[Closed] Stuck on step 3 of 8

Status
Not open for further replies.
T

tizerist

Posts: 90   +0
Hello, recently my AVG free has been flashing up about one caught infection a day, a far cry from before my last OS re-install, where it would have been around once a month.
Its come to a head now, as my Windows Update has been refusing to update, and when the help box directs me to the WU website, it is always unavailable. Also something in AVG switched itself off, so I decided to try theTechspot Malware 8 steps.

I got as far as step 3, which is MBAW. It will not update. Even in safe mode normal and safe mode with networking. I redownloaded, but still no joy. It says:
program_error_updating (12007, 0, winhttpsendrequest)

There is an alternative way to get the database definitions here (the paragraph If you cannot update MBAM)
http://www.bleepingcomputer.com/forums/topic267354.html
but when I click on that link, and try to select the 2nd option (the offline database installer) I get server not found again.

On the same page, it says to download SUPERAntiSpyware Free, but the free download just says Server not found. Every solution seems to have another hurdle.

So, at this point, I am hereby asking for help. :/
Thanks

PS, In my dxdiag, my display device has no real details. Is this weird?
 

Attachments

  • DxDiag.txt
    40.6 KB · Views: 3
Are you sure you have an internet connection?

Please go on with the remaining scans so I can get some idea of what's on the system.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Thanks Bobbye.
Actually I decided to run the app without updating, it found and fixed 16 errors, and it will now update.
Shall I post the two logs, one before the update and one after?

I shall begin step 4 after that and report back. Thanks again.
 
Theres two logs here.
First scan, before update:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

28/03/2011 23:17:31
mbam-log-2011-03-28 (23-17-31).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 741740
Time elapsed: 1 hour(s), 21 minute(s), 40 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
c:\Windows\Temp\mrtA3AD.tmp\stdrt.exe (Trojan.FakeMS) -> 2912 -> Unloaded process successfully.

Memory Modules Infected:
c:\Users\tizerist\AppData\Local\icosifadujuge.dll (Trojan.Agent.U) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Yyequlidemawixo (Trojan.Agent.U) -> Value: Yyequlidemawixo -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.16,93.188.160.46) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87B6FA7C-ECE9-4144-AA24-A7AD54A7B9BA}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.16,93.188.160.46) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F58B2D0F-5CE8-4458-A92B-DAE4E0B9190C}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.16,93.188.160.46) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F58B2D0F-5CE8-4458-A92B-DAE4E0B9190C}\DhcpNameServer (Trojan.DNSChanger) -> Bad: (93.188.165.16,93.188.160.46) Good: () -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\mrtA3AD.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\err.log2095795 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtA0EF.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\tizerist\AppData\Local\icosifadujuge.dll (Trojan.Agent.U) -> Delete on reboot.


Second scan, after update:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6201

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

29/03/2011 13:13:04
mbam-log-2011-03-29 (13-13-04).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 755998
Time elapsed: 1 hour(s), 22 minute(s), 58 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
c:\Windows\Temp\npwr\setup.exe (Spyware.Passwords.XGen) -> 2832 -> Unloaded process successfully.
c:\Windows\Temp\mrtB115.tmp\stdrt.exe (Trojan.FakeMS) -> 3156 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\npwr\setup.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\Windows\Temp\mrtB115.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\8B8D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtB0D7.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtB6EF.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
 
GMER scan, in safe mode, with only the actual windows drive checked.

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-29 17:07:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 WDC_WD15 rev.20.0
Running: 2vk8ornv.exe; Driver: C:\Users\tizerist\AppData\Local\Temp\kgtorkow.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? C3553A50
INT 0x53 ? C3E40CD0
INT 0x62 ? C3553550
INT 0x63 ? C3553050
INT 0xA2 ? C3E40550
INT 0xA3 ? C35532D0
INT 0xA4 ? C4984CD0
INT 0xB1 ? C3553CD0
INT 0xB2 ? C3E407D0
INT 0xB3 ? C35537D0
INT 0xB4 ? C4984A50

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtProtectVirtualMemory 77604B84 5 Bytes JMP 004A000A
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory 776054C4 5 Bytes JMP 004B000A
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!KiUserExceptionDispatcher 77605BF8 5 Bytes JMP 0028000A
.text C:\Windows\system32\svchost.exe[880] ole32.dll!CoCreateInstance 75D49F3E 5 Bytes JMP 0089000A
.text C:\Windows\Explorer.EXE[1144] ntdll.dll!NtProtectVirtualMemory 77604B84 5 Bytes JMP 004D000A
.text C:\Windows\Explorer.EXE[1144] ntdll.dll!NtWriteVirtualMemory 776054C4 5 Bytes JMP 0052000A
.text C:\Windows\Explorer.EXE[1144] ntdll.dll!KiUserExceptionDispatcher 77605BF8 5 Bytes JMP 0045000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs CD95105C
Device \Device\00000067 -> \??\SCSI#Disk&Ven_WDC_WD15&Prod_00ADFD-00NLR#4&121bb9b9&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----
 
