Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please look at my Hijack this log


  • This topic is locked This topic is locked
41 replies to this topic

#1 knerrd

knerrd

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 06 November 2010 - 09:53 AM

Had a virus/malware. When I run combofix and hijack this, they both say I need to restart to remove threats, but I get either a bluescreen or my desktop background but no icons. Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:53 PM, on 11/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Ellen\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [kbtbgblm] C:\WINDOWS\TEMP\uovbdxncs\fkekomxtsbl.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [kbtbgblm] C:\WINDOWS\TEMP\uovbdxncs\fkekomxtsbl.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7828 bytes

Thanks

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 AM

Posted 06 November 2010 - 10:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 knerrd

knerrd
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 06 November 2010 - 12:59 PM

I downloaded both DDS and GMER. It does not allow either one to finish. They just hang and the whole computer freezes up and I have to do a hard shut down.

I downloaded both DDS and GMER. It does not allow either one to finish. They just hang and the whole computer freezes up and I have to do a hard shut down.

I downloaded both DDS and GMER. It does not allow either one to finish. They just hang and the whole computer freezes up and I have to do a hard shut down.

#4 knerrd

knerrd
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 06 November 2010 - 01:01 PM

I downloaded both DDS and GMER. It does not allow either one to finish. They just hang and the whole computer freezes up and I have to do a hard shut down.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 AM

Posted 06 November 2010 - 03:22 PM

Hello,

We will try a few other scanners then to get the information we need.

1.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

2.
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


3.
Download Bootkit remover to your desktop

1. Extract the file to your desktop.
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose Select All.
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.

Things to include in your next reply:
OTl txt
Extra.txt
RkuUnhooker log
Bootkit Remover log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 knerrd

knerrd
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 06 November 2010 - 08:29 PM

Thank you for your help. I could not run rootkit unhooker because it said "detected a parasite inside itself". The others worked.
Here is Otl.txt:

OTL logfile created on: 11/6/2010 8:53:45 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Ellen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 15.39 Gb Free Space | 14.10% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/06 20:08:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/09/24 14:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/24 14:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 17:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 17:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2004/02/19 03:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP1.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/06 20:08:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/24 14:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/24 14:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/05/04 14:47:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2004/02/19 03:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01) EPSON V3 Service2(03)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\4.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ellen\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/06 16:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 15:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/18 12:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/05/09 11:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/08 21:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/04/23 22:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/23 22:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/23 22:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/05 04:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/01/27 20:06:30 | 000,508,304 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca50xav.sys -- (Ca50xav)
DRV - [2003/05/14 18:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk50x.sys -- (USBCamera)
DRV - [2001/09/10 13:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[2010/11/05 22:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/14 09:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008/01/23 02:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/11/05 21:39:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ellen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ellen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/06 20:07:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\OTL.exe
[2010/11/06 13:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Desktop\gmer
[2010/11/05 23:07:14 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/05 23:07:13 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/05 23:07:11 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/05 23:07:09 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/05 23:07:06 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/05 23:07:06 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/05 23:07:05 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/05 23:06:53 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/05 23:06:52 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/05 23:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/05 23:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/05 22:58:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ellen\Recent
[2010/11/05 22:58:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/05 22:24:01 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/11/05 21:37:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/05 21:17:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/05 21:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Desktop\backups
[2010/11/05 20:33:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ellen\Desktop\HijackThis.exe
[2010/11/05 18:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/11/04 22:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/04 22:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/11/04 19:27:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/04 19:27:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/04 19:27:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/04 19:09:46 | 000,546,224 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ellen\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/11/04 18:41:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/04 11:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/04 11:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/04 11:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/04 11:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/02 19:10:23 | 000,000,000 | ---D | C] -- C:\v2d
[2010/11/02 19:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video2Dvd
[2010/10/10 15:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\My Documents\Movies2DVDProjects
[2010/10/10 15:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Application Data\FreeMoviesToDVD
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/06 20:08:55 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\bootkit_remover.rar
[2010/11/06 20:08:24 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\RKUnhookerLE.EXE
[2010/11/06 20:08:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\OTL.exe
[2010/11/06 19:02:15 | 000,065,723 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/11/06 19:02:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/06 19:02:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/11/06 19:01:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/06 19:01:47 | 2145,579,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 13:28:39 | 000,287,041 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\gmer.zip
[2010/11/06 13:18:55 | 000,629,248 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\dds.scr
[2010/11/05 23:07:15 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/05 23:07:07 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/05 22:45:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\housecall.guid.cache
[2010/11/05 21:39:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/05 10:50:02 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\sar_15_sfx.exe
[2010/11/05 09:35:40 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\HiJackThis.msi
[2010/11/05 09:35:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ellen\Desktop\HijackThis.exe
[2010/11/04 22:59:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/04 19:48:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101104-200612.backup
[2010/11/04 19:06:48 | 000,546,224 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ellen\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/11/04 18:56:30 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Microsoft Excel.lnk
[2010/11/04 18:43:47 | 003,902,849 | R--- | M] () -- C:\Documents and Settings\Ellen\Desktop\ComboFix.exe
[2010/11/04 15:03:33 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Microsoft Word.lnk
[2010/11/03 21:45:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/03 18:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/03 06:44:22 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/02 19:11:11 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2010/11/02 19:10:17 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Total Video2Dvd.lnk
[2010/11/02 19:10:17 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Total Video Player.lnk
[2010/10/14 20:23:41 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/10/11 19:04:00 | 000,065,723 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/10/08 03:03:14 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/08 03:03:14 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/06 20:08:55 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\bootkit_remover.rar
[2010/11/06 20:08:23 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\RKUnhookerLE.EXE
[2010/11/06 13:28:39 | 000,287,041 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\gmer.zip
[2010/11/06 13:18:55 | 000,629,248 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\dds.scr
[2010/11/05 23:07:15 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/05 22:45:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\housecall.guid.cache
[2010/11/05 20:43:32 | 2145,579,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/05 20:33:08 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\HiJackThis.msi
[2010/11/05 18:00:57 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\sar_15_sfx.exe
[2010/11/04 19:27:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/04 19:27:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/04 19:27:32 | 000,088,064 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/04 19:27:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/04 19:27:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/04 18:43:47 | 003,902,849 | R--- | C] () -- C:\Documents and Settings\Ellen\Desktop\ComboFix.exe
[2010/11/04 13:59:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/02 19:11:11 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2010/11/02 19:10:17 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Total Video2Dvd.lnk
[2010/11/02 19:10:17 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Total Video Player.lnk
[2010/09/23 20:25:44 | 000,160,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/23 15:16:18 | 000,000,043 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/07/19 21:03:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/07/19 12:30:52 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Ellen\Application Data\setup_ldm.iss
[2009/04/25 12:28:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/07 08:24:15 | 000,000,530 | ---- | C] () -- C:\WINDOWS\emifokel.dll
[2009/04/07 08:18:58 | 000,000,530 | ---- | C] () -- C:\WINDOWS\puinviet.dll
[2009/04/07 08:09:07 | 000,000,530 | ---- | C] () -- C:\WINDOWS\epulezelag.dll
[2009/04/05 22:50:29 | 000,000,528 | ---- | C] () -- C:\WINDOWS\ewevadaz.dll
[2008/05/13 22:48:32 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\Ellen\Application Data\burnaware.ini
[2008/04/30 21:01:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Widgets
[2008/04/30 21:01:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Ellen\Application Data\Utilities
[2008/04/30 20:52:33 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/04/30 20:07:47 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/01 10:20:29 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\Dext504.ini
[2007/12/11 12:13:35 | 000,000,630 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/10 16:26:50 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\Ellen\Application Data\wklnhst.dat
[2007/09/22 08:39:36 | 000,008,881 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2007/09/12 21:27:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/05 03:52:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/05 03:49:54 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/09/05 03:18:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/05 03:18:06 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/05 03:18:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/05 03:18:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/05 03:18:05 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/05 03:16:59 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/22 22:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/11/05 23:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/12/26 16:44:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/04/30 20:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/05/04 21:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/03/14 09:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008/10/17 18:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/06/07 18:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2007/09/05 03:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2008/04/30 21:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tables
[2007/09/18 20:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/30 20:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/11/02 19:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\FreeMoviesToDVD
[2008/10/19 12:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\GlarySoft
[2008/04/30 10:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\ICQ
[2009/07/19 21:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Leadertech
[2008/11/17 17:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Netscape
[2008/04/30 20:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Nikon
[2008/09/10 08:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\SmartDraw
[2007/10/10 16:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Template
[2010/11/06 19:02:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/05/04 21:51:01 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/02 19:45:06 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/09/13 20:44:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/09/05 03:20:40 | 000,006,273 | RH-- | M] () -- C:\dell.sdr
[2007/12/23 17:52:31 | 000,026,112 | ---- | M] () -- C:\elf.doc
[2007/12/23 17:55:42 | 000,028,672 | ---- | M] () -- C:\elpher.doc
[2010/11/06 19:01:47 | 2145,579,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/24 21:33:16 | 000,222,406 | ---- | M] () -- C:\IMG.pdf
[2010/02/24 21:37:51 | 000,435,833 | ---- | M] () -- C:\IMG_0001.pdf
[2007/09/14 00:14:58 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/12/02 20:10:54 | 000,009,984 | ---- | M] () -- C:\log.txt
[2010/05/08 09:20:35 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2009/11/12 15:14:01 | 000,019,456 | ---- | M] () -- C:\NewYear's.doc
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/28 11:59:24 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/06 19:01:46 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/02/23 13:34:05 | 000,001,379 | ---- | M] () -- C:\photodex-presenter-install.log
[2007/09/05 03:43:57 | 000,000,174 | ---- | M] () -- C:\Setup.log
[2007/12/23 17:52:46 | 000,019,456 | ---- | M] () -- C:\THE ELF.doc

