0499 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/18 14:21:35.0557 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/18 14:21:35.0596 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/18 14:21:35.0808 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/18 14:21:35.0935 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/18 14:21:36.0006 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/18 14:21:36.0071 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/18 14:21:36.0112 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/18 14:21:36.0159 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/18 14:21:36.0204 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/18 14:21:36.0334 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/18 14:21:36.0456 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/18 14:21:36.0513 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/18 14:21:36.0561 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/18 14:21:36.0645 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/18 14:21:36.0704 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/18 14:21:36.0738 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/18 14:21:36.0849 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/18 14:21:36.0892 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/18 14:21:36.0927 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/18 14:21:36.0976 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/18 14:21:37.0034 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/18 14:21:37.0078 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/18 14:21:37.0128 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/18 14:21:37.0174 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/18 14:21:37.0208 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/18 14:21:37.0287 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/18 14:21:37.0388 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/18 14:21:37.0444 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/18 14:21:37.0499 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/18 14:21:37.0561 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/18 14:21:37.0603 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/18 14:21:37.0646 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/18 14:21:37.0701 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/18 14:21:37.0745 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/18 14:21:37.0781 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/18 14:21:37.0853 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/18 14:21:37.0908 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/18 14:21:37.0975 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/18 14:21:38.0041 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/18 14:21:38.0101 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/08/18 14:21:38.0157 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/18 14:21:38.0238 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/18 14:21:38.0312 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 14:21:38.0352 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 14:21:38.0505 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/18 14:21:38.0566 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/18 14:21:38.0720 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/18 14:21:38.0761 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/18 14:21:38.0859 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/08/18 14:21:39.0049 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/18 14:21:39.0115 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/18 14:21:39.0224 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/18 14:21:39.0324 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/18 14:21:39.0381 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/18 14:21:39.0465 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/08/18 14:21:39.0619 ================================================================================
2010/08/18 14:21:39.0619 Scan finished
2010/08/18 14:21:39.0619 ================================================================================