DDS Results
(the last line says Use: "mbr.exe -f" to fix.
I shall wait for instructions, as typing this into the cmd window does nothing, it says mbr.exe is not a recognized command, program, or batch file.)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by tizerist at 16:16:41.95 on 29/03/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3326.2215 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\TEMP\mrt9C9C.tmp\stdrt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Prio\prio_svc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OfferBox\OfferBox.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\tizerist\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [satdll70snn.exe] c:\windows\system32\config\systemprofile\appdata\roaming\35539030355c9017cc37d5d29aa711ed\satdll70snn.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: <NO NAME> =
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\tizerist\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
AppInit_DLLs: prio.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tizerist\appdata\roaming\mozilla\firefox\profiles\cglh3p0o.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/sport1/hi/football/teams/c/chelsea/default.stm
FF - component: c:\program files\offerbox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Update Service: updater@foxstart.com - c:\program files\mozilla firefox\extensions\updater@foxstart.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Update Service: updater@foxstart.com - %profile%\extensions\updater@foxstart.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: OfferBox: offerboxffx@offerbox.com - c:\program files\offerbox\offerboxffx@offerbox.com
FF - Ext: XULRunner: {24BDBA88-2E92-41FA-AC61-D5FFCDE66230} - c:\users\tizerist\appdata\local\{24BDBA88-2E92-41FA-AC61-D5FFCDE66230}
FF - Ext: XULRunner: {AD95ADA7-611A-4F20-9889-1D5FA5EA8788} - c:\windows\system32\config\systemprofile\appdata\local\{AD95ADA7-611A-4F20-9889-1D5FA5EA8788}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-2 218688]
R1 prio;Prio;c:\windows\system32\drivers\prio.sys [2010-7-28 51408]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 prio_svc;Prio Service;c:\program files\prio\prio_svc.exe [2010-7-28 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-3-18 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-2-2 45232]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-24 122984]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe [2011-2-2 823696]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-1 136176]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-27 3847168]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-2-16 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
exefile="%1" %*g???
.
=============== Created Last 30 ================
.
2011-03-28 19:29:26 -------- d-----w- c:\users\tizerist\appdata\roaming\Malwarebytes
2011-03-28 19:29:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-28 19:29:21 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-28 19:29:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-28 19:29:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-27 15:11:06 0 ----a-w- c:\users\tizerist\appdata\local\Lpagahatewisu.bin
2011-03-27 15:11:05 -------- d-----w- c:\users\tizerist\appdata\local\{24BDBA88-2E92-41FA-AC61-D5FFCDE66230}
2011-03-27 15:09:42 -------- d-----w- c:\users\tizerist\appdata\roaming\OfferBox
2011-03-27 15:09:41 -------- d-----w- c:\program files\OfferBox
2011-03-24 23:34:27 -------- d-----w- c:\progra~2\ePfDcCgDgAm01804
2011-03-22 17:38:12 -------- d-----w- c:\users\tizerist\appdata\local\{F9C4DEDB-9634-4827-8DB0-45FB31474428}
2011-03-21 22:26:18 -------- d-----w- c:\users\tizerist\appdata\local\{EB548482-BDF6-4E4D-87F7-DD875C62EE21}
2011-03-21 22:25:54 -------- d-----w- c:\users\tizerist\Tracing
2011-03-21 21:56:14 -------- d-----w- c:\windows\PCHEALTH
2011-03-20 15:25:24 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-20 15:25:23 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-20 15:25:23 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-20 15:19:12 -------- d-----w- c:\program files\Windows Portable Devices
2011-03-20 15:16:26 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-20 15:16:24 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-20 15:16:24 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-20 15:16:24 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-20 15:16:24 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-20 15:16:24 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-20 15:16:23 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-20 15:14:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-20 15:14:53 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-20 15:14:53 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-20 15:14:28 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-03-20 15:14:28 453152 ----a-w- c:\windows\system32\nvuninst.exe
2011-03-20 15:11:51 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-20 15:11:51 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-03-20 15:11:46 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-20 15:11:41 471552 ----a-w- c:\windows\system32\secproc.dll
2011-03-20 15:11:40 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-03-20 15:11:33 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-03-20 15:11:33 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-20 15:11:29 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-03-20 15:11:29 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-20 15:11:23 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-03-20 15:11:23 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-20 15:11:19 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-03-20 14:57:05 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-20 14:55:40 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-03-20 14:54:36 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-03-20 14:53:43 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-03-20 14:53:42 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-20 14:43:10 -------- d-----w- c:\users\tizerist\appdata\local\Windows Live
2011-03-20 14:43:09 -------- d-----w- c:\program files\common files\Windows Live
2011-03-16 21:40:04 -------- d-----w- c:\users\tizerist\appdata\local\PMB Files
2011-03-16 21:40:03 -------- d-----w- c:\progra~2\PMB Files
2011-03-16 21:39:53 -------- d-----w- c:\program files\Pando Networks
2011-03-12 00:19:43 -------- d-----w- c:\program files\iPod
2011-03-12 00:19:42 -------- d-----w- c:\program files\iTunes
2011-03-09 16:53:03 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 16:53:03 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 16:53:03 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 16:53:03 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 16:53:02 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 16:53:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 23:16:32 -------- d-----w- c:\users\tizerist\appdata\roaming\IObit
2011-03-08 22:53:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-05 22:59:42 1227264 ----a-w- c:\windows\system32\dx8vb.dll
2011-03-05 18:49:47 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2011-03-05 18:49:47 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2011-03-05 18:49:47 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2011-03-05 18:49:47 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2011-03-05 18:49:47 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2011-03-05 18:49:41 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2011-03-05 18:49:41 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2011-03-05 13:41:03 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-04 22:59:57 -------- d-----w- c:\users\tizerist\appdata\local\THQ
2011-03-02 20:47:43 -------- d-----w- c:\windows\system32\directx
.
==================== Find3M ====================
.
2011-03-29 12:14:46 603270 ----a-w- c:\windows\system32\msvcrt3.dll
2011-02-16 08:26:30 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-16 08:26:30 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-02 17:15:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 15:56:08 823696 ----a-w- c:\windows\system32\regw2.exe
2011-02-01 21:54:04 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-26 23:00:30 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 22:12:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 22:11:58 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-19 07:49:44 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27:00 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27:00 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 21:06:28 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 21:06:22 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 21:06:14 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 21:06:08 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-01-07 21:06:08 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 21:06:08 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 21:06:08 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD15 rev.20.0 -> Harddisk0\DR0 -> \Device\00000069
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0xC530C439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0xc53127d0]; MOV EAX, [0xc531284c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0xE264E912] -> \Device\Harddisk0\DR0[0xC4C6C8E0]
3 CLASSPNP[0xC97C68B3] -> ntkrnlpa!IofCallDriver[0xE264E912] -> [0xC34E9B68]
5 acpi[0xC8E9E6BC] -> ntkrnlpa!IofCallDriver[0xE264E912] -> [0xC34EE590]
\Driver\nvstor32[0xC4587AA8] -> IRP_MJ_CREATE -> 0xC530C439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000067 -> \??\SCSI#Disk&Ven_WDC_WD15&Prod_00ADFD-00NLR#4&121bb9b9&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 293046766 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 16:17:10.83 ===============
 