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 18:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 21:13:01

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >



Here is extras.txt

OTL Extras logfile created on: 11/6/2010 8:53:45 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Ellen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 15.39 Gb Free Space | 14.10% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8177:TCP" = 8177:TCP:*:Enabled:BitComet 8177 TCP
"8177:UDP" = 8177:UDP:*:Enabled:BitComet 8177 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5CB3DDA0-F143-4E65-A2FA-3C95F82139D2}_is1" = Wondershare Movie Story GAOTD Edition 4.5.0
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9770A25C-45A7-478E-AF50-4FDE53EED270}" = American Greetings CreataCard Select 6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AF21F061-F04B-42B4-B6C3-784A080F782A}" = dirLock
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{f80cdb82-8070-480d-b09d-4da9eff5bb0d}" = Nero BackItUp 4 Essentials
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast5" = avast! Free Antivirus
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.02.01.0612)
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Legacy 5.0" = Legacy 5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photodex Presenter" = Photodex Presenter
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"ProInst" = Intel® PROSet/Wireless Software
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SynTPDeinstKey" = Dell Touchpad
"Total Video2Dvd 3.12_is1" = Total Video2Dvd 3.12
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2009" = SmartDraw 2009

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2010 3:12:08 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/6/2010 7:12:18 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/6/2010 7:12:19 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/6/2010 7:12:19 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/6/2010 7:12:19 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/6/2010 7:04:56 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/6/2010 7:04:56 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/6/2010 7:04:57 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/6/2010 7:04:57 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/6/2010 7:04:57 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 11/6/2010 1:39:46 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/6/2010 1:39:46 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/6/2010 1:39:55 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Digital Blue DMC2 Video Device service failed to start due to
the following error: %%1058

Error - 11/6/2010 1:41:47 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 11/6/2010 1:43:22 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Digital Blue DMC2 Video Device service failed to start due to
the following error: %%1058

Error - 11/6/2010 1:43:25 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/6/2010 1:43:25 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/6/2010 7:02:04 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 11/6/2010 7:02:04 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 11/6/2010 7:02:12 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Digital Blue DMC2 Video Device service failed to start due to
the following error: %%1058


< End of report >


Here is the bootkit output

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 AM

Posted 07 November 2010 - 01:08 PM

Hello,

Here is the bootkit output

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


This is not the BootkitRemover log. Please run Bootkit remover again and post its log along with the following log.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 knerrd

knerrd
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 08 November 2010 - 07:34 AM

Here is the MBR log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0x8A8C9000 \WINDOWS\system32\KDCOM.DLL
0xBA4BC000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4C0000 compbatt.sys
0xBA4C4000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9E4D000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E2D000 fltmgr.sys
0xB9E1B000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9E04000 KSecDD.sys
0xB9D77000 Ntfs.sys
0xB9D4A000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D30000 Mup.sys
0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB822A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8216000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB81F2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB81CA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7FAE000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xB8FF7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xB7F9A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB8FE7000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB7F86000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB7F35000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB8FD7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB7F03000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8FC7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8FB7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8FA7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7EE0000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA470000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB9929000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9925000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA792000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8F97000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9921000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7EC9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8F87000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8F77000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA478000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7EB8000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8F67000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA480000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA488000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7E88000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8A24000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7E2A000 \SystemRoot\system32\DRIVERS\update.sys
0xBA554000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB89A4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA238000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB0AD0000 \SystemRoot\system32\drivers\sthda.sys
0xB0AAC000 \SystemRoot\system32\drivers\portcls.sys
0xB54B6000 \SystemRoot\system32\drivers\drmk.sys
0xB0A92000 \SystemRoot\system32\drivers\dxec02.sys
0xB0A5E000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB096C000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB08B9000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA400000 \SystemRoot\System32\Drivers\Modem.SYS
0xB6018000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB5CFB000 \??\C:\WINDOWS\system32\SAVRKBootTasks.sys
0xB0869000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB0849000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB02B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xADAFE000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0xBA656000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0xAFA2A000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB02A8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xADA83000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB0845000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAFA22000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xBA658000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAE84F000 \SystemRoot\System32\Drivers\Null.SYS
0xBA65A000 \SystemRoot\System32\Drivers\Beep.SYS
0xAFA1A000 \SystemRoot\System32\drivers\vga.sys
0xBA65C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA65E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xADE13000 \SystemRoot\System32\Drivers\Msfs.SYS
0xADDF3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAC078000 \SystemRoot\System32\Drivers\UdfReadr.SYS
0xB885C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAB9C7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAB29C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4EA6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAA6F5000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA054000 \SystemRoot\System32\drivers\afd.sys
0xB02C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9E85000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9E5A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA997000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9DC2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA987000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAA977000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9CFB000 \SystemRoot\System32\Drivers\aswSP.SYS
0xAAF18000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xAAEEA000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xAA947000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAAD08000 \SystemRoot\System32\drivers\Dxapi.sys
0xAAEDA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6AD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB0851000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBA360000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAAD04000 \SystemRoot\system32\DRIVERS\packet.sys
0xAACFC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAACF4000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA628C000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA611F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA5FEE000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA178000 \SystemRoot\system32\drivers\sysaudio.sys
0xA60B3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA5D38000 \SystemRoot\system32\DRIVERS\srv.sys
0xA581F000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9F0E000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA4120000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
832 C:\WINDOWS\system32\smss.exe
900 csrss.exe
936 C:\WINDOWS\system32\winlogon.exe
984 C:\WINDOWS\system32\services.exe
996 C:\WINDOWS\system32\lsass.exe
1164 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1280 C:\WINDOWS\system32\svchost.exe
1348 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1456 svchost.exe
1516 svchost.exe
1772 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
2040 C:\WINDOWS\explorer.exe
408 C:\WINDOWS\system32\spoolsv.exe
648 svchost.exe
788 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
912 C:\Program Files\Bonjour\mDNSResponder.exe
1336 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1376 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
1384 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
1404 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1424 C:\WINDOWS\system32\ctfmon.exe
1480 C:\Program Files\Digital Line Detect\DLG.exe
1696 C:\WINDOWS\system32\E_S00RP1.EXE
1916 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2128 C:\Program Files\Dell Network Assistant\hnm_svc.exe
2276 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2316 C:\WINDOWS\system32\nvsvc32.exe
2340 C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
2372 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2432 C:\WINDOWS\system32\svchost.exe
2492 wdfmgr.exe
2624 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
516 alg.exe
1176 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
628 C:\WINDOWS\system32\rundll32.exe
4032 C:\WINDOWS\system32\rundll32.exe
1808 C:\Program Files\Microsoft Office\Office\EXCEL.EXE
3128 C:\Program Files\Internet Explorer\iexplore.exe
3672 C:\Documents and Settings\Ellen\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05649600 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHW2120BH, Rev: 00850012

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


and here is the bootkit remover log:

.\debug.cpp(238) : Debug log started at 07.11.2010 - 01:02:51
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : © 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0x8a8d3000 0x00003000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f79000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f68000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba4c0000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c4000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f49000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xb9f23000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0b000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xb9e4d000 0x000be000 "iaStor.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9e2d000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9e1b000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9e04000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9d77000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9d4a000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba108000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba118000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xb9d30000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba1c8000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xb8fea000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb821d000 0x0060e000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb8209000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba450000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb81e5000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba458000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb81bd000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb7fa1000 0x0021c000 "\SystemRoot\system32\DRIVERS\NETw4x32.sys"
.\debug.cpp(256) : 0xb8fda000 0x00010000 "\SystemRoot\system32\DRIVERS\bcm4sbxp.sys"
.\debug.cpp(256) : 0xb7f8d000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0xb8fca000 0x0000e000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0xb7f79000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0xb7f28000 0x00051000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0xb8fba000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xb7ef6000 0x00032000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xba5e4000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba460000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba468000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xb8faa000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xb8f9a000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xb8f8a000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb7ed3000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba470000 0x00007000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xb9924000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xb9920000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xba692000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xb8f7a000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb991c000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb7ebc000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xb8f6a000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xb8f5a000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba478000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb7eab000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xb89bf000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba480000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba488000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb7e7b000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xb89af000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5e6000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb7e1d000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba550000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb892f000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba218000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xb0af7000 0x0011e000 "\SystemRoot\system32\drivers\sthda.sys"
.\debug.cpp(256) : 0xb0ad3000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xb5fa2000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb0ab9000 0x0001a000 "\SystemRoot\system32\drivers\dxec02.sys"
.\debug.cpp(256) : 0xb0a85000 0x00034000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
.\debug.cpp(256) : 0xb0993000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xb08e0000 0x000b3000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xba3e8000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xb6066000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xba448000 0x00005000 "\??\C:\WINDOWS\system32\SAVRKBootTasks.sys"
.\debug.cpp(256) : 0xb02f0000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xb08c0000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xaff59000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xb02e8000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xad4fe000 0x0003a000 "\SystemRoot\system32\DRIVERS\OEM02Dev.sys"
.\debug.cpp(256) : 0xba662000 0x00002000 "\SystemRoot\system32\DRIVERS\OEM02Vfx.sys"
.\debug.cpp(256) : 0xb02e0000 0x00007000 "\SystemRoot\system32\DRIVERS\LHidFilt.Sys"
.\debug.cpp(256) : 0xae8e4000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS"
.\debug.cpp(256) : 0xad483000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys"
.\debug.cpp(256) : 0xb08bc000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xba3f8000 0x00008000 "\SystemRoot\system32\DRIVERS\LMouFilt.Sys"
.\debug.cpp(256) : 0xba664000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xadde0000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba666000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xaeec0000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba668000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba66a000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb02f8000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba428000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xaa490000 0x00033000 "\SystemRoot\System32\Drivers\UdfReadr.SYS"
.\debug.cpp(256) : 0xb0c31000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xa9fa8000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xa96ea000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xaa307000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0xa8f5c000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xa8f34000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xa8f12000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xaa2f7000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xaa2d7000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xa8ee7000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa8e77000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xaa2c7000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xa9f51000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xa8e50000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"
.\debug.cpp(256) : 0xaa127000 0x00004000 "\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS"
.\debug.cpp(256) : 0xaa177000 0x00006000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"
.\debug.cpp(256) : 0xa9f21000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa9865000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xaa167000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba741000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00537000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xb2fc6000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
.\debug.cpp(256) : 0xad7ae000 0x00005000 "\SystemRoot\system32\DRIVERS\AegisP.sys"
.\debug.cpp(256) : 0xaa454000 0x00004000 "\SystemRoot\system32\DRIVERS\packet.sys"
.\debug.cpp(256) : 0xaa133000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xaa12b000 0x00004000 "\SystemRoot\system32\DRIVERS\s24trans.sys"
.\debug.cpp(256) : 0xa55f1000 0x00017000 "\SystemRoot\System32\Drivers\aswMon2.SYS"
.\debug.cpp(256) : 0xa5474000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xad87c000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa5261000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xa5322000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xa5075000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xba4a8000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
.\debug.cpp(256) : 0xa4b34000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xa3b3d000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c51b#5&36394189&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&15a28264&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
.\debug.cpp(400) : Destination "\Device\aswSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&35ba7ca&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
.\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_02281028&REV_02#3&61aaa01&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{f6c58c1f-7d44-4dd1-b240-dee24d44fd91}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"
.\debug.cpp(400) : Destination "\Device\aswMon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(400) : Destination "\Device\Packet_{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4229&SUBSYS_11208086&REV_61#4&ab208e&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5d8f7648-60d9-11dc-9485-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\Packet_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_02281028&REV_05#4&28d6de3b&0&08F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UdfReadr_XP"
.\debug.cpp(400) : Destination "\Device\UdfReadr_XP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_02281028&REV_02#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Conexant HDA D330 MDC V.92 Modem"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature41AB2316Offset5649600Length1B4D376000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) : Destination "\Device\ASWTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02#4&28d6de3b&0&00F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(400) : Destination "\Device\{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&2f94427b&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_02281028&REV_12#4&28d6de3b&0&0AF0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(400) : Destination "\Device\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_01#7&12283d8a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c51b&Rev_4600&MI_00&MouFilt#8&1e596276&0&00#{efbbd94f-3314-42ef-a495-4389f3715704}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&57ecbe5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_02281028&REV_02#3&61aaa01&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(400) : Destination "\Device\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2f94427b&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BF898C37-E1E2-4849-AC2D-4A2A8BE856A5}"
.\debug.cpp(400) : Destination "\Device\{BF898C37-E1E2-4849-AC2D-4A2A8BE856A5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{cb0b7def-63d0-44d6-bcd7-a5e6d1f8b362}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(400) : Destination "\Device\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{22F43C09-71E7-4710-BBDB-86BD19AB1105}"
.\debug.cpp(400) : Destination "\Device\{22F43C09-71E7-4710-BBDB-86BD19AB1105}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_02281028&REV_02#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_00#7&11af0038&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&e7ab66&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2ec79860&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"
.\debug.cpp(400) : Destination "\Device\AavmKer4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&ce4cbcd&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&ce4cbcd&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_02281028&REV_02#3&61aaa01&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0427&SUBSYS_02281028&REV_A1#4&15f4a1be&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
.\debug.cpp(400) : Destination "\Device\USNTracker"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5d8f7649-60d9-11dc-9485-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\AegisP_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_00#7&11af0038&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP"
.\debug.cpp(400) : Destination "\Device\AegisP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640#5&2b3f6d0f&0&6#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_02281028&REV_12#4&28d6de3b&0&0CF0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_02281028&REV_02#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_02281028&REV_12#4&28d6de3b&0&0BF0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\APPDRV"
.\debug.cpp(400) : Destination "\Device\APPDRV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination "\Device\MICH_AZ0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c51b&Rev_4600&MI_00&HidFilt#8&1e596276&0&00#{d21a038a-7762-4451-a518-d571b1a7a24a}"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&8f22fbf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&23c30da&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(400) : Destination "\Device\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
.\debug.cpp(400) : Destination "\Device\aswSP_Avar"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
.\debug.cpp(400) : Destination "\Device\ASWRDR"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_02281028&REV_02#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet"
.\debug.cpp(400) : Destination "\Device\Packet"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{44EC6091-3E12-438A-8E58-16BC7BF593D8}"
.\debug.cpp(400) : Destination "\Device\{44EC6091-3E12-438A-8E58-16BC7BF593D8}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskFUJITSU_MHW2120BH_______________________00850012#5&12a65145&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(400) : Destination "\Device\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`05649600
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1135) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1137) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1138) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1142) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1143) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1146) :
.\boot_cleaner.cpp(1151) : Done;

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 AM

Posted 08 November 2010 - 06:09 PM

Hello,

1.
Your log indicates you have an infected Master Boot Record (MBR). To learn more about this infection please refer to:
  • What is Whistler Bootkit
  • Bootkit: Example of infected master boot record
  • MBR Rootkit, A New Breed of Malware

    Rerun MBRCheck.exe again by double-clicking on it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option [2] (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter [0] (for PhysicalDrive0) and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below.

    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:

  • Please select your version of Windows from the list and enter the corresponding number (For example, type 0 or 1 for XP, type 3 for Vista, type 5 for Windows 7, etc) and then press Enter. Be careful...if the wrong OS is used, it will render the computer unbootable.
  • When prompted for confirmation: 'Do you want to fix the MBR code?'. Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key on your keyboard to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

    Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console (XP) or Recovery Environment (Vista, Windows 7) in case of any problems, or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:
  • How to use the Recovery Console in XP
  • How to fix MBR in Windows XP and Vista
  • How to Burn a Vista Repair Disc if You Donít Have One

2.


1. Please run Bootkit Remover.
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose Select All.
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.

3.
Please delete the copy of Combofix you have on your desktop.

4.
Download and Rename Combofix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below. You must rename it 1234.scr before saving it to your desktop.

Link 1
Link 2


Posted Image


Posted Image
--------------------------------------------------------------------
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on 1234.scr & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

If you have problems running Combofix please try and run it in Safemode.
Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 knerrd

knerrd
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 08 November 2010 - 09:31 PM

Thank you. When I run MBRcheck.exe, it does not give me an option "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" It goes straight to Done! Press enter to exit.


Here is the remover.exe black screen data:


Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`05649600

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...


Here is the the bootkit remover log:


.\debug.cpp(238) : Debug log started at 09.11.2010 - 01:19:03
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : © 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0x8a835000 0x00003000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f79000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f68000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba4c0000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c4000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f49000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xb9f23000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0b000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xb9e4d000 0x000be000 "iaStor.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9e2d000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9e1b000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9e04000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9d77000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9d4a000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba108000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba118000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xb9d30000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba268000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xba158000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb7f04000 0x0060e000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb7ef0000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba458000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb7ecc000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba460000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb7ea4000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb7c88000 0x0021c000 "\SystemRoot\system32\DRIVERS\NETw4x32.sys"
.\debug.cpp(256) : 0xba168000 0x00010000 "\SystemRoot\system32\DRIVERS\bcm4sbxp.sys"
.\debug.cpp(256) : 0xb7c74000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0xba178000 0x0000e000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0xb7c60000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0xb7c0f000 0x00051000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0xba188000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xb7bdd000 0x00032000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xba5e8000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba468000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba470000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba198000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba1a8000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba1b8000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb7bba000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba478000 0x00007000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xb98e6000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xb98e2000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xba7e7000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba1c8000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb98de000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb7ba3000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba1d8000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba1e8000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba480000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb7b92000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xb86fe000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba488000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba490000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb7b62000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xb86ee000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5ea000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb7b04000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba568000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb866e000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba1f8000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xb0fa1000 0x0011e000 "\SystemRoot\system32\drivers\sthda.sys"
.\debug.cpp(256) : 0xb0f7d000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xb9557000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb0f63000 0x0001a000 "\SystemRoot\system32\drivers\dxec02.sys"
.\debug.cpp(256) : 0xb0f2f000 0x00034000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
.\debug.cpp(256) : 0xb0e3d000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xb0d8a000 0x000b3000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xba3e8000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xb5cbf000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xba440000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xba418000 0x00005000 "\??\C:\WINDOWS\system32\SAVRKBootTasks.sys"
.\debug.cpp(256) : 0xba65c000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xaeae9000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba65e000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xb0d12000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xb0d0a000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba660000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba662000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb0d02000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xb0cfa000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xae35a000 0x00033000 "\SystemRoot\System32\Drivers\UdfReadr.SYS"
.\debug.cpp(256) : 0xb0ce2000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xae335000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xae2dc000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xba2f8000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0xae2b6000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xae28e000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xae26c000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba2e8000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xae241000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xae1d1000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb03ca000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb0cc2000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xb03aa000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xae197000 0x0003a000 "\SystemRoot\system32\DRIVERS\OEM02Dev.sys"
.\debug.cpp(256) : 0xba664000 0x00002000 "\SystemRoot\system32\DRIVERS\OEM02Vfx.sys"
.\debug.cpp(256) : 0xb0cf2000 0x00007000 "\SystemRoot\system32\DRIVERS\LHidFilt.Sys"
.\debug.cpp(256) : 0xb039a000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS"
.\debug.cpp(256) : 0xae11c000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys"
.\debug.cpp(256) : 0xb28c7000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xb0cea000 0x00008000 "\SystemRoot\system32\DRIVERS\LMouFilt.Sys"
.\debug.cpp(256) : 0xb038a000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xb037a000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xae0f5000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"
.\debug.cpp(256) : 0xb0d7a000 0x00004000 "\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS"
.\debug.cpp(256) : 0xba390000 0x00006000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"
.\debug.cpp(256) : 0xaae0f000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xab24e000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xab71e000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xae846000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00537000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xb9cf0000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
.\debug.cpp(256) : 0xba3c8000 0x00005000 "\SystemRoot\system32\DRIVERS\AegisP.sys"
.\debug.cpp(256) : 0xaba77000 0x00004000 "\SystemRoot\system32\DRIVERS\packet.sys"
.\debug.cpp(256) : 0xaba6f000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xaba67000 0x00004000 "\SystemRoot\system32\DRIVERS\s24trans.sys"
.\debug.cpp(256) : 0xa69ef000 0x00017000 "\SystemRoot\System32\Drivers\aswMon2.SYS"
.\debug.cpp(256) : 0xa685a000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xa6779000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb034a000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa6812000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xa658b000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa5ee2000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xba428000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c51b#5&36394189&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&15a28264&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
.\debug.cpp(400) : Destination "\Device\aswSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&35ba7ca&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
.\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_02281028&REV_02#3&61aaa01&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{f6c58c1f-7d44-4dd1-b240-dee24d44fd91}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"
.\debug.cpp(400) : Destination "\Device\aswMon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(400) : Destination "\Device\Packet_{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4229&SUBSYS_11208086&REV_61#4&ab208e&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5d8f7648-60d9-11dc-9485-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\Packet_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_02281028&REV_05#4&28d6de3b&0&08F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UdfReadr_XP"
.\debug.cpp(400) : Destination "\Device\UdfReadr_XP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_02281028&REV_02#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Conexant HDA D330 MDC V.92 Modem"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature41AB2316Offset5649600Length1B4D376000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) : Destination "\Device\ASWTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02#4&28d6de3b&0&00F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(400) : Destination "\Device\{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&2f94427b&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_02281028&REV_12#4&28d6de3b&0&0AF0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(400) : Destination "\Device\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_01#7&12283d8a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c51b&Rev_4600&MI_00&MouFilt#8&1e596276&0&00#{efbbd94f-3314-42ef-a495-4389f3715704}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&57ecbe5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_02281028&REV_02#3&61aaa01&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(400) : Destination "\Device\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2f94427b&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BF898C37-E1E2-4849-AC2D-4A2A8BE856A5}"
.\debug.cpp(400) : Destination "\Device\{BF898C37-E1E2-4849-AC2D-4A2A8BE856A5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{cb0b7def-63d0-44d6-bcd7-a5e6d1f8b362}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(400) : Destination "\Device\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{22F43C09-71E7-4710-BBDB-86BD19AB1105}"
.\debug.cpp(400) : Destination "\Device\{22F43C09-71E7-4710-BBDB-86BD19AB1105}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_02281028&REV_02#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_00#7&11af0038&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&e7ab66&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2ec79860&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"
.\debug.cpp(400) : Destination "\Device\AavmKer4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&ce4cbcd&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&ce4cbcd&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_02281028&REV_02#3&61aaa01&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0427&SUBSYS_02281028&REV_A1#4&15f4a1be&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
.\debug.cpp(400) : Destination "\Device\USNTracker"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\AegisP_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_00#7&11af0038&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5d8f7649-60d9-11dc-9485-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP"
.\debug.cpp(400) : Destination "\Device\AegisP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640#5&2b3f6d0f&0&6#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_02281028&REV_12#4&28d6de3b&0&0CF0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_02281028&REV_02#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_02281028&REV_12#4&28d6de3b&0&0BF0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\APPDRV"
.\debug.cpp(400) : Destination "\Device\APPDRV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination "\Device\MICH_AZ0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c51b&Rev_4600&MI_00&HidFilt#8&1e596276&0&00#{d21a038a-7762-4451-a518-d571b1a7a24a}"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&8f22fbf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&23c30da&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(400) : Destination "\Device\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
.\debug.cpp(400) : Destination "\Device\ASWRDR"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
.\debug.cpp(400) : Destination "\Device\aswSP_Avar"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_02281028&REV_02#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet"
.\debug.cpp(400) : Destination "\Device\Packet"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{44EC6091-3E12-438A-8E58-16BC7BF593D8}"
.\debug.cpp(400) : Destination "\Device\{44EC6091-3E12-438A-8E58-16BC7BF593D8}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskFUJITSU_MHW2120BH_______________________00850012#5&12a65145&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(400) : Destination "\Device\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`05649600
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1135) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1137) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1138) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1142) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1143) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1146) :
.\boot_cleaner.cpp(1151) : Done;


Here is the combofix log the first time I ran it (in regular mode, reboot requested, got blue screen of death, finished in safe mode). I ran it again in safe mode (that output is farther down)

ComboFix 10-11-07.A2 - Ellen 11/08/2010 20:48:10.6.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1777 [GMT -5:00]
Running from: c:\documents and settings\Ellen\Desktop\1234.scr
Command switches used :: /S
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ellen\Application Data\Bitrix Security
c:\documents and settings\Ellen\Application Data\Bitrix Security\cet.txt
c:\documents and settings\Ellen\Application Data\Bitrix Security\gvmqlux.dll
c:\documents and settings\Ellen\Application Data\Bitrix Security\gvmqlux_shrd
c:\documents and settings\Ellen\Application Data\Bitrix Security\lrtg.txt
c:\documents and settings\Ellen\Application Data\Bitrix Security\mor.txt
c:\documents and settings\Ellen\Application Data\Bitrix Security\mxd1.txt
c:\documents and settings\Ellen\Application Data\Bitrix Security\rgx.txt
c:\documents and settings\Ellen\Application Data\Bitrix Security\tqy
c:\documents and settings\Ellen\Local Settings\Application Data\{3B69E247-F479-480A-8F72-C2B42FFBA278}
c:\documents and settings\Ellen\Local Settings\Application Data\{3B69E247-F479-480A-8F72-C2B42FFBA278}\chrome.manifest
c:\documents and settings\Ellen\Local Settings\Application Data\{3B69E247-F479-480A-8F72-C2B42FFBA278}\chrome\content\_cfg.js
c:\documents and settings\Ellen\Local Settings\Application Data\{3B69E247-F479-480A-8F72-C2B42FFBA278}\chrome\content\overlay.xul
c:\documents and settings\Ellen\Local Settings\Application Data\{3B69E247-F479-480A-8F72-C2B42FFBA278}\install.rdf
c:\windows\ocifukifurizevul.dll
c:\windows\WAVAB32.dll

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2010-11-07 01:01 . 2010-11-07 01:01 -------- d-----w- c:\program files\7-Zip
2010-11-06 03:07 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-06 03:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-06 03:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-06 03:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-06 03:07 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-06 03:07 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-06 03:07 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-06 03:06 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-06 03:06 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-06 03:06 . 2010-11-06 03:06 -------- d-----w- c:\program files\Alwil Software
2010-11-06 03:06 . 2010-11-06 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-06 02:24 . 2010-05-26 14:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-11-05 22:03 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\3.tmp
2010-11-05 22:02 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\2.tmp
2010-11-05 22:01 . 2010-11-05 22:01 -------- d-----w- c:\program files\Sophos
2010-11-02 23:10 . 2010-11-02 23:11 -------- d-----w- C:\v2d
2010-11-02 23:10 . 2010-11-02 23:10 -------- d-----w- c:\program files\Total Video2Dvd
2010-10-14 10:29 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 10:29 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 10:29 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 10:29 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-10 19:35 . 2010-11-02 23:08 -------- d-----w- c:\documents and settings\Ellen\Application Data\FreeMoviesToDVD
2010-10-10 19:34 . 2010-10-10 19:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-10-10 19:34 . 2009-01-24 01:08 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-10 19:34 . 2009-01-24 01:08 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-10-10 19:34 . 2009-01-24 01:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-10-10 19:34 . 2009-01-24 01:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-10-10 19:34 . 2009-01-24 01:08 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2004-08-11 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-11 22:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-11 22:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-11 22:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-11 22:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-11 22:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-11 22:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-11 22:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 04:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-11 22:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-11 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-5 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=c:\windows\pss\Forget Me Not.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 08:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-09-24 18:57 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-06 20:34 8429568 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-06-06 20:34 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-10 20:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-06-05 11:38 468408 ----a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"KADxMain"=c:\windows\system32\KADxMain.exe
"Dell QuickSet"=c:\program files\Dell\QuickSet\Quickset.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"8177:TCP"= 8177:TCP:BitComet 8177 TCP
"8177:UDP"= 8177:UDP:BitComet 8177 UDP

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [11/5/2010 9:24 PM 18816]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/5/2010 10:07 PM 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/5/2010 10:07 PM 17744]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [1/1/2008 9:20 AM 508304]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder

2010-11-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
uInternet Settings,ProxyOverride = <local>
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Ygixaf - c:\windows\WAVAB32.dll
HKLM-Run-Kbisojeb - c:\windows\ocifukifurizevul.dll
ActiveSetup-{3FBA1A32-1923-4C7A-9728-4EA2DFFA253B} - c:\documents and settings\Ellen\Application Data\Bitrix Security\gvmqlux.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-08 21:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(296)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2010-11-08 21:05:12
ComboFix-quarantined-files.txt 2010-11-09 02:05