MBR says its found something

2010/08/18 14:21:14.0843 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/18 14:21:14.0844 ================================================================================
2010/08/18 14:21:14.0844 SystemInfo:
2010/08/18 14:21:14.0844
2010/08/18 14:21:14.0844 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/18 14:21:14.0844 Product type: Workstation
2010/08/18 14:21:14.0844 ComputerName: MININT-IOIGUVH
2010/08/18 14:21:14.0846 UserName: Administrator
2010/08/18 14:21:14.0846 Windows directory: C:\Windows
2010/08/18 14:21:14.0846 System windows directory: C:\Windows
2010/08/18 14:21:14.0846 Processor architecture: Intel x86
2010/08/18 14:21:14.0846 Number of processors: 2
2010/08/18 14:21:14.0847 Page size: 0x1000
2010/08/18 14:21:14.0847 Boot type: Normal boot
2010/08/18 14:21:14.0847 ================================================================================
2010/08/18 14:21:15.0217 Initialize success
2010/08/18 14:21:18.0162 ================================================================================
2010/08/18 14:21:18.0163 Scan started
2010/08/18 14:21:18.0163 Mode: Manual;
2010/08/18 14:21:18.0163 ================================================================================
2010/08/18 14:21:20.0440 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/18 14:21:20.0535 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/18 14:21:20.0576 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/18 14:21:20.0713 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/18 14:21:20.0775 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/18 14:21:20.0825 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/18 14:21:20.0945 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/18 14:21:20.0988 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/18 14:21:21.0041 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/18 14:21:21.0102 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/18 14:21:21.0147 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/18 14:21:21.0189 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/18 14:21:21.0237 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/18 14:21:21.0294 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/18 14:21:21.0355 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/18 14:21:21.0406 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/18 14:21:21.0471 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/18 14:21:21.0518 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/18 14:21:21.0695 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/18 14:21:21.0753 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/18 14:21:21.0850 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/18 14:21:21.0905 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/18 14:21:21.0993 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2010/08/18 14:21:22.0288 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/18 14:21:22.0594 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/18 14:21:22.0692 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/18 14:21:22.0773 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/18 14:21:22.0862 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/18 14:21:22.0932 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/18 14:21:22.0971 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/18 14:21:23.0006 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/18 14:21:23.0075 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/18 14:21:23.0112 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/18 14:21:23.0157 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/18 14:21:23.0198 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/18 14:21:23.0241 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/18 14:21:23.0520 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/18 14:21:23.0624 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/18 14:21:23.0686 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/18 14:21:23.0748 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/18 14:21:23.0843 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/18 14:21:23.0891 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/18 14:21:23.0963 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/18 14:21:24.0019 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/18 14:21:24.0075 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/18 14:21:24.0138 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/18 14:21:24.0229 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/18 14:21:24.0346 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/18 14:21:24.0398 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/18 14:21:24.0459 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/18 14:21:24.0556 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/18 14:21:24.0635 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/18 14:21:24.0902 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/18 14:21:25.0095 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/18 14:21:25.0149 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/18 14:21:25.0238 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/18 14:21:25.0290 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/18 14:21:25.0330 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/18 14:21:25.0428 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/18 14:21:25.0469 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/18 14:21:25.0502 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/18 14:21:25.0578 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/18 14:21:25.0648 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/18 14:21:25.0692 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/18 14:21:25.0737 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/18 14:21:25.0799 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/18 14:21:25.0870 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/18 14:21:25.0941 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/18 14:21:26.0007 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/08/18 14:21:26.0064 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/18 14:21:26.0111 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/18 14:21:26.0147 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/18 14:21:26.0201 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/18 14:21:26.0257 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/18 14:21:26.0348 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/18 14:21:26.0442 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/08/18 14:21:26.0519 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/08/18 14:21:26.0592 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/18 14:21:26.0669 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/18 14:21:26.0722 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/18 14:21:26.0791 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/18 14:21:26.0848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/18 14:21:27.0062 IntcAzAudAddService (810ad686e0c342817b24a631f734850c) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/18 14:21:27.0271 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/18 14:21:27.0325 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/18 14:21:27.0373 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/18 14:21:27.0430 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/18 14:21:27.0473 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/18 14:21:27.0560 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/18 14:21:27.0604 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/18 14:21:27.0655 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/18 14:21:27.0724 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/08/18 14:21:27.0785 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/18 14:21:27.0836 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/18 14:21:27.0915 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/18 14:21:27.0954 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/18 14:21:28.0072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/18 14:21:28.0171 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/18 14:21:28.0212 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/18 14:21:28.0256 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/18 14:21:28.0298 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/18 14:21:28.0355 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/18 14:21:28.0416 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/08/18 14:21:28.0456 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/18 14:21:28.0520 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/18 14:21:28.0593 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/18 14:21:28.0645 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/18 14:21:28.0701 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/18 14:21:28.0765 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/18 14:21:28.0820 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/18 14:21:28.0865 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/18 14:21:28.0925 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/18 14:21:28.0982 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/18 14:21:29.0044 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/18 14:21:29.0096 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/18 14:21:29.0169 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/18 14:21:29.0239 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/18 14:21:29.0277 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/18 14:21:29.0382 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/18 14:21:29.0422 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/18 14:21:29.0456 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/18 14:21:29.0548 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/18 14:21:29.0586 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/18 14:21:29.0632 