Attachments

  • Attach.txt
    12.4 KB · Views: 0
Sorry for the delay- already explained. You have multiple issies going on. Please do the following first:

Reset File Extension
Open a Commnad Prompt: Start> Run> type in cms> enter> copy the contents of the Code box and paste them into the cmd prompt:
C:\> assoc .exe=exefile
C:\> ftype exefile="%1" %*
Click to expand...
Press enter, then close. Reboot.
====================================
DNS Changer
You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

Exit the Command prompt when finished and shut the system down.-

  • [1]. Shut down your computer, and any other computer connected to your router.
    [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
    [3]. Unplug the router. Wait sixty seconds.
    [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
    [5].With the router unplugged, start your computer. Run MBAM again.
    [6].Connect to the router again. The turn the router back on.
    [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
    [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
====================================
Bootkit Remover:

Download bootkitremover.rar and save to your desktop.
  1. Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
  2. Double-click on the remover.exe file to run the program.
    NOTE: The tool should be run from a command line with Administrator privileges.
  3. Scanning should be completed quickly
  4. Paste the output in your next reply.
remover.jpg

=====================================
Please open the Attach.txt log and paste it also in the next reply. The directions say to ignore the [zip] instruction and paste th log in.
==============================================
Then Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Bobbye said:
Reset File Extension
Open a Commnad Prompt: Start> Run> type in cms> enter> copy the contents of the Code box and paste them into the cmd prompt:
Click to expand...

Hi thanks Bobbye. I was a little baffled there, but this is what I done:

Opened the cmd box
Then typed in

assoc .exe=exefile
Pressed enter, then
ftype exefile="%1" %*
Pressed enter, then closed box.
Rebooted.

If that bits ok, then the reset part I will do in a few hours, as it means switching my mums tv off, and that can be unwise. Cheers.

PS: What should I do about the green part in post 6?
 
"Green part in Post 6"

Bootkit Remover:

Download bootkitremover.rar and save to your desktop.
  1. Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
  2. Double-click on the remover.exe file to run the program.
    NOTE: The tool should be run from a command line with Administrator privileges.
  3. Scanning should be completed quickly
  4. Paste the output in your next reply.
remover.jpg

=====================================
There is only so much we can do at one time! Right now, your searches are being redirected to a site in the Ukraine. So you might want to tell 'mum' shoe needs to be without the TV for a few minutes! Print the instruction out- go step by step-it only takes a few minutes.
 