Pre-Run: 18,391,519,232 bytes free
Post-Run: 18,719,596,544 bytes free

- - End Of File - - EFB980F892CFB964269F0DDFC658B716


Here is the combofix log when I ran it in safe mode:

ComboFix 10-11-07.A2 - Ellen 11/08/2010 21:14:12.7.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1666 [GMT -5:00]
Running from: c:\documents and settings\Ellen\Desktop\1234.scr
Command switches used :: /S
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2010-11-07 01:01 . 2010-11-07 01:01 -------- d-----w- c:\program files\7-Zip
2010-11-06 03:07 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-06 03:07 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-06 03:07 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-06 03:07 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-06 03:07 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-06 03:07 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-06 03:07 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-06 03:06 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-06 03:06 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-06 03:06 . 2010-11-06 03:06 -------- d-----w- c:\program files\Alwil Software
2010-11-06 03:06 . 2010-11-06 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-06 02:24 . 2010-05-26 14:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-11-05 22:03 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\3.tmp
2010-11-05 22:02 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\2.tmp
2010-11-05 22:01 . 2010-11-05 22:01 -------- d-----w- c:\program files\Sophos
2010-11-02 23:10 . 2010-11-02 23:11 -------- d-----w- C:\v2d
2010-11-02 23:10 . 2010-11-02 23:10 -------- d-----w- c:\program files\Total Video2Dvd
2010-10-14 10:29 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-14 10:29 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-14 10:29 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-14 10:29 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-10 19:35 . 2010-11-02 23:08 -------- d-----w- c:\documents and settings\Ellen\Application Data\FreeMoviesToDVD
2010-10-10 19:34 . 2010-10-10 19:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-10-10 19:34 . 2009-01-24 01:08 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-10-10 19:34 . 2009-01-24 01:08 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-10-10 19:34 . 2009-01-24 01:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-10-10 19:34 . 2009-01-24 01:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-10-10 19:34 . 2009-01-24 01:08 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2004-08-11 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-11 22:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-11 22:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-11 22:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-11 22:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-11 22:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-11 22:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-11 22:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 04:27 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-11 22:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-11 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-09_02.01.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:00 . 2010-11-09 02:14 71732 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2010-11-09 01:50 71732 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2010-11-09 02:14 442466 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2010-11-09 01:50 442466 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-5 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
backup=c:\windows\pss\Forget Me Not.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 08:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 19:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-09-24 18:57 2254120 ----a-w- c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-06 20:34 8429568 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-06-06 20:34 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-10 20:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2009-06-05 11:38 468408 ----a-w- c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"KADxMain"=c:\windows\system32\KADxMain.exe
"Dell QuickSet"=c:\program files\Dell\QuickSet\Quickset.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"8177:TCP"= 8177:TCP:BitComet 8177 TCP
"8177:UDP"= 8177:UDP:BitComet 8177 UDP

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [11/5/2010 9:24 PM 18816]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/5/2010 10:07 PM 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/5/2010 10:07 PM 17744]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [1/1/2008 9:20 AM 508304]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4.tmp --> c:\windows\system32\4.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
uInternet Settings,ProxyOverride = <local>
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-08 21:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(296)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1540)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-11-08 21:24:51
ComboFix-quarantined-files.txt 2010-11-09 02:24

Pre-Run: 18,744,270,848 bytes free
Post-Run: 18,722,467,840 bytes free

- - End Of File - - 80BD1E4A0A31A3AA1ED56F0877694AFB

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 AM

Posted 09 November 2010 - 10:23 PM

Hello,

Well looks like Combofix got the main infection.

1.

1. Please find Remover.exe on your desktop
2. Double click Remover.exe to run it (Right click and run as Administrator for Vista).
3. It will show a Black screen with some data on it.
4. Right click on the screen and choose Select All.
5. Press Control+C (to copy the data).
6. Open a notepad, Click on Edit tab > paste.
7. Exit the Remover.exe window.
8. Please post the contents of the notepad when you reply.

2.
Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

3.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Things to include in your next reply::
Bootkit Remover log
MBAM log
Eset log
A new OTL log
How is your machine running now?

Edited by fireman4it, 09 November 2010 - 10:23 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 knerrd

knerrd
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 10 November 2010 - 09:23 PM

Thank you. The computer seems to running normally now. Here is the remover black screen info:Bootkit Remover
© 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`05649600
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...


Here is the bootkit remover log

.\debug.cpp(238) : Debug log started at 11.11.2010 - 02:13:36
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : © 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f79000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f68000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f49000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xb9f23000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0b000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xb9e4d000 0x000be000 "iaStor.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9e2d000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9e1b000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9e04000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9d77000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9d4a000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba108000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba118000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xb9d30000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba1a8000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xba308000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb8db1000 0x0060e000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb8d9d000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba410000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb8d79000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba418000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb8d51000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb8b35000 0x0021c000 "\SystemRoot\system32\DRIVERS\NETw4x32.sys"
.\debug.cpp(256) : 0xba318000 0x00010000 "\SystemRoot\system32\DRIVERS\bcm4sbxp.sys"
.\debug.cpp(256) : 0xb8b21000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0xba138000 0x0000e000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0xb8b0d000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0xb8abc000 0x00051000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0xba148000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xb8a8a000 0x00032000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xba5d8000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba420000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba428000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba158000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba168000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba178000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb8a67000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba430000 0x00007000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xba598000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xba59c000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xba713000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba188000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xba5a0000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8a50000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba198000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba1b8000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba438000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb8a3f000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba1c8000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba440000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba448000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb8a0f000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba1d8000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5da000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb89b1000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb9cf8000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba1e8000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba1f8000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xb7805000 0x0011e000 "\SystemRoot\system32\drivers\sthda.sys"
.\debug.cpp(256) : 0xb77e1000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xb944f000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb77c7000 0x0001a000 "\SystemRoot\system32\drivers\dxec02.sys"
.\debug.cpp(256) : 0xb7793000 0x00034000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
.\debug.cpp(256) : 0xb76a1000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xb75ee000 0x000b3000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xba450000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xba568000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xba460000 0x00005000 "\??\C:\WINDOWS\system32\SAVRKBootTasks.sys"
.\debug.cpp(256) : 0xba468000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xba5e8000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba6ac000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba5ea000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba470000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xba478000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5ec000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba5ee000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba480000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba488000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb7573000 0x00033000 "\SystemRoot\System32\Drivers\UdfReadr.SYS"
.\debug.cpp(256) : 0xba584000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xb754e000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xb74f5000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb93ff000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0xb74a7000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb747f000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb745d000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb93ef000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xb7432000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xb73c2000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb93cf000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb8991000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xb93bf000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xb7388000 0x0003a000 "\SystemRoot\system32\DRIVERS\OEM02Dev.sys"
.\debug.cpp(256) : 0xba5f0000 0x00002000 "\SystemRoot\system32\DRIVERS\OEM02Vfx.sys"
.\debug.cpp(256) : 0xba490000 0x00007000 "\SystemRoot\system32\DRIVERS\LHidFilt.Sys"
.\debug.cpp(256) : 0xba208000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS"
.\debug.cpp(256) : 0xb730d000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys"
.\debug.cpp(256) : 0xb898d000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xba498000 0x00008000 "\SystemRoot\system32\DRIVERS\LMouFilt.Sys"
.\debug.cpp(256) : 0xba218000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xba228000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xb7246000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"
.\debug.cpp(256) : 0xb793f000 0x00004000 "\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS"
.\debug.cpp(256) : 0xba4a8000 0x00006000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"
.\debug.cpp(256) : 0xba248000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb7927000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba4b0000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba7e1000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00537000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xb4f12000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
.\debug.cpp(256) : 0xba360000 0x00005000 "\SystemRoot\system32\DRIVERS\AegisP.sys"
.\debug.cpp(256) : 0xb4e1e000 0x00004000 "\SystemRoot\system32\DRIVERS\packet.sys"
.\debug.cpp(256) : 0xb4e16000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xb4e0a000 0x00004000 "\SystemRoot\system32\DRIVERS\s24trans.sys"
.\debug.cpp(256) : 0xb4bbf000 0x00017000 "\SystemRoot\System32\Drivers\aswMon2.SYS"
.\debug.cpp(256) : 0xb4902000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb4aff000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xb45d7000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xb45b7000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xb4507000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb3f9e000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xba3a0000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
.\debug.cpp(256) : 0xab53f000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&15a28264&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c51b#5&36394189&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&35ba7ca&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
.\debug.cpp(400) : Destination "\Device\aswSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_02281028&REV_02#3&61aaa01&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
.\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{f6c58c1f-7d44-4dd1-b240-dee24d44fd91}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"
.\debug.cpp(400) : Destination "\Device\aswMon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(400) : Destination "\Device\Packet_{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4229&SUBSYS_11208086&REV_61#4&ab208e&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5d8f7648-60d9-11dc-9485-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\Packet_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_02281028&REV_05#4&28d6de3b&0&08F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_02281028&REV_02#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UdfReadr_XP"
.\debug.cpp(400) : Destination "\Device\UdfReadr_XP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Conexant HDA D330 MDC V.92 Modem"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature41AB2316Offset5649600Length1B4D376000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(400) : Destination "\Device\{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) : Destination "\Device\ASWTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02#4&28d6de3b&0&00F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_02281028&REV_12#4&28d6de3b&0&0AF0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&2f94427b&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#19cd4981434fc000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(400) : Destination "\Device\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c51b&Rev_4600&MI_00&MouFilt#8&1e596276&0&00#{efbbd94f-3314-42ef-a495-4389f3715704}"
.\debug.cpp(400) : Destination "\Device\0000008e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_01#7&12283d8a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(400) : Destination "\Device\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_02281028&REV_02#3&61aaa01&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&57ecbe5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(400) : Destination "\Device\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{cb0b7def-63d0-44d6-bcd7-a5e6d1f8b362}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BF898C37-E1E2-4849-AC2D-4A2A8BE856A5}"
.\debug.cpp(400) : Destination "\Device\{BF898C37-E1E2-4849-AC2D-4A2A8BE856A5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2f94427b&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{22F43C09-71E7-4710-BBDB-86BD19AB1105}"
.\debug.cpp(400) : Destination "\Device\{22F43C09-71E7-4710-BBDB-86BD19AB1105}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_02281028&REV_02#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&e7ab66&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_00#7&11af0038&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2ec79860&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_02281028&REV_02#3&61aaa01&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&ce4cbcd&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&ce4cbcd&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"
.\debug.cpp(400) : Destination "\Device\AavmKer4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0427&SUBSYS_02281028&REV_A1#4&15f4a1be&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
.\debug.cpp(400) : Destination "\Device\USNTracker"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5d8f7649-60d9-11dc-9485-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\AegisP_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_00#7&11af0038&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_02281028&REV_12#4&28d6de3b&0&0CF0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640#5&2b3f6d0f&0&6#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP"
.\debug.cpp(400) : Destination "\Device\AegisP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_02281028&REV_12#4&28d6de3b&0&0BF0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_02281028&REV_02#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\APPDRV"
.\debug.cpp(400) : Destination "\Device\APPDRV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination "\Device\MICH_AZ0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(400) : Destination "\Device\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&23c30da&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c51b&Rev_4600&MI_00&HidFilt#8&1e596276&0&00#{d21a038a-7762-4451-a518-d571b1a7a24a}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&8f22fbf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_02281028&REV_02#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
.\debug.cpp(400) : Destination "\Device\ASWRDR"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
.\debug.cpp(400) : Destination "\Device\aswSP_Avar"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{44EC6091-3E12-438A-8E58-16BC7BF593D8}"
.\debug.cpp(400) : Destination "\Device\{44EC6091-3E12-438A-8E58-16BC7BF593D8}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet"
.\debug.cpp(400) : Destination "\Device\Packet"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(400) : Destination "\Device\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskFUJITSU_MHW2120BH_______________________00850012#5&12a65145&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`05649600
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;