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/18 14:21:29.0684 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/18 14:21:29.0740 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/18 14:21:29.0779 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/18 14:21:29.0828 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/18 14:21:29.0871 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/18 14:21:29.0954 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/18 14:21:30.0018 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/18 14:21:30.0075 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/18 14:21:30.0129 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/18 14:21:30.0174 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/18 14:21:30.0213 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/18 14:21:30.0255 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/18 14:21:30.0325 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/18 14:21:30.0363 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/18 14:21:30.0525 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/18 14:21:30.0598 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/18 14:21:30.0693 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/18 14:21:30.0804 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/18 14:21:30.0915 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/18 14:21:30.0976 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/18 14:21:31.0019 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/18 14:21:31.0072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/18 14:21:31.0123 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/18 14:21:31.0236 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/18 14:21:31.0304 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/18 14:21:31.0341 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/18 14:21:31.0427 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/18 14:21:31.0472 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/18 14:21:31.0522 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/18 14:21:31.0570 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/18 14:21:31.0623 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/18 14:21:31.0891 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/18 14:21:31.0933 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/18 14:21:32.0031 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/18 14:21:32.0086 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/18 14:21:32.0198 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/18 14:21:32.0314 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/18 14:21:32.0372 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/18 14:21:32.0412 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/18 14:21:32.0486 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/18 14:21:32.0542 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/18 14:21:32.0608 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/18 14:21:32.0652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/18 14:21:32.0733 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/18 14:21:32.0775 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/18 14:21:32.0819 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/18 14:21:32.0876 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/18 14:21:32.0932 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/18 14:21:32.0988 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/18 14:21:33.0046 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/18 14:21:33.0121 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/18 14:21:33.0270 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/18 14:21:33.0309 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/18 14:21:33.0457 sbapifs (9215ce4563c5d1e402c85e5cfbf51488) C:\Windows\system32\DRIVERS\sbapifs.sys
2010/08/18 14:21:33.0525 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/18 14:21:33.0624 SBRE (06cf3163f98aa1b8b6812b7d2d60941a) C:\Windows\system32\drivers\SBREDrv.sys
2010/08/18 14:21:33.0706 SbTis (bc43437fd8472d0bea2e142b04c4d5fa) C:\Windows\system32\drivers\sbtis.sys
2010/08/18 14:21:33.0776 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/18 14:21:33.0861 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/18 14:21:33.0981 Ser2pl (cb3e852b818946f396e35a976ee6b552) C:\Windows\system32\DRIVERS\ser2pl.sys
2010/08/18 14:21:34.0018 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/18 14:21:34.0057 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/18 14:21:34.0097 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/18 14:21:34.0193 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/18 14:21:34.0237 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/18 14:21:34.0277 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/18 14:21:34.0320 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/18 14:21:34.0392 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/18 14:21:34.0469 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/18 14:21:34.0515 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/18 14:21:34.0564 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/18 14:21:34.0664 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/18 14:21:34.0832 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/08/18 14:21:34.0926 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/18 14:21:34.0992 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/18 14:21:35.0077 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/08/18 14:21:35.0169 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/08/18 14:21:35.0258 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/08/18 14:21:35.0338 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/18 14:21:35.0420 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/18 14:21:35.0499 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/18 14:21:35.0557 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/18 14:21:35.0596 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/18 14:21:35.0808 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/18 14:21:35.0935 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/18 14:21:36.0006 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/18 14:21:36.0071 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/18 14:21:36.0112 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/18 14:21:36.0159 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/18 14:21:36.0204 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/18 14:21:36.0334 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/18 14:21:36.0456 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/18 14:21:36.0513 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/18 14:21:36.0561 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/18 14:21:36.0645 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/18 14:21:36.0704 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/18 14:21:36.0738 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/18 14:21:36.0849 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/18 14:21:36.0892 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/18 14:21:36.0927 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/18 14:21:36.0976 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/18 14:21:37.0034 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/18 14:21:37.0078 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/18 14:21:37.0128 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/18 14:21:37.0174 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/18 14:21:37.0208 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/18 14:21:37.0287 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/18 14:21:37.0388 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/18 14:21:37.0444 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/18 14:21:37.0499 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/18 14:21:37.0561 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/18 14:21:37.0603 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/18 14:21:37.0646 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/18 14:21:37.0701 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/18 14:21:37.0745 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/18 14:21:37.0781 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/18 14:21:37.0853 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/18 14:21:37.0908 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/18 14:21:37.0975 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/18 14:21:38.0041 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/18 14:21:38.0101 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/08/18 14:21:38.0157 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/18 14:21:38.0238 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/18 14:21:38.0312 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 14:21:38.0352 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 14:21:38.0505 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/18 14:21:38.0566 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/18 14:21:38.0720 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/18 14:21:38.0761 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/18 14:21:38.0859 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/08/18 14:21:39.0049 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/18 14:21:39.0115 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/18 14:21:39.0224 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/18 14:21:39.0324 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/18 14:21:39.0381 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/18 14:21:39.0465 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/08/18 14:21:39.0619 ================================================================================
2010/08/18 14:21:39.0619 Scan finished
2010/08/18 14:21:39.0619 ================================================================================