Bootkit remover log

.\debug.cpp(238) : Debug log started at 31.03.2011 - 03:36:17
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0xe263c000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0xe2609000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0xc5374000 0x00003000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0xc8c09000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0xc8c79000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0xc8c8a000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xc8c92000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0xc8cd3000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0xc8e00000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0xc8e7c000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0xc8e89000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0xc8ecf000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0xc8ed8000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0xc8ee0000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0xc8f07000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0xc8f16000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0xc8f25000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0xc8f6f000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
.\debug.cpp(256) : 0xc8f76000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0xc8f84000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0xc8f94000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0xc8f9c000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0xc8fba000 0x0000d000 "\SystemRoot\system32\drivers\nvstor.sys"
.\debug.cpp(256) : 0xc8db3000 0x00041000 "\SystemRoot\system32\drivers\storport.sys"
.\debug.cpp(256) : 0xc8fc7000 0x00036000 "\SystemRoot\system32\DRIVERS\Si3531.sys"
.\debug.cpp(256) : 0xc9006000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0xc902c000 0x0001d000 "\SystemRoot\system32\DRIVERS\nvstor32.sys"
.\debug.cpp(256) : 0xc9049000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0xc907b000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0xc908b000 0x00003000 "\SystemRoot\system32\DRIVERS\SiWinAcc.sys"
.\debug.cpp(256) : 0xc908e000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0xc9201000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0xc930c000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0xc9337000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0xc90ff000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0xc9372000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0xc9403000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0xc9513000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0xc954c000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0xc9554000 0x00002000 "\SystemRoot\system32\DRIVERS\SiRemFil.sys"
.\debug.cpp(256) : 0xc9556000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0xc9565000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0xc958c000 0x00024000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0xc95b0000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0xc95c1000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0xc95e2000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0xc95eb000 0x00005000 "\SystemRoot\system32\DRIVERS\avgrkx86.sys"
.\debug.cpp(256) : 0xc95f0000 0x00009000 "\SystemRoot\system32\DRIVERS\AVGIDSEH.Sys"
.\debug.cpp(256) : 0xc939a000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0xc93a5000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0xc93ae000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xcd600000 0x009fa000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0xcdffa000 0x00002000 "\SystemRoot\System32\Drivers\nvBridge.kmd"
.\debug.cpp(256) : 0xcd004000 0x000a0000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0xcd0a4000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0xcd0b0000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xcd13d000 0x0000b000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xcd148000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xcd162000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xcd16c000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xcd184000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xcd197000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xcd1a2000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xcd1ad000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xcd1b7000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xc93bd000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xc93cc000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xcd1f5000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xcd207000 0x00080000 "\SystemRoot\system32\drivers\ctaud2k.sys"
.\debug.cpp(256) : 0xcd287000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xcd2b4000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xcd2d9000 0x0002a000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0xcd303000 0x00034000 "\SystemRoot\system32\drivers\ctoss2k.sys"
.\debug.cpp(256) : 0xcd337000 0x00008000 "\SystemRoot\System32\drivers\ctprxy2k.sys"
.\debug.cpp(256) : 0xcd33f000 0x00003000 "\SystemRoot\system32\DRIVERS\ctgame.sys"
.\debug.cpp(256) : 0xcd342000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
.\debug.cpp(256) : 0xcd352000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xce00f000 0x00100000 "\SystemRoot\system32\DRIVERS\nvmfdx32.sys"
.\debug.cpp(256) : 0xce10f000 0x00002000 "\SystemRoot\system32\DRIVERS\ASACPI.sys"
.\debug.cpp(256) : 0xce111000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0xce140000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xce14b000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xce162000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xce16d000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xce190000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xce19f000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xce1b3000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0xcd360000 0x00089000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xce1c8000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xce1d8000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xce409000 0x0003b000 "\SystemRoot\system32\DRIVERS\dtsoftbus01.sys"
.\debug.cpp(256) : 0xce444000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xce44e000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0xce45b000 0x0000a000 "\SystemRoot\system32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0xce465000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xce49a000 0x0002b000 "\SystemRoot\System32\drivers\hap16v2k.sys"
.\debug.cpp(256) : 0xce4c5000 0x0010a000 "\SystemRoot\System32\drivers\ha10kx2k.sys"
.\debug.cpp(256) : 0xce5cf000 0x0002f000 "\SystemRoot\System32\drivers\emupia2k.sys"
.\debug.cpp(256) : 0xd1401000 0x00029000 "\SystemRoot\System32\drivers\ctsfm2k.sys"
.\debug.cpp(256) : 0xd142a000 0x0009c000 "\SystemRoot\System32\drivers\ctac32k.sys"
.\debug.cpp(256) : 0xd14c6000 0x0001b000 "\SystemRoot\System32\drivers\COMMONFX.SYS"
.\debug.cpp(256) : 0xd14e1000 0x0008b000 "\SystemRoot\System32\drivers\CTAUDFX.SYS"
.\debug.cpp(256) : 0xd156c000 0x0008e000 "\SystemRoot\System32\drivers\CTSBLFX.SYS"
.\debug.cpp(256) : 0xce1da000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xd160d000 0x00021000 "\SystemRoot\system32\drivers\nvhda32v.sys"
.\debug.cpp(256) : 0xd162e000 0x0000c000 "\SystemRoot\system32\DRIVERS\avgmfx86.sys"
.\debug.cpp(256) : 0xd163a000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xd1643000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xd164a000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xd1651000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xd165d000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xd167e000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xd1686000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0xd168e000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xd1699000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xd16a7000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xd16b0000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0xd16c6000 0x00010000 "\SystemRoot\System32\drivers\prio.sys"
.\debug.cpp(256) : 0xd16d6000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0xd16ea000 0x00048000 "\SystemRoot\system32\DRIVERS\avgtdix.sys"
.\debug.cpp(256) : 0xd1732000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xd1764000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0xd17ac000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0xd17c2000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xd17d0000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xd1a06000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xd1a42000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0xd1a4c000 0x0005b000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0xd1aa7000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0xd1abe000 0x0003c000 "\SystemRoot\system32\DRIVERS\avgldx86.sys"
.\debug.cpp(256) : 0xd1afa000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xd1b03000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xd1b13000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xd1b1a000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xd9460000 0x00203000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xd1b29000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xd1b33000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0xd9680000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0xd96a0000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0xd1b42000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0xe3e00000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0xe3eb0000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0xe3ec0000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0xe3ed3000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0xe3ee9000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0xe3f56000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0xe3f5f000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xe3f7c000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0xe3f95000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0xe3faa000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys"
.\debug.cpp(256) : 0xe3fcb000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xd1b5d000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0xd1b96000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0xd1bae000 0x00028000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xe580e000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xe585c000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0xe5863000 0x0000b000 "\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys"