Here is the Malwarebytes log (no items found):


.\debug.cpp(238) : Debug log started at 11.11.2010 - 02:13:36
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : © 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f79000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f68000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f49000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xb9f23000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f0b000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xb9e4d000 0x000be000 "iaStor.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9e2d000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9e1b000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9e04000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9d77000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9d4a000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba108000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba118000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xb9d30000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba1a8000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xba308000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb8db1000 0x0060e000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xb8d9d000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba410000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb8d79000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba418000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb8d51000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb8b35000 0x0021c000 "\SystemRoot\system32\DRIVERS\NETw4x32.sys"
.\debug.cpp(256) : 0xba318000 0x00010000 "\SystemRoot\system32\DRIVERS\bcm4sbxp.sys"
.\debug.cpp(256) : 0xb8b21000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0xba138000 0x0000e000 "\SystemRoot\system32\DRIVERS\rimmptsk.sys"
.\debug.cpp(256) : 0xb8b0d000 0x00014000 "\SystemRoot\system32\DRIVERS\rimsptsk.sys"
.\debug.cpp(256) : 0xb8abc000 0x00051000 "\SystemRoot\system32\DRIVERS\rixdptsk.sys"
.\debug.cpp(256) : 0xba148000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xb8a8a000 0x00032000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xba5d8000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba420000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba428000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba158000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba168000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba178000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb8a67000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba430000 0x00007000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xba598000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xba59c000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xba713000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba188000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xba5a0000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8a50000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba198000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba1b8000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba438000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb8a3f000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba1c8000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba440000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba448000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb8a0f000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba1d8000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5da000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb89b1000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb9cf8000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba1e8000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xba1f8000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xb7805000 0x0011e000 "\SystemRoot\system32\drivers\sthda.sys"
.\debug.cpp(256) : 0xb77e1000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xb944f000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb77c7000 0x0001a000 "\SystemRoot\system32\drivers\dxec02.sys"
.\debug.cpp(256) : 0xb7793000 0x00034000 "\SystemRoot\system32\DRIVERS\HSFHWAZL.sys"
.\debug.cpp(256) : 0xb76a1000 0x000f2000 "\SystemRoot\system32\DRIVERS\HSF_DPV.sys"
.\debug.cpp(256) : 0xb75ee000 0x000b3000 "\SystemRoot\system32\DRIVERS\HSF_CNXT.sys"
.\debug.cpp(256) : 0xba450000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xba568000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xba460000 0x00005000 "\??\C:\WINDOWS\system32\SAVRKBootTasks.sys"
.\debug.cpp(256) : 0xba468000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xba5e8000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba6ac000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba5ea000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba470000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xba478000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba5ec000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba5ee000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba480000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba488000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb7573000 0x00033000 "\SystemRoot\System32\Drivers\UdfReadr.SYS"
.\debug.cpp(256) : 0xba584000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xb754e000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xb74f5000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xb93ff000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
.\debug.cpp(256) : 0xb74a7000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb747f000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xb745d000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb93ef000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xb7432000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xb73c2000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xb93cf000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xb8991000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xb93bf000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xb7388000 0x0003a000 "\SystemRoot\system32\DRIVERS\OEM02Dev.sys"
.\debug.cpp(256) : 0xba5f0000 0x00002000 "\SystemRoot\system32\DRIVERS\OEM02Vfx.sys"
.\debug.cpp(256) : 0xba490000 0x00007000 "\SystemRoot\system32\DRIVERS\LHidFilt.Sys"
.\debug.cpp(256) : 0xba208000 0x0000d000 "\SystemRoot\system32\DRIVERS\WDFLDR.SYS"
.\debug.cpp(256) : 0xb730d000 0x0007b000 "\SystemRoot\system32\DRIVERS\Wdf01000.sys"
.\debug.cpp(256) : 0xb898d000 0x00003000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xba498000 0x00008000 "\SystemRoot\system32\DRIVERS\LMouFilt.Sys"
.\debug.cpp(256) : 0xba218000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xba228000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xb7246000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"
.\debug.cpp(256) : 0xb793f000 0x00004000 "\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS"
.\debug.cpp(256) : 0xba4a8000 0x00006000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"
.\debug.cpp(256) : 0xba248000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb7927000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba4b0000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba7e1000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00537000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xb4f12000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
.\debug.cpp(256) : 0xba360000 0x00005000 "\SystemRoot\system32\DRIVERS\AegisP.sys"
.\debug.cpp(256) : 0xb4e1e000 0x00004000 "\SystemRoot\system32\DRIVERS\packet.sys"
.\debug.cpp(256) : 0xb4e16000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xb4e0a000 0x00004000 "\SystemRoot\system32\DRIVERS\s24trans.sys"
.\debug.cpp(256) : 0xb4bbf000 0x00017000 "\SystemRoot\System32\Drivers\aswMon2.SYS"
.\debug.cpp(256) : 0xb4902000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xb4aff000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xb45d7000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xb45b7000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xb4507000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb3f9e000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xba3a0000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
.\debug.cpp(256) : 0xab53f000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&15a28264&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_046d&Pid_c51b#5&36394189&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&35ba7ca&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
.\debug.cpp(400) : Destination "\Device\aswSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_283A&SUBSYS_02281028&REV_02#3&61aaa01&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
.\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{f6c58c1f-7d44-4dd1-b240-dee24d44fd91}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"
.\debug.cpp(400) : Destination "\Device\aswMon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(400) : Destination "\Device\Packet_{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4229&SUBSYS_11208086&REV_61#4&ab208e&0&00E1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5d8f7648-60d9-11dc-9485-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\Packet_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE04____#5&70cdb75&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_02281028&REV_05#4&28d6de3b&0&08F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\Winachsf0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2836&SUBSYS_02281028&REV_02#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UdfReadr_XP"
.\debug.cpp(400) : Destination "\Device\UdfReadr_XP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Conexant HDA D330 MDC V.92 Modem"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature41AB2316Offset5649600Length1B4D376000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(400) : Destination "\Device\{6E5D7A73-229A-45F6-A842-BCD6B9D541D6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
.\debug.cpp(400) : Destination "\Device\ASWTDI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02#4&28d6de3b&0&00F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0843&SUBSYS_02281028&REV_12#4&28d6de3b&0&0AF0#{ba39d8e2-30c9-11d4-b3cd-d916bda91711}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&2f94427b&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#19cd4981434fc000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(400) : Destination "\Device\{8E6984F7-592D-47F6-98D0-801C944188C5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c51b&Rev_4600&MI_00&MouFilt#8&1e596276&0&00#{efbbd94f-3314-42ef-a495-4389f3715704}"
.\debug.cpp(400) : Destination "\Device\0000008e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_01#7&12283d8a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(400) : Destination "\Device\{EEBB6D6F-4603-4592-A853-FB7E4BDA8C26}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2835&SUBSYS_02281028&REV_02#3&61aaa01&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&57ecbe5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(400) : Destination "\Device\{B6AF18BB-88BD-4D45-A455-01ABFDE33781}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{cb0b7def-63d0-44d6-bcd7-a5e6d1f8b362}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BF898C37-E1E2-4849-AC2D-4A2A8BE856A5}"
.\debug.cpp(400) : Destination "\Device\{BF898C37-E1E2-4849-AC2D-4A2A8BE856A5}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2f94427b&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{22F43C09-71E7-4710-BBDB-86BD19AB1105}"
.\debug.cpp(400) : Destination "\Device\{22F43C09-71E7-4710-BBDB-86BD19AB1105}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2830&SUBSYS_02281028&REV_02#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&e7ab66&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_00#7&11af0038&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2ec79860&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2834&SUBSYS_02281028&REV_02#3&61aaa01&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&ce4cbcd&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_14F1000F&REV_1000#4&ce4cbcd&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"
.\debug.cpp(400) : Destination "\Device\AavmKer4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0427&SUBSYS_02281028&REV_A1#4&15f4a1be&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\s24trans_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
.\debug.cpp(400) : Destination "\Device\USNTracker"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5d8f7649-60d9-11dc-9485-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\AegisP_{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_046d&Pid_c51b&MI_00#7&11af0038&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000008d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0852&SUBSYS_02281028&REV_12#4&28d6de3b&0&0CF0#{58b90d02-b4b0-4504-9bea-52b93082ddf6}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640#5&2b3f6d0f&0&6#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05a9&Pid_2640&MI_00#6&13728222&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000008c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP"
.\debug.cpp(400) : Destination "\Device\AegisP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0592&SUBSYS_02281028&REV_12#4&28d6de3b&0&0BF0#{d2d3b8e3-2400-448c-8c0d-79abecfcfda3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2832&SUBSYS_02281028&REV_02#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\APPDRV"
.\debug.cpp(400) : Destination "\Device\APPDRV"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination "\Device\MICH_AZ0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_76A0&SUBSYS_10280228&REV_1002#4&ce4cbcd&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys"
.\debug.cpp(400) : Destination "\Device\S24Trans.sys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(400) : Destination "\Device\{5DBEB105-DEA3-47EE-801E-4F293FD25B2D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&23c30da&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C1FCC185-55B3-4E00-814B-C588A13525E1}#Vid_046d&Pid_c51b&Rev_4600&MI_00&HidFilt#8&1e596276&0&00#{d21a038a-7762-4451-a518-d571b1a7a24a}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&8f22fbf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2831&SUBSYS_02281028&REV_02#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
.\debug.cpp(400) : Destination "\Device\ASWRDR"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
.\debug.cpp(400) : Destination "\Device\aswSP_Avar"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{44EC6091-3E12-438A-8E58-16BC7BF593D8}"
.\debug.cpp(400) : Destination "\Device\{44EC6091-3E12-438A-8E58-16BC7BF593D8}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Packet"
.\debug.cpp(400) : Destination "\Device\Packet"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(400) : Destination "\Device\{6AFC366D-296E-4803-8210-5117A775E02D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskFUJITSU_MHW2120BH_______________________00850012#5&12a65145&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(400) : Destination "\Device\{56CC6EED-384D-4B1A-85FC-3B3D4325D71F}"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`05649600
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;