Bootkit:
.\debug.cpp(238) : Debug log started at 18.08.2010 - 21:28:28
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : © 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7 Enterprise Edition (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82a3f000 0x00410000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82a08000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x8647b000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8302e000 0x0000b000 "\SystemRoot\system32\mcupdate_AuthenticAMD.dll"
.\debug.cpp(256) : 0x83039000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8304a000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x83052000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x83094000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8313f000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x831b0000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x83215000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x8325d000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0x83266000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x8326e000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x83279000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x832a3000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x832b4000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x832bc000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x832c7000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x832d7000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x83322000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x83338000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x83341000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x83364000 0x0000a000 "\SystemRoot\system32\DRIVERS\msahci.sys"
.\debug.cpp(256) : 0x8336e000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x8337c000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x83385000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x833b9000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x833ca000 0x0000a000 "\SystemRoot\System32\Drivers\PxHelp20.sys"
.\debug.cpp(256) : 0x8a617000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x8a746000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x8a771000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x8a784000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x8a7e1000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x8a7ef000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x8a80e000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8a8c5000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8a903000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8aa29000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8ab72000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8aba3000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8abac000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8abeb000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8a928000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8aa00000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8aa10000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8a955000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8aa18000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8a987000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8a9d2000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8a9f1000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8a9f8000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8a600000 0x00016000 "\SystemRoot\system32\drivers\SBREDrv.sys"
.\debug.cpp(256) : 0x8a800000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x833d4000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x83200000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8a7f8000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8320d000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x833f5000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x831be000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x831c9000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x831d7000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x831ee000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x9000b000 0x00031000 "\SystemRoot\system32\drivers\sbtis.sys"
.\debug.cpp(256) : 0x9003c000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x90096000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x900c8000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x900cf000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x900ee000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x900ff000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x9010d000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x90120000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x90130000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x90171000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x9017b000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x90185000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x90191000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x83000000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x83018000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x90417000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x90438000 0x00011000 "\SystemRoot\system32\DRIVERS\amdppm.sys"
.\debug.cpp(256) : 0x90449000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0x90a1d000 0x00515000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x90f32000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x90452000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x9048b000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x904aa000 0x0003c000 "\SystemRoot\system32\DRIVERS\k57nd60x.sys"
.\debug.cpp(256) : 0x9101f000 0x0012d000 "\SystemRoot\system32\DRIVERS\athr.sys"
.\debug.cpp(256) : 0x9114c000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x91156000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x9115c000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x91166000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x911b1000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x911c0000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x911c4000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x911dc000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x911e9000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x91000000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x9100d000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x90a00000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x90fe9000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x904e6000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x90508000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x90520000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x90537000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x911f6000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x90ff4000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x9054e000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x90582000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x90590000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x905d4000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x97016000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x97066000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x97095000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x97a11000 0x002a6000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0x97cb7000 0x0003d000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys"
.\debug.cpp(256) : 0x97cf4000 0x00103000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys"
.\debug.cpp(256) : 0x970ae000 0x000b4000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys"
.\debug.cpp(256) : 0x97a00000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x97162000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x9716f000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x9717a000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
.\debug.cpp(256) : 0x97184000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x98960000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x97195000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x9719f000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x97a0d000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x971b6000 0x00024000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x98bc0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x98800000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x98820000 0x0004d000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x971e5000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x97000000 0x00010000 "\SystemRoot\system32\DRIVERS\sbapifs.sys"
.\debug.cpp(256) : 0x905e5000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x90400000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x9a639000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9a67f000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x9a68f000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x9a6a2000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x9a727000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x9a740000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x9a752000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x9a775000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x9a7b0000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x9a7e3000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0x9e61f000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x9e6b6000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x9e6c0000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x9e6e1000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x9e6ee000 0x00008000 "\SystemRoot\system32\DRIVERS\xaudio.sys"
.\debug.cpp(256) : 0x9e6f6000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x9e745000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xabaa2000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0xabaab000 0x00017000 "\??\C:\Users\ADMINI~1\AppData\Local\Temp\awlirpog.sys"