.\debug.cpp(256) : 0xe586e000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0xe5896000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xe5974000 0x00017000 "\??\C:\Windows\system32\drivers\PfModNT.sys"
.\debug.cpp(256) : 0xe598b000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xe5995000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xe59a1000 0x0000a000 "\SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys"
.\debug.cpp(256) : 0xe59ab000 0x00028000 "\SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys"
.\debug.cpp(256) : 0x77210000 0x00128000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_0E8F&PID_0003#6&273d3628&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0373&SUBSYS_81FB1043&REV_A2#3&2411e6fe&0&88#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0E22&SUBSYS_23221462&REV_A1#4&15f80c0a&0&0018#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\RaidPort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_036D&SUBSYS_81FB1043&REV_A2#3&2411e6fe&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_WDC_WD15&Prod_00ADFD-00NLR#4&121bb9b9&0&010100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000068"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001#5&17e86fac&0&0001#{2f3e4dc3-3dd9-47ea-8aa4-8155ec2c643e}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ATKACPI"
.\debug.cpp(400) : Destination "\Device\ATKACPI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{91b95a8b-2e4a-11e0-9ba9-001a92b2c9cc}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) : Destination "\Device\Tun0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&1dd893cd&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
.\debug.cpp(400) : Destination "\Device\RaidPort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_10021102&REV_04#4&276fbec1&0&3078#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{d35f7840-6a0c-11d2-b841-00c04fad5171}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTSBLFX.SYS"
.\debug.cpp(400) : Destination "\Device\CTSBLFX.SYS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_10021102&REV_04#4&276fbec1&0&3078#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_10021102&REV_04#4&276fbec1&0&3078#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) : Destination "\Device\SpDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
.\debug.cpp(400) : Destination "\Device\RaidPort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAntiRootkit"
.\debug.cpp(400) : Destination "\Device\AvgAntiRootkit"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7FA0D6B0-14D7-4C0D-82CC-53F599839578}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PfModNT"
.\debug.cpp(400) : Destination "\Device\PfModNT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0E8F&PID_0003#5&9fe80dd&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001#5&17e86fac&0&0301#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001#5&17e86fac&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HAP16V2K"
.\debug.cpp(400) : Destination "\Device\HAP16V2K"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureA7455384Offset7E00Length74720AA200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature56906F38Offset100000Length22EEF00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgTdi"
.\debug.cpp(400) : Destination "\Device\AvgTdi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi6:"
.\debug.cpp(400) : Destination "\Device\RaidPort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6fd5d7c8-2e46-11e0-8242-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomDVDRW_IDE_H16X__________________________B02V____#5&25471304&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001#5&17e86fac&0&0101#{2f3e4dc3-3dd9-47ea-8aa4-8155ec2c643e}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EMUPIA"
.\debug.cpp(400) : Destination "\Device\EMUPIA"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{4959d7e8-2ef6-11e0-87b7-001a92b2c9cc}"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Avg7Rs"
.\debug.cpp(400) : Destination "\Device\Avg7Rs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_ST315005&Prod_41AS#4&24d56a5e&0&010100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000069"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#BNQ7824#5&390a43ab&0&UID1048832#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6fd5d7c3-2e46-11e0-8242-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&1dd893cd&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001#5&17e86fac&0&0101#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_036C&SUBSYS_81FB1043&REV_A1#3&2411e6fe&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NvAdminDevice"
.\debug.cpp(400) : Destination "\Device\NvAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DR2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0E22&SUBSYS_23221462&REV_A1#4&15f80c0a&0&0018#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&501d265&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Dbg"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Dbg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAviLdr"
.\debug.cpp(400) : Destination "\Device\AvgAviLdrDev"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0373&SUBSYS_81FB1043&REV_A2#3&2411e6fe&0&90#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F58B2D0F-5CE8-4458-A92B-DAE4E0B9190C}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_037F&SUBSYS_81FB1043&REV_A2#3&2411e6fe&0&71#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0027"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_7003&SUBSYS_00601102&REV_04#4&276fbec1&0&3178#{cae56030-684a-11d0-d6f6-00a0c90f57da}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6fd5d7c7-2e46-11e0-8242-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#BNQ7824#5&390a43ab&0&UID1048832#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\00000079"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTAUDFX.SYS"
.\debug.cpp(400) : Destination "\Device\CTAUDFX.SYS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DTSoftBusCtl"
.\debug.cpp(400) : Destination "\Device\DTSoftBusCtl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1bc39950&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&b9309a3&0&0#{53f56311-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_10021102&REV_04#4&276fbec1&0&3078#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9A54B7DE-120A-43C4-B237-14A153AFE435}"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\00000063"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1095&DEV_3531&SUBSYS_14981043&REV_01#4&16914e9e&0&00B8#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#5&b9309a3&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DTSOFTBUS&Rev1#DTCDROM&Rev1#1&79f5d87&2&00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D5D5688C-1701-4494-9BDE-6AF43C1DCD31}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4862E7F9-4A6A-48B6-AC63-61C9B036CEBD}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ack"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Ack"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0373&SUBSYS_81FB1043&REV_A2#3&2411e6fe&0&88#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_037F&SUBSYS_81FB1043&REV_A2#3&2411e6fe&0&72#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0028"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTPROXY"
.\debug.cpp(400) : Destination "\Device\CTPROXY"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&1d62032d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000003f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureEF2588FDOffset7E00Length22EE6E0200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSShim"
.\debug.cpp(400) : Destination "\Device\AVGIDSShim"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{87B6FA7C-ECE9-4144-AA24-A7AD54A7B9BA}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) : Destination "\Device\ASYNCMAC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001#5&17e86fac&0&0301#{2f3e4dc3-3dd9-47ea-8aa4-8155ec2c643e}"
.\debug.cpp(400) : Destination "\Device\00000073"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_81FE1043&REV_C0#4&276fbec1&0&3878#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2e7497b5&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6fd5d7c4-2e46-11e0-8242-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomDVDRW_IDE_H16X__________________________B02V____#5&25471304&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#1#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS1"
.\debug.cpp(400) : Destination "\Device\1394BUS1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSErHr"
.\debug.cpp(400) : Destination "\Device\AVGIDSErHr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{441234F5-DEAA-43CB-A47A-1F1E3DC6F2BC}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HA10KX2K"
.\debug.cpp(400) : Destination "\Device\HA10KX2K"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_037F&SUBSYS_81FB1043&REV_A2#3&2411e6fe&0&70#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DTSOFTBUS&Rev1#DTCDROM&Rev1#1&79f5d87&2&00#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000006c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001#5&17e86fac&0&0201#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0373&SUBSYS_81FB1043&REV_A2#3&2411e6fe&0&90#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COMMONFX.SYS"
.\debug.cpp(400) : Destination "\Device\COMMONFX.SYS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_10021102&REV_04#4&276fbec1&0&3078#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_WDC_WD15&Prod_00ADFD-00NLR#4&121bb9b9&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000067"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Prio"
.\debug.cpp(400) : Destination "\Device\Prio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ctl"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Ctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Scsi\Si35311"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001#5&17e86fac&0&0201#{2f3e4dc3-3dd9-47ea-8aa4-8155ec2c643e}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{180F0C5B-E52F-42D0-9872-09CAE6FF6621}"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7A89A95C-16FD-4E7B-8578-71BDDF093F0B}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{737A20C3-2927-422C-9420-698FD1EDC3D1}"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTAC32K"
.\debug.cpp(400) : Destination "\Device\CTAC32K"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_4001&SUBSYS_00101102&REV_04#4&276fbec1&0&3278#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Evt"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Evt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTSFM2K"
.\debug.cpp(400) : Destination "\Device\CTSFM2K"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2e7497b5&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 139 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;
 