Here is the ESET log:C:\Documents and Settings\Ellen\Application Data\Adobe\plugs\KB222468.exe a variant of Win32/Cimag.ED trojan cleaned by deleting - quarantined
C:\Documents and Settings\Ellen\Application Data\Adobe\plugs\KB238000.exe a variant of Win32/Kryptik.HYW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Olmarik.ADA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\ocifukifurizevul.dll.vir a variant of Win32/Cimag.EE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\WAVAB32.dll.vir a variant of Win32/Cimag.ED trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000085.dll Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000086.exe Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000087.dll Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP11\A0007249.exe a variant of Win32/Cimag.ED trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP11\A0007250.exe a variant of Win32/Kryptik.HYW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0007063.dll a variant of Win32/Cimag.EE trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0007064.dll a variant of Win32/Cimag.ED trojan cleaned by deleting - quarantined


Here is the OTL log (no extras.txt):

OTL logfile created on: 11/10/2010 9:18:35 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Ellen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 15.02 Gb Free Space | 13.75% Space Free | Partition Type: NTFS
Drive D: | 587.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP | User Name: Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/06 19:08:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\OTL.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/25 11:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2004/02/19 02:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP1.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/06 19:08:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/05/04 13:47:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/05/25 11:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2004/02/19 02:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01) EPSON V3 Service2(03)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\4.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ellen\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/26 09:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/12 18:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/06 15:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 14:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/18 11:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/05/09 10:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/08 20:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/04/23 21:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/23 21:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/23 21:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/05 03:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/12/18 19:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/01/27 19:06:30 | 000,508,304 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca50xav.sys -- (Ca50xav)
DRV - [2003/05/14 17:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk50x.sys -- (USBCamera)
DRV - [2001/09/10 12:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[2010/11/05 21:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/14 08:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008/01/23 01:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/11/08 21:01:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ellen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ellen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/04/20 18:25:37 | 000,000,242 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 20:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/10 19:43:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/08 21:24:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/08 20:24:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/06 20:02:20 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Ellen\Desktop\remover.exe
[2010/11/06 20:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/06 19:07:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\OTL.exe
[2010/11/06 12:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Desktop\gmer
[2010/11/05 22:07:14 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/05 22:07:13 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/05 22:07:11 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/05 22:07:09 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/05 22:07:06 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/05 22:07:06 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/05 22:07:05 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/05 22:06:53 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/05 22:06:52 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/05 22:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/05 22:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/05 21:58:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ellen\Recent
[2010/11/05 21:24:01 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/11/05 20:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Desktop\backups
[2010/11/05 19:33:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ellen\Desktop\HijackThis.exe
[2010/11/05 17:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/11/04 21:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/04 21:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/11/04 20:42:31 | 011,701,704 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ellen\Desktop\windows-kb890830-v3.12.exe
[2010/11/04 18:27:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/04 18:27:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/04 18:27:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/04 18:09:46 | 000,546,224 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ellen\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/11/04 17:41:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/04 10:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/04 10:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/04 10:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/04 10:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/02 18:10:23 | 000,000,000 | ---D | C] -- C:\v2d
[2010/11/02 18:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video2Dvd
[2010/10/14 05:29:54 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 05:29:53 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 05:29:53 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 05:29:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/10 08:45:37 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Hawk_Current_Event_for_Health.doc
[2010/11/10 06:44:53 | 000,065,723 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/11/09 17:09:51 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Microsoft Excel.lnk
[2010/11/09 16:21:24 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/11/09 16:21:24 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/11/08 21:32:01 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 21:32:01 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 21:28:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/08 21:27:47 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/11/08 21:27:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/08 21:27:35 | 2145,579,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 21:01:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/08 20:23:25 | 003,906,043 | R--- | M] () -- C:\Documents and Settings\Ellen\Desktop\1234.scr
[2010/11/08 19:26:33 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cvopocalolac.dat
[2010/11/08 08:22:14 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Microsoft Word.lnk
[2010/11/08 07:29:31 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\MBRCheck.exe
[2010/11/08 06:48:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Gjonadewilulokuz.bin
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/06 19:08:55 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\bootkit_remover.rar
[2010/11/06 19:08:24 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\RKUnhookerLE.EXE
[2010/11/06 19:08:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\OTL.exe
[2010/11/06 12:28:39 | 000,287,041 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\gmer.zip
[2010/11/06 12:18:55 | 000,629,248 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\dds.scr
[2010/11/05 22:07:15 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/05 22:07:07 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/05 21:45:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\housecall.guid.cache
[2010/11/05 09:50:02 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\sar_15_sfx.exe
[2010/11/05 08:35:40 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\HiJackThis.msi
[2010/11/05 08:35:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ellen\Desktop\HijackThis.exe
[2010/11/04 21:59:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/04 20:08:04 | 011,701,704 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ellen\Desktop\windows-kb890830-v3.12.exe
[2010/11/04 18:48:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101104-200612.backup
[2010/11/04 18:06:48 | 000,546,224 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ellen\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/11/03 20:45:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/03 05:44:22 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/02 18:11:11 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2010/11/02 18:10:17 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Total Video2Dvd.lnk
[2010/11/02 18:10:17 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Total Video Player.lnk
[2010/10/14 19:23:41 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/10 07:10:38 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Hawk_Current_Event_for_Health.doc
[2010/11/09 16:21:24 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/11/09 16:21:24 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/11/08 21:27:35 | 2145,579,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 20:23:19 | 003,906,043 | R--- | C] () -- C:\Documents and Settings\Ellen\Desktop\1234.scr
[2010/11/08 07:29:31 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\MBRCheck.exe
[2010/11/06 19:08:55 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\bootkit_remover.rar
[2010/11/06 19:08:23 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\RKUnhookerLE.EXE
[2010/11/06 12:28:39 | 000,287,041 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\gmer.zip
[2010/11/06 12:18:55 | 000,629,248 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\dds.scr
[2010/11/05 22:07:15 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/05 21:45:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\housecall.guid.cache
[2010/11/05 19:33:08 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\HiJackThis.msi
[2010/11/05 17:00:57 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\sar_15_sfx.exe
[2010/11/04 18:27:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/04 18:27:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/04 18:27:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/04 18:27:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/04 18:27:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/04 12:59:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/02 18:11:11 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2010/11/02 18:10:17 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Total Video2Dvd.lnk
[2010/11/02 18:10:17 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Total Video Player.lnk
[2010/09/23 19:25:44 | 000,160,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/23 14:16:18 | 000,000,043 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/07/19 20:03:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/07/19 11:30:52 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Ellen\Application Data\setup_ldm.iss
[2009/04/25 11:28:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/07 07:24:15 | 000,000,530 | ---- | C] () -- C:\WINDOWS\emifokel.dll
[2009/04/07 07:18:58 | 000,000,530 | ---- | C] () -- C:\WINDOWS\puinviet.dll
[2009/04/07 07:09:07 | 000,000,530 | ---- | C] () -- C:\WINDOWS\epulezelag.dll
[2009/04/05 21:50:29 | 000,000,528 | ---- | C] () -- C:\WINDOWS\ewevadaz.dll
[2008/05/13 21:48:32 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\Ellen\Application Data\burnaware.ini
[2008/04/30 20:01:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Widgets
[2008/04/30 20:01:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Ellen\Application Data\Utilities
[2008/04/30 19:52:33 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/04/30 19:07:47 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/01 09:20:29 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\Dext504.ini
[2007/12/11 11:13:35 | 000,000,630 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/10 15:26:50 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\Ellen\Application Data\wklnhst.dat
[2007/09/22 07:39:36 | 000,008,881 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2007/09/12 20:27:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/05 02:52:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/05 02:49:54 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/09/05 02:18:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/05 02:18:06 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/05 02:18:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/05 02:18:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/05 02:18:05 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/05 02:16:59 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 AM

Posted 10 November 2010 - 10:06 PM

Hello,

We are getting close to being all done.