.\debug.cpp(256) : 0xabb1a000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x771b0000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47900000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x773f0000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00180000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x773d0000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x77050000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x77320000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x76fb0000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x76f60000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x76ed0000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x772f0000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x76d30000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x76ce0000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x76ca0000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x76c90000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x76c80000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x76030000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x75f90000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x75e50000 0x00135000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x75df0000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x75d60000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x75ce0000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x75c80000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x75bb0000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x75ab0000 0x000f4000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x758b0000 0x001f9000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x75890000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x75880000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x757a0000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250093&REV_1000#4&38a09e34&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination="\Device\0000006e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1ab8e7c5&0&2#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination="\Device\AgileVPN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&4745c48&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A103&MI_00#6&e51765b&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000072"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250206&REV_1002#4&38a09e34&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D6AF7451-9BBB-4353-A04F-4DD0575B5F43}"
.\debug.cpp(400) : Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250206&REV_1002#4&38a09e34&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) : Destination="\Device\NDMP6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination="\Device\Video5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1ab8e7c5&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000053"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\00000064"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{006E0404-21E3-46B1-9D54-E4088A7AEE04}"
.\debug.cpp(400) : Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination="\Device\SPDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7ec4353&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination="\Device\TeredoTun"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\XAudio"
.\debug.cpp(400) : Destination="\Device\XAudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1698&SUBSYS_02071025&REV_10#001F16FFFEB3343500#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SEC3046#5&1548069f&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#5&7a395e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) : Destination="\Device\vwififlt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&4aa1d6c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination="\Device\Winachsf0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a55a3dc5-efb4-11de-ab0b-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) : Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a55a3dc6-efb4-11de-ab0b-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a55a3dc9-efb4-11de-ab0b-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{a55a3dc2-efb4-11de-ab0b-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000#5&364984e7&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250206&REV_1002#4&38a09e34&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination="\Device\ConexantDiagnosticsServer"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A103#CN0314-SN30-OV035-VA-R05.00.00#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\awlirpog"
.\debug.cpp(400) : Destination="\Device\awlirpog"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000049"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination="\Device\IPSECDOSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E006105B&REV_01#4&f3fd603&0&0028#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SBTIS_SharedSection0"
.\debug.cpp(400) : Destination="\BaseNamedObjects\SBTIS_SharedSection0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) : Destination="\Device\00000064"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1ab8e7c5&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250093&REV_1000#4&38a09e34&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\0000006e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS1#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&4745c48&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000061"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250206&REV_1002#4&38a09e34&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#SEC3046#5&1548069f&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination="\Device\0000007d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SbTis"
.\debug.cpp(400) : Destination="\Device\SbTis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250206&REV_1002#4&38a09e34&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SBRE"
.\debug.cpp(400) : Destination="\Device\SBRE"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250206&REV_1002#4&38a09e34&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SBTIS_HighEvent0"
.\debug.cpp(400) : Destination="\BaseNamedObjects\SBTIS_HighEvent0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination="\Device\HSF_MDMDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4398&SUBSYS_02061025&REV_00#3&2411e6fe&1&91#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_17_Model_3_-_AMD_Athlon™_X2_Dual-Core_QL-64#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination="\Device\nativewifip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_02061025&REV_00#3&2411e6fe&1&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3AD5DFAD-DCC6-4B0A-A974-7DE9637C686A}"
.\debug.cpp(400) : Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_1698&SUBSYS_02071025&REV_10#001F16FFFEB3343500#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9612&SUBSYS_02061025&REV_00#4&20f79656&0&2808#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
.\debug.cpp(400) : Destination="\Device\0000006e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_02061025&REV_00#3&2411e6fe&1&92#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A103&MI_00#6&e51765b&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000072"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10250206&REV_1002#4&38a09e34&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination="\Device\NDMP7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E006105B&REV_01#4&f3fd603&0&0028#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination="\Device\WwanProt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4397&SUBSYS_02061025&REV_00#3&2411e6fe&1&90#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) : Destination="\Device\ASYNCMAC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SBTIS_LowEvent0"
.\debug.cpp(400) : Destination="\BaseNamedObjects\SBTIS_LowEvent0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000052"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000074"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&14373c3f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000#5&364984e7&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3683f424&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E006105B&REV_01#4&f3fd603&0&0028#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_17_Model_3_-_AMD_Athlon™_X2_Dual-Core_QL-64#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000048"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{20AEAA83-88CB-4CCA-B3FA-870F39016081}"
.\debug.cpp(400) : Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000#5&364984e7&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination="\Device\MICH_AZ0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination="\Device\NDMP8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4396&SUBSYS_02061025&REV_00#3&2411e6fe&1&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&1ab8e7c5&0&3#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{a55a3dc2-efb4-11de-ab0b-806e6f6e6963}#0000004A72500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2114abb1&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GT20N___________________CP02____#5&295b52c0&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{229A8545-3896-4C06-8E2A-5F4B5ADC557D}"
.\debug.cpp(400) : Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9612&SUBSYS_02061025&REV_00#4&20f79656&0&2808#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GT20N___________________CP02____#5&295b52c0&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000047"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000046"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000#5&364984e7&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1B22#4&4745c48&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000062"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
.\boot_cleaner.cpp(424) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;