Combofix log
It appeared to stop working a few times while doing its stuff, but when I clicked 'close program' it carried on with the process.
And it made me uninstall my AVG free. Can I re-install it now?

ComboFix 11-03-30.01 - tizerist 31/03/2011 5:17.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3326.2952 [GMT 1:00]
Running from: c:\users\tizerist\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OfferBox
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxBHO.dll
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf
c:\program files\OfferBox\OfferBoxLauncher.exe
c:\program files\OfferBox\res\language.xml
c:\program files\OfferBox\res\loader.gif
c:\program files\OfferBox\uninst.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\OfferBox Browser.lnk
c:\users\tizerist\AppData\Local\{24BDBA88-2E92-41FA-AC61-D5FFCDE66230}
c:\users\tizerist\AppData\Local\{24BDBA88-2E92-41FA-AC61-D5FFCDE66230}\chrome.manifest
c:\users\tizerist\AppData\Local\{24BDBA88-2E92-41FA-AC61-D5FFCDE66230}\chrome\content\_cfg.js
c:\users\tizerist\AppData\Local\{24BDBA88-2E92-41FA-AC61-D5FFCDE66230}\chrome\content\overlay.xul
c:\users\tizerist\AppData\Local\{24BDBA88-2E92-41FA-AC61-D5FFCDE66230}\install.rdf
c:\users\tizerist\AppData\Roaming\Microsoft\Windows\Recent\WHITE AVATAR IN SAN ANDREAS.url
c:\users\tizerist\AppData\Roaming\OfferBox
c:\users\tizerist\AppData\Roaming\OfferBox\config.dat
c:\users\tizerist\AppData\Roaming\OfferBox\config.xml
c:\windows\System32\config\systemprofile\AppData\Local\{AD95ADA7-611A-4F20-9889-1D5FA5EA8788}
c:\windows\System32\config\systemprofile\AppData\Local\{AD95ADA7-611A-4F20-9889-1D5FA5EA8788}\chrome.manifest
c:\windows\System32\config\systemprofile\AppData\Local\{AD95ADA7-611A-4F20-9889-1D5FA5EA8788}\chrome\content\_cfg.js
c:\windows\System32\config\systemprofile\AppData\Local\{AD95ADA7-611A-4F20-9889-1D5FA5EA8788}\chrome\content\overlay.xul
c:\windows\System32\config\systemprofile\AppData\Local\{AD95ADA7-611A-4F20-9889-1D5FA5EA8788}\install.rdf
c:\windows\system32\config\systemprofile\AppData\Roaming\35539030355C9017CC37D5D29AA711ED
c:\windows\system32\config\systemprofile\AppData\Roaming\35539030355C9017CC37D5D29AA711ED\enemies-names.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\35539030355C9017CC37D5D29AA711ED\local.ini
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\plugs
c:\windows\system32\config\systemprofile\AppData\Roaming\Adobe\shed
c:\windows\system32\config\systemprofile\AppData\Roaming\OfferBox
c:\windows\system32\config\systemprofile\AppData\Roaming\OfferBox\config.dat
c:\windows\system32\config\systemprofile\AppData\Roaming\OfferBox\config.xml
c:\windows\system32\regw2.exe
.
Infected copy of c:\windows\system32\drivers\csc.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.0.6001.18000_none_9e4848e75be74a16\csc.sys
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FLEXnet Licensing Manager
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 04:24 . 2011-03-31 04:26 -------- d-----w- c:\users\tizerist\AppData\Local\temp
2011-03-31 04:24 . 2011-03-31 04:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-31 04:24 . 2011-03-31 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 20:34 . 2011-03-29 20:37 -------- d-----w- c:\users\tizerist\AppData\Roaming\Yrnofu
2011-03-29 20:34 . 2011-03-29 20:35 -------- d-----w- c:\users\tizerist\AppData\Roaming\Zeewot
2011-03-29 15:40 . 2011-03-31 03:33 20 ----a-w- c:\windows\system32\setup.bat
2011-03-29 15:40 . 2011-03-31 03:33 1652 ----a-w- c:\windows\system32\setup.reg
2011-03-28 22:03 . 2011-03-28 22:03 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Lpagahatewisu.bin
2011-03-28 19:29 . 2011-03-28 19:29 -------- d-----w- c:\users\tizerist\AppData\Roaming\Malwarebytes
2011-03-28 19:29 . 2011-03-28 19:29 -------- d-----w- c:\programdata\Malwarebytes
2011-03-28 19:29 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-28 19:29 . 2011-03-29 12:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-28 19:29 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-27 15:51 . 2011-03-27 15:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2011-03-27 15:11 . 2011-03-27 23:11 0 ----a-w- c:\users\tizerist\AppData\Local\Lpagahatewisu.bin
2011-03-24 23:34 . 2011-03-24 23:38 -------- d-----w- c:\programdata\ePfDcCgDgAm01804
2011-03-22 17:38 . 2011-03-22 17:38 -------- d-----w- c:\users\tizerist\AppData\Local\{F9C4DEDB-9634-4827-8DB0-45FB31474428}
2011-03-21 22:26 . 2011-03-21 22:26 -------- d-----w- c:\users\tizerist\AppData\Local\{EB548482-BDF6-4E4D-87F7-DD875C62EE21}
2011-03-21 22:25 . 2011-03-22 17:37 -------- d-----w- c:\users\tizerist\Tracing
2011-03-21 21:56 . 2011-03-21 21:56 -------- d-----w- c:\windows\PCHEALTH
2011-03-21 21:55 . 2011-03-21 21:57 -------- d-----w- c:\program files\Windows Live
2011-03-20 15:25 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-20 15:25 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-20 15:25 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-20 15:19 . 2011-03-20 15:19 -------- d-----w- c:\program files\Windows Portable Devices
2011-03-20 15:16 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-20 15:16 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-20 15:16 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-20 15:16 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-20 15:16 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-20 15:16 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-20 15:16 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-20 15:14 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-20 15:14 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-20 15:14 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-20 15:14 . 2008-09-02 15:03 453152 ----a-w- c:\windows\system32\nvuninst.exe
2011-03-20 15:14 . 2008-07-08 08:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-03-20 15:11 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-03-20 15:11 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-20 15:11 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-20 15:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2011-03-20 15:11 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-03-20 15:11 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-03-20 15:11 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-03-20 15:11 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-03-20 15:11 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-03-20 15:11 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-03-20 15:11 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-03-20 15:11 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-03-20 14:57 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-20 14:55 . 2011-01-20 16:08 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-03-20 14:54 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-03-20 14:53 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-03-20 14:53 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-20 14:43 . 2011-03-21 21:58 -------- d-----w- c:\users\tizerist\AppData\Local\Windows Live
2011-03-20 14:43 . 2011-03-20 14:43 -------- d-----w- c:\program files\Common Files\Windows Live
2011-03-16 21:40 . 2011-03-16 22:48 -------- d-----w- c:\users\tizerist\AppData\Local\PMB Files
2011-03-16 21:40 . 2011-03-16 21:40 -------- d-----w- c:\programdata\PMB Files
2011-03-16 21:39 . 2011-03-16 21:40 -------- d-----w- c:\program files\Pando Networks
2011-03-12 00:19 . 2011-03-12 00:19 -------- d-----w- c:\program files\iPod
2011-03-12 00:19 . 2011-03-12 00:20 -------- d-----w- c:\program files\iTunes