1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Otl
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
    
    :Files
    C:\WINDOWS\Gjonadewilulokuz.bin
    C:\WINDOWS\emifokel.dll
    C:\WINDOWS\puinviet.dll
    C:\WINDOWS\epulezelag.dll
    C:\WINDOWS\ewevadaz.dll
    
    :commands
    [Emptytemp]
    [CREATERESTOREPOINT]
    [RESETHOSTS] 
    [EMPTYFLASH]]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

2.
Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

3.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

4.
  • 1. Double click on the Posted Image icon on your desktop.
    2. Under the Custom Scan box paste this in
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    3. Push the Quick Scan button.
    4. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply::
OTL fix log
MBAm log
A new OTL.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 knerrd

knerrd
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 11 November 2010 - 07:36 PM

Thank you. The computer is running fine except for one thing. I can not update the avast virus definitions. I keeps saying cannot connect to the server. I have even uninstalled and reinstalled. Any ideas?

Here is the first OTL log:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Here is the MBAM log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5096

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/11/2010 6:56:24 PM
mbam-log-2010-11-11 (18-56-24).txt

Scan type: Quick scan
Objects scanned: 147573
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


There was no extra.txt log. Here is the OTL.txt log:


OTL logfile created on: 11/11/2010 7:21:06 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Ellen\Desktop\Software
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.21 Gb Total Space | 14.79 Gb Free Space | 13.55% Space Free | Partition Type: NTFS
Drive D: | 587.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAPTOP | User Name: Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/06 19:08:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\Software\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/25 11:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2004/02/19 02:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP1.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/06 19:08:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ellen\Desktop\Software\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/09/24 13:57:34 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/24 13:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2008/05/04 13:47:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/05/25 11:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2004/02/19 02:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01) EPSON V3 Service2(03)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\4.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Ellen\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/26 09:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/12 18:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/06 15:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/06/03 14:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/18 11:41:30 | 000,037,760 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/05/09 10:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/05/08 20:22:58 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/04/23 21:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/23 21:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/23 21:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/05 03:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/12/18 19:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/01/27 19:06:30 | 000,508,304 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca50xav.sys -- (Ca50xav)
DRV - [2003/05/14 17:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk50x.sys -- (USBCamera)
DRV - [2001/09/10 12:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[2010/11/05 21:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/14 08:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008/01/23 01:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2010/11/11 18:45:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ellen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ellen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/04/20 18:25:37 | 000,000,242 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/11 19:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/11 18:44:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/10 22:01:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ellen\Recent
[2010/11/10 21:52:05 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/10 21:52:05 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/10 21:52:03 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/10 21:52:01 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/10 21:51:59 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/10 21:51:59 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/10 21:51:58 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/10 21:51:42 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/10 21:51:41 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/10 21:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Desktop\Software
[2010/11/10 20:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/10 19:43:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/08 21:24:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/08 20:24:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/06 20:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/11/05 22:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/05 22:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/05 21:24:01 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/11/05 20:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ellen\Desktop\backups
[2010/11/05 17:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/11/04 21:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/04 21:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/11/04 18:27:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/04 18:27:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/04 18:27:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/04 17:41:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/04 10:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/04 10:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/04 10:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/04 10:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/02 18:10:23 | 000,000,000 | ---D | C] -- C:\v2d
[2010/11/02 18:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video2Dvd

========== Files - Modified Within 30 Days ==========

[2010/11/11 19:17:23 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/11 19:17:23 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/11 19:13:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 19:13:22 | 000,065,723 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/11/11 19:13:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/11/11 19:13:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 19:12:57 | 2145,579,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 18:45:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/11/11 15:06:43 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Microsoft Word.lnk
[2010/11/10 21:52:06 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/10 21:51:59 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/10 08:45:37 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Hawk_Current_Event_for_Health.doc
[2010/11/09 17:09:51 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Microsoft Excel.lnk
[2010/11/09 16:21:24 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/11/09 16:21:24 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/11/08 21:01:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101110-220033.backup
[2010/11/08 19:26:33 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cvopocalolac.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/05 21:45:28 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\housecall.guid.cache
[2010/11/04 21:59:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/04 18:48:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101104-200612.backup
[2010/11/03 20:45:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/03 05:44:22 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/02 18:11:11 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2010/11/02 18:10:17 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Total Video2Dvd.lnk
[2010/11/02 18:10:17 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Ellen\Desktop\Total Video Player.lnk
[2010/10/14 19:23:41 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI

========== Files Created - No Company Name ==========

[2010/11/10 21:52:06 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/10 07:10:38 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Hawk_Current_Event_for_Health.doc
[2010/11/09 16:21:24 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/11/09 16:21:24 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/11/08 21:27:35 | 2145,579,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/05 21:45:28 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\housecall.guid.cache
[2010/11/04 18:27:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/04 18:27:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/04 18:27:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/04 18:27:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/04 18:27:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/04 12:59:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/02 18:11:11 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2010/11/02 18:10:17 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Total Video2Dvd.lnk
[2010/11/02 18:10:17 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Ellen\Desktop\Total Video Player.lnk
[2010/09/23 19:25:44 | 000,160,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/23 14:16:18 | 000,000,043 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/07/19 20:03:35 | 000,000,436 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/07/19 11:30:52 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Ellen\Application Data\setup_ldm.iss
[2009/04/25 11:28:33 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/13 21:48:32 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\Ellen\Application Data\burnaware.ini
[2008/04/30 20:01:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Widgets
[2008/04/30 20:01:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Ellen\Application Data\Utilities
[2008/04/30 19:52:33 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/04/30 19:07:47 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\Ellen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/01 09:20:29 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\Dext504.ini
[2007/12/11 11:13:35 | 000,000,630 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/10 15:26:50 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\Ellen\Application Data\wklnhst.dat
[2007/09/22 07:39:36 | 000,008,881 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2007/09/12 20:27:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/05 02:52:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/05 02:49:54 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/09/05 02:18:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/05 02:18:06 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/05 02:18:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/05 02:18:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/05 02:18:05 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/05 02:16:59 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/11/05 22:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/12/26 15:44:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/04/30 19:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2008/05/04 20:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/03/14 08:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2008/10/17 17:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/06/07 17:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2007/09/05 02:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2008/04/30 20:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tables
[2007/09/18 19:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/30 19:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/11/02 18:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\FreeMoviesToDVD
[2008/10/19 11:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\GlarySoft
[2008/04/30 09:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\ICQ
[2009/07/19 20:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Leadertech
[2008/11/17 16:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Netscape
[2008/04/30 19:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Nikon
[2008/09/10 07:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\SmartDraw
[2007/10/10 15:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellen\Application Data\Template
[2010/11/11 19:13:10 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/05/04 20:51:01 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/02 18:45:06 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/09/13 19:44:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/08 21:24:52 | 000,012,550 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/09/05 02:20:40 | 000,006,273 | RH-- | M] () -- C:\dell.sdr
[2007/12/23 16:52:31 | 000,026,112 | ---- | M] () -- C:\elf.doc
[2007/12/23 16:55:42 | 000,028,672 | ---- | M] () -- C:\elpher.doc
[2010/11/11 19:12:57 | 2145,579,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/24 20:33:16 | 000,222,406 | ---- | M] () -- C:\IMG.pdf
[2010/02/24 20:37:51 | 000,435,833 | ---- | M] () -- C:\IMG_0001.pdf
[2007/09/13 23:14:58 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/12/02 19:10:54 | 000,009,984 | ---- | M] () -- C:\log.txt
[2010/05/08 08:20:35 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2009/11/12 14:14:01 | 000,019,456 | ---- | M] () -- C:\NewYear's.doc
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/28 10:59:24 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/11 19:12:56 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/02/23 12:34:05 | 000,001,379 | ---- | M] () -- C:\photodex-presenter-install.log
[2007/09/05 02:43:57 | 000,000,174 | ---- | M] () -- C:\Setup.log
[2007/12/23 16:52:46 | 000,019,456 | ---- | M] () -- C:\THE ELF.doc

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 17:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 08:02:06

< >

< End of report >

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:43 AM

Posted 11 November 2010 - 10:52 PM

Hello knerrd,

1.
Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".

2.
  • Download aswClear.exe on to your desktop.
  • Start Windows in Safe Mode.
  • Run aswClear.exe.
  • If you installed Avast! in a different folder than the default, browse for it.
    (Note: Be careful! The content of any folder you choose will be deleted!)
  • Click REMOVE.
  • Restart your computer.
Avast! should now be removed from your PC.

Now try and install Avast again.


3.

Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users