RKU report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x90A1D000 C:\Windows\system32\DRIVERS\atikmdag.sys 5328896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82A3F000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A3F000 PnpManager 4259840 bytes
0x82A3F000 RAW 4259840 bytes
0x82A3F000 WMIxWDM 4259840 bytes
0x97A11000 C:\Windows\system32\drivers\RTKVHDA.sys 2777088 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x98960000 Win32k 2400256 bytes
0x98960000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8AA29000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8A617000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x9101F000 C:\Windows\system32\DRIVERS\athr.sys 1232896 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x97CF4000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x90F32000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8A80E000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x970AE000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x83094000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9E61F000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9A6A2000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8313F000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90191000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8A784000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x9003C000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9E745000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x97016000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x9E6F6000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x98820000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x91166000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x832D7000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x83215000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9A639000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x90590000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83052000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90130000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8ABAC000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8A8C5000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x97CB7000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x904AA000 C:\Windows\system32\DRIVERS\k57nd60x.sys 245760 bytes (Broadcom Corporation, Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver.)
0x9A775000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x90452000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82A08000 ACPI_HAL 225280 bytes
0x82A08000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x83385000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9054E000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8A955000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90096000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8AB72000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9000B000 C:\Windows\system32\drivers\sbtis.sys 200704 bytes (Sunbelt Software, Inc., Sunbelt TDI Inspection System)
0x97066000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A928000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8A746000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83279000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8A987000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8A903000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x971B6000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x83341000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9A752000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x904E6000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9E6C0000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90417000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x833D4000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8A9D2000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9048B000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x900CF000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x98800000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x971E5000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9A7B0000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x905E5000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9A727000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x97095000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x83000000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x911C4000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x90A00000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x90508000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xABAAB000 C:\Users\ADMINI~1\AppData\Local\Temp\awlirpog.sys 94208 bytes
0x90520000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90537000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x831D7000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9719F000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x83322000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8A600000 C:\Windows\system32\drivers\SBREDrv.sys 90112 bytes (Sunbelt Software, Anti-Rootkit Engine)
0x8A771000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9A68F000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9010D000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9100D000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9A740000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x90438000 C:\Windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)
0x8AA18000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x97184000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x833B9000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x905D4000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x832A3000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83039000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x900EE000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x90400000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8AA00000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9A67F000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x97000000 C:\Windows\system32\DRIVERS\sbapifs.sys 65536 bytes (Sunbelt Software, Sunbelt ActiveProtection Filter)
0x90120000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x832C7000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x911B1000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x83018000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x900FF000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x831C9000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8336E000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8A7E1000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x90582000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x831B0000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x91000000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x97162000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x911DC000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x97A00000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x911E9000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9E6E1000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x83200000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90185000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8A800000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x832BC000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x9716F000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8302E000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0xABB1A000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x831BE000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x90FE9000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x831EE000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8326E000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x9717A000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x97195000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x83364000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x9017B000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90171000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x833CA000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x911F6000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9E6B6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9115C000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x9114C000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x8337C000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xABAA2000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x83338000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8A7EF000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xABB35000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x98BC0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8ABA3000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x90449000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8325D000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8304A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x832B4000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8AA10000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x8647B000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83266000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8A7F8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8320D000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x833F5000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8ABEB000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9E6EE000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8A9F8000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8A9F1000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x900C8000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x91156000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x911C0000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9A7E3000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x90FF4000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x97A0D000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x863EDA17 ?_empty_? 1513 bytes
==============================================
>Stealth
==============================================
0x83338000 WARNING: suspicious driver modification [atapi.sys::0x863EDA17]
0xABA62F2E Unknown thread object [ ETHREAD 0x8550D6B8 ] , 600 bytes