2011-03-09 16:53 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 16:53 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 16:53 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 16:53 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 16:53 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 16:53 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 23:16 . 2011-03-27 15:52 -------- d-----w- c:\users\tizerist\AppData\Roaming\IObit
2011-03-08 22:53 . 2011-03-16 21:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-05 22:59 . 2011-03-05 22:48 1227264 ----a-w- c:\windows\system32\dx8vb.dll
2011-03-05 18:49 . 2004-10-22 02:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-03-05 18:49 . 2004-10-22 02:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-03-05 18:49 . 2004-10-22 02:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-03-05 18:49 . 2004-10-22 02:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-03-05 18:49 . 2004-10-22 02:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-03-05 18:49 . 2011-03-05 18:49 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-03-05 18:49 . 2011-03-05 18:49 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-03-05 13:41 . 2011-03-05 13:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-04 22:59 . 2011-03-04 22:59 -------- d-----w- c:\users\tizerist\AppData\Local\THQ
2011-03-04 22:43 . 2011-03-04 22:43 -------- d-----w- c:\program files\7-Zip
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 22:25 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-16 08:26 . 2011-02-16 08:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-16 08:26 . 2011-02-02 14:48 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-02 18:23 . 2011-02-02 18:23 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-02 17:15 . 2011-02-02 17:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 15:54 . 2011-02-02 15:54 40960 ----a-r- c:\users\tizerist\AppData\Roaming\Microsoft\Installer\{BAFA84F8-5A33-4ACD-AD10-58356B27A0F1}\_081473F266264A2383533074B6D4A531.exe
2011-01-26 23:00 . 2011-01-26 23:00 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 22:12 . 2011-01-26 22:12 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-01-20 10:39 . 2011-02-01 22:51 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC2DAE6E-718A-489D-89DB-2D3352D913F7}\mpengine.dll
2011-01-19 07:49 . 2011-01-19 07:49 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-08 08:47 . 2011-02-08 18:39 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-08 18:39 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 03:27 . 2011-02-24 19:41 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-24 19:41 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-24 19:41 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-24 19:41 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2011-02-24 19:41 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-24 19:41 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-24 19:41 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-24 19:41 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-24 19:41 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-24 19:41 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2011-02-24 19:41 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2011-02-24 19:41 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-24 19:41 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-07 21:06 . 2011-01-07 21:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 21:06 . 2011-01-07 21:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 21:06 . 2011-01-07 21:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 21:06 . 2011-01-07 21:06 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-01-07 21:06 . 2011-01-07 21:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 21:06 . 2011-01-07 21:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 21:06 . 2011-01-07 21:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-31 13:57 . 2011-02-08 18:40 2039808 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 12:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTCLiveUpdate]
2004-03-08 13:50 430080 ----a-w- c:\program files\LiveUpdate\LiveUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
2006-11-17 17:42 53341 ------w- c:\program files\Creative\Shared Files\CTSched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2010-03-18 19:17 19456 ----a-w- c:\windows\System32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTStartup]
2002-09-13 01:04 49152 ------w- c:\program files\Creative\Splash Screen\CTEaxSpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 09:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 15:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-03 18:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2005-10-11 20:54 339968 ----a-w- c:\windows\vsnpstd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 11:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-01 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-07-04 3847168]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 99416]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-16 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 555096]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 100952]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 100952]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 566360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-02 218688]
S1 prio;prio;c:\windows\System32\drivers\prio.sys [2010-07-28 51408]
S2 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe [2010-07-28 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 99416]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 555096]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2010-03-18 18904]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 566360]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-10-21 45232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-01 22:23]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-01 22:23]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\tizerist\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
FF - ProfilePath - c:\users\tizerist\AppData\Roaming\Mozilla\Firefox\Profiles\cglh3p0o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.techspot.com/vb/topic163092.html#post1021814
FF - Ext: Update Service: updater@foxstart.com - c:\program files\Mozilla Firefox\extensions\updater@foxstart.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Update Service: updater@foxstart.com - %profile%\extensions\updater@foxstart.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 05:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD15 rev.20.0 -> Harddisk0\DR0 -> \Device\00000066
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0xC52B8439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0xc52be7d0]; MOV EAX, [0xc52be84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0xE268E912] -> \Device\Harddisk0\DR0[0xC4D1BAC8]
3 CLASSPNP[0xC97CB8B3] -> ntkrnlpa!IofCallDriver[0xE268E912] -> [0xC3A34CA8]
5 acpi[0xC8EA06BC] -> ntkrnlpa!IofCallDriver[0xE268E912] -> [0xC2774260]
\Driver\nvstor32[0xC457F108] -> IRP_MJ_CREATE -> 0xC52B8439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000064 -> \??\SCSI#Disk&Ven_WDC_WD15&Prod_00ADFD-00NLR#4&121bb9b9&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 293046766 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-03-31 05:30:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-31 04:30
.
Pre-Run: 52,915,150,848 bytes free
Post-Run: 52,766,998,528 bytes free
.
- - End Of File - - DF84C4C546C1243B42F822DF2EB136B6
 