Google redirects and pop-ups are still an issue, and a process called svchost.exe has a tendency to use >75% of my CPU.
My laptop is running through a wireless router

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:10 PM

Posted 18 August 2010 - 05:46 PM

Hello,

You seemed to have given me the TDSS-Killer log twice by accident. I don't see the MBRCheck log
Could you please post that log. If need be you can run it again.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 abc123456789

abc123456789
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 18 August 2010 - 06:04 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Enterprise Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5536
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 185):
0x82A3F000 \SystemRoot\system32\ntkrnlpa.exe
0x82A08000 \SystemRoot\system32\halmacpi.dll
0x8647B000 \SystemRoot\system32\kdcom.dll
0x8302E000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83039000 \SystemRoot\system32\PSHED.dll
0x8304A000 \SystemRoot\system32\BOOTVID.dll
0x83052000 \SystemRoot\system32\CLFS.SYS
0x83094000 \SystemRoot\system32\CI.dll
0x8313F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x831B0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83215000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8325D000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x83266000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8326E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83279000 \SystemRoot\system32\DRIVERS\pci.sys
0x832A3000 \SystemRoot\System32\drivers\partmgr.sys
0x832B4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x832BC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x832C7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x832D7000 \SystemRoot\System32\drivers\volmgrx.sys
0x83322000 \SystemRoot\System32\drivers\mountmgr.sys
0x83338000 \SystemRoot\system32\DRIVERS\atapi.sys
0x83341000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x83364000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8336E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8337C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x83385000 \SystemRoot\system32\drivers\fltmgr.sys
0x833B9000 \SystemRoot\system32\drivers\fileinfo.sys
0x833CA000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A617000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A746000 \SystemRoot\System32\Drivers\msrpc.sys
0x8A771000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A784000 \SystemRoot\System32\Drivers\cng.sys
0x8A7E1000 \SystemRoot\System32\drivers\pcw.sys
0x8A7EF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8A80E000 \SystemRoot\system32\drivers\ndis.sys
0x8A8C5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A903000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8AA29000 \SystemRoot\System32\drivers\tcpip.sys
0x8AB72000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8ABA3000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8ABAC000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8ABEB000 \SystemRoot\System32\Drivers\spldr.sys
0x8A928000 \SystemRoot\System32\drivers\rdyboost.sys
0x8AA00000 \SystemRoot\System32\Drivers\mup.sys
0x8AA10000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8A955000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8AA18000 \SystemRoot\system32\DRIVERS\disk.sys
0x8A987000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8A9D2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A9F1000 \SystemRoot\System32\Drivers\Null.SYS
0x8A9F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A600000 \SystemRoot\system32\drivers\SBREDrv.sys
0x8A800000 \SystemRoot\System32\drivers\vga.sys
0x833D4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x83200000 \SystemRoot\System32\drivers\watchdog.sys
0x8A7F8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8320D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x833F5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x831BE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x831C9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x831D7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x831EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9000B000 \SystemRoot\system32\drivers\sbtis.sys
0x9003C000 \SystemRoot\system32\drivers\afd.sys
0x90096000 \SystemRoot\System32\DRIVERS\netbt.sys
0x900C8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x900CF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x900EE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x900FF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9010D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90120000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90130000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90171000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9017B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90185000 \SystemRoot\System32\drivers\discache.sys
0x90191000 \SystemRoot\system32\drivers\csc.sys
0x83000000 \SystemRoot\System32\Drivers\dfsc.sys
0x83018000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90417000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90438000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x90449000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90A1D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x90F32000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90452000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9048B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x904AA000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x9101F000 \SystemRoot\system32\DRIVERS\athr.sys
0x9114C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91156000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9115C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91166000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x911B1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x911C0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x911C4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x911DC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x911E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91000000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9100D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90FE9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x904E6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90508000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90520000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90537000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x911F6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x90FF4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9054E000 \SystemRoot\system32\DRIVERS\ks.sys
0x90582000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90590000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x905D4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97016000 \SystemRoot\system32\drivers\HdAudio.sys
0x97066000 \SystemRoot\system32\drivers\portcls.sys
0x97095000 \SystemRoot\system32\drivers\drmk.sys
0x97A11000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97CB7000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x97CF4000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x970AE000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x97A00000 \SystemRoot\system32\drivers\modem.sys
0x97162000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9716F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9717A000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97184000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x98960000 \SystemRoot\System32\win32k.sys
0x97195000 \SystemRoot\System32\drivers\Dxapi.sys
0x9719F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97A0D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x971B6000 \SystemRoot\System32\Drivers\usbvideo.sys
0x98BC0000 \SystemRoot\System32\TSDDD.dll
0x98800000 \SystemRoot\System32\cdd.dll
0x98820000 \SystemRoot\System32\ATMFD.DLL
0x971E5000 \SystemRoot\system32\drivers\luafv.sys
0x97000000 \SystemRoot\system32\DRIVERS\sbapifs.sys
0x905E5000 \SystemRoot\system32\drivers\WudfPf.sys
0x90400000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A639000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A67F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A68F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A6A2000 \SystemRoot\system32\drivers\HTTP.sys
0x9A727000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A740000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A752000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A775000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A7B0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A7E3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9E61F000 \SystemRoot\system32\drivers\peauth.sys
0x9E6B6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E6C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E6E1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E6EE000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9E6F6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E745000 \SystemRoot\System32\DRIVERS\srv.sys
0xABAA2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xABAAB000 \??\C:\Users\ADMINI~1\AppData\Local\Temp\awlirpog.sys
0xABB1A000 \SystemRoot\system32\DRIVERS\monitor.sys
0xABB25000 \SystemRoot\system32\drivers\klmd.sys
0x771B0000 \Windows\System32\ntdll.dll
0x47900000 \Windows\System32\smss.exe
0x773F0000 \Windows\System32\apisetschema.dll
0x00180000 \Windows\System32\autochk.exe
0x773D0000 \Windows\System32\normaliz.dll
0x77050000 \Windows\System32\ole32.dll
0x77320000 \Windows\System32\msvcrt.dll
0x76FB0000 \Windows\System32\advapi32.dll
0x76F60000 \Windows\System32\gdi32.dll
0x76ED0000 \Windows\System32\clbcatq.dll
0x772F0000 \Windows\System32\imagehlp.dll
0x76D30000 \Windows\System32\setupapi.dll
0x76CE0000 \Windows\System32\Wldap32.dll
0x76CA0000 \Windows\System32\ws2_32.dll
0x76C90000 \Windows\System32\nsi.dll
0x76C80000 \Windows\System32\lpk.dll
0x76030000 \Windows\System32\shell32.dll
0x75F90000 \Windows\System32\usp10.dll
0x75E50000 \Windows\System32\urlmon.dll
0x75DF0000 \Windows\System32\difxapi.dll
0x75D60000 \Windows\System32\oleaut32.dll
0x75CE0000 \Windows\System32\comdlg32.dll
0x75C80000 \Windows\System32\shlwapi.dll
0x75BB0000 \Windows\System32\user32.dll
0x75AB0000 \Windows\System32\wininet.dll
0x758B0000 \Windows\System32\iertutil.dll
0x75890000 \Windows\System32\sechost.dll
0x75880000 \Windows\System32\psapi.dll
0x757A0000 \Windows\System32\kernel32.dll