MBAM Third run, from before the bootkit remover:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6201

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

31/03/2011 04:26:43
mbam-log-2011-03-31 (04-26-43).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 755670
Time elapsed: 51 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FC55E12F-1168-C762-56CD-7043956433D7} (Trojan.ZbotR.Gen) -> Value: {FC55E12F-1168-C762-56CD-7043956433D7} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\mrt98E4.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrt9C9C.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtA3FB.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtA4A7.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtA736.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtAE67.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtC14B.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtC3BB.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrtE465.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
 
Awaiting further instructions.

I'm recieving less redirects than before, but have had a couple of BSOD's:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

Cheers.
 
Three days of working with you, reviewing your logs, taking time to set up what you need to do and you go elswhere and start a new thread with this comment:
Traditionally, I have gone to Techspot for help, but the guy helping me appears to be rather busy.
http://www.bleepingcomputer.com/forums/topic388503.html
Click to expand...

And you tell them :
Hi, I shall try to keep this simple and tidy. Upon googling, I decided I might get help here instead.
Click to expand...

This thread is closed. Moderator has been asked to issue a Warning.
 
Status
Not open for further replies.

Similar threads

D
Google fixes critical Android flaw that could be exploited to hack your phone remotely
Replies
6
Views
288
envirovore
envirovore
midian182
LockBit ransomware group bounces back a week after law enforcement had disrupted hacking...
Replies
0
Views
128
midian182
midian182
A
The US Department of State is still using 13-year-old operating systems
2
Replies
28
Views
988
yRaz
yRaz

Latest posts

Back