Processes (total 60):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
392 csrss.exe
468 C:\Windows\System32\wininit.exe
480 csrss.exe
520 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
572 C:\Windows\System32\winlogon.exe
692 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\atiesrxx.exe
940 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\atieclxx.exe
1368 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\spoolsv.exe
1572 C:\Windows\System32\svchost.exe
1664 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1696 C:\Program Files\Bonjour\mDNSResponder.exe
1736 C:\Windows\System32\svchost.exe
1788 C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
1876 C:\Windows\System32\svchost.exe
1944 C:\Windows\System32\drivers\XAudio.exe
2000 C:\Program Files\Xobni\XobniService.exe
316 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
204 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
1260 C:\Windows\System32\taskhost.exe
1868 C:\Windows\System32\dwm.exe
2920 C:\Windows\System32\svchost.exe
3004 C:\Program Files\Windows Media Player\wmpnetwk.exe
3160 C:\Windows\System32\svchost.exe
3660 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3716 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3732 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3752 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3760 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
3888 C:\Program Files\iTunes\iTunesHelper.exe
4064 C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
384 C:\Program Files\LimeWire\LimeWire.exe
2424 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2188 C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
3556 C:\Program Files\iPod\bin\iPodService.exe
4224 C:\Windows\System32\svchost.exe
4696 taskhost.exe
5612 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3148 C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
304 C:\Windows\System32\wuauclt.exe
4708 C:\Program Files\Internet Explorer\iexplore.exe
4188 C:\Program Files\Internet Explorer\iexplore.exe
1120 C:\Windows\System32\audiodg.exe
5856 C:\Windows\explorer.exe
1252 C:\Program Files\Internet Explorer\iexplore.exe
5164 C:\Users\Administrator\Desktop\tdsskiller.exe
3248 C:\Windows\System32\dllhost.exe
3508 C:\Users\Administrator\Desktop\MBRCheck.exe
4880 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:10 PM

Posted 18 August 2010 - 07:15 PM

Hello,

You have a new version of a nasty malware. I'm currently consulting other members of our Team and will be back with a fix.
Do you happen to have a Windows7 CD/DVD?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 abc123456789

abc123456789
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 18 August 2010 - 07:17 PM

QUOTE(fireman4it @ Aug 18 2010, 07:15 PM) View Post
Hello,

You have a new version of a nasty malware. I'm currently consulting other members of our Team and will be back with a fix.
Do you happen to have a Windows7 CD/DVD?


The laptop was shipped with it already installed, and they didn't include a disk.

Edited by abc123456789, 18 August 2010 - 07:17 PM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:10 PM

Posted 18 August 2010 - 10:09 PM

Hello,

1.
We need to fix your MBR code.

To access the System Recovery Environment in Windows 7, simply boot your PC,
just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
Now, from the System Recovery Options dialog, select the "Operating System" you want to repair,(in your case it would be Windows7) then click Next:
From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
Type the following into the "Command Prompt Window": and press enter after each line

bootrec.exe /fixmbr
bootrec.exe /fixboot


2.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

3.
If you have a copy of Combofix on your desktop please delete it!

4.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply:
MBRCheck log
Combofix log
How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 abc123456789

abc123456789
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 18 August 2010 - 11:13 PM

Hi again. It seems the first part of your instructions(bootrec.exe) have caused my computer to crash. It refuses to start up. Nothing seems to be fixing it. Any kind of help would be appreciated.

Edited by abc123456789, 18 August 2010 - 11:16 PM.


#12 abc123456789

abc123456789
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 18 August 2010 - 11:29 PM

The problem details from startup repair:

Problem event name: Startuprepairoffline
Problem signature 01: 6.1.7600.16385
Problem signature 02: 6.1.7600.16385
Problem signature 03: Unknown
Problem signature 04: 21201022
Problem signature 05: Autofailover
Problem signature 06: 4
Problem signature 07: Norootcause
Os version: 6.1.7600.2.0.0.256.1
Locale id: 1033

I've heard of this problem when you have something like a camera in the USB drive, but absolutely nothing is plugged in, except the power cord. I'm hoping I won't have to format my drive for this. Is there anything, maybe a command line, or a program that I could download on another computer?

Edited by abc123456789, 19 August 2010 - 04:53 PM.


#13 abc123456789

abc123456789
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 19 August 2010 - 05:30 PM

Using the f12 multiboot function and going to network boot, it says no OS found. Any help would be very much appreciated.

Edited by abc123456789, 19 August 2010 - 05:31 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:10 PM

Posted 19 August 2010 - 05:34 PM

Hello,

Can you get into the recovery console still by pressing F8?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 abc123456789

abc123456789
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 19 August 2010 - 05:37 PM

QUOTE(fireman4it @ Aug 19 2010, 05:34 PM) View Post
Hello,

Can you get into the recovery console still by pressing F8?

Yes, however safe mode won't work. Startup repair cannot fix the problem, and system restore doesn't do a thing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users