TechSpot

Followed The 8-Step Removal Guide - Help Please

Inactive
By Anno
Nov 8, 2010
  1. Hi guys,
    firstly, what an awesome site. So glad I came across it. I have followed the 8-Step guide and as requested, here are my logs....

    Malwarebyte

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    08/11/2010 13:50:27
    mbam-log-2010-11-08 (13-50-27).txt

    Scan type: Quick scan
    Objects scanned: 145393
    Time elapsed: 8 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    GMER

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-08 14:17:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD2500BEVT-00ZCT0 rev.11.01A11
    Running: 38yrcblo.exe; Driver: C:\DOCUME~1\NewUser\LOCALS~1\Temp\pxtdrpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwClose [0xF38F029D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0xF38D98FC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0xF38D9954]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0xF38D9A6A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateKey [0xF38EFC51]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0xF38D9852]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0xF38D99A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0xF38D98A6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0xF38D9A18]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteKey [0xF38F0963]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteValueKey [0xF38F0A6A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDuplicateObject [0xF38DA19C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateKey [0xF38F07CE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateValueKey [0xF38F0639]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0xF38D7D0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0xF38D992C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0xF38D997C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0xF38D9A94]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenKey [0xF38EFFAD]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0xF38D987E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenProcess [0xF38D9FD4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0xF38D99E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0xF38D98D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenThread [0xF38DA0B8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0xF38D9A42]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryKey [0xF38F04B4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0xF38D8832]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryValueKey [0xF38F0306]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF39211B8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0xF38DA310]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0xF38D9F0A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwRestoreKey [0xF38EF2EC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0xF38D7D66]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3920E70]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0xF38D7E76]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSystemDebugControl [0xF38D7E88]

    INT 0x62 ? 86FD5BF8
    INT 0x73 ? 86CBFBF8
    INT 0x83 ? 86CBFBF8
    INT 0x84 ? 86CBFBF8
    INT 0xA4 ? 86FD5BF8

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF392DAC6]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP F3929536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP F392AEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP F392DACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    ? sphi.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6038360, 0x213B6D, 0xE8000020]
    .text USBPORT.SYS!DllUnload F5E938AC 5 Bytes JMP 86CBF1D8
    init C:\WINDOWS\system32\drivers\ti21sony.sys entry point in "init" section [0xF5E77051]
    .rsrc C:\WINDOWS\System32\drivers\afd.sys entry point in ".rsrc" section [0xF3AC1C94]
    ? C:\DOCUME~1\NewUser\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7392042] sphi.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739213E] sphi.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73920C0] sphi.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7392800] sphi.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73926D6] sphi.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A1E9C] sphi.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[164] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
    IAT C:\WINDOWS\system32\services.exe[164] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
    Device \FileSystem\Ntfs \Ntfs 86FD41F8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
    AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbuhci \Device\USBPDO-0 86AD71F8
    Device \Driver\usbuhci \Device\USBPDO-1 86AD71F8
    Device \Driver\usbuhci \Device\USBPDO-2 86AD71F8
    Device \Driver\usbehci \Device\USBPDO-3 86AD61F8
    Device \Driver\usbuhci \Device\USBPDO-4 86AD71F8

    AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys

    Device \Driver\Ftdisk \Device\HarddiskVolume1 86F651F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 86F651F8
    Device \Driver\Cdrom \Device\CdRom0 86A8F1F8
    Device \Driver\Cdrom \Device\CdRom1 86A8F1F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8517FAEA
    Device \Driver\atapi \Device\Ide\IdePort0 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8517FAEA
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8517FAEA
    Device \Driver\atapi \Device\Ide\IdePort1 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8517FAEA
    Device \Driver\atapi \Device\Ide\IdePort2 [F72EDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Cdrom \Device\CdRom2 86A8F1F8
    Device \Driver\Cdrom \Device\CdRom3 86A8F1F8
    Device \Driver\Cdrom \Device\CdRom4 86A8F1F8

    AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

    Device \Driver\usbuhci \Device\USBFDO-0 86AD71F8
    Device \Driver\usbuhci \Device\USBFDO-1 86AD71F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CBE1F8
    Device \Driver\usbuhci \Device\USBFDO-2 86AD71F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CBE1F8
    Device \Driver\usbuhci \Device\USBFDO-3 86AD71F8
    Device \Driver\usbehci \Device\USBFDO-4 86AD61F8
    Device \Driver\Ftdisk \Device\FtControl 86F651F8
    Device \FileSystem\Cdfs \Cdfs 86B561F8
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
    Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD2500BEVT-00ZCT0___________________11.01A11#5&aaba3cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310@002106526949 0x72 0xE1 0x00 0x8F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc02772c
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bdc02772c@002106526949 0xB3 0x0F 0xD0 0x24 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x9C 0x73 0x06 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a310@002106526949 0x72 0xE1 0x00 0x8F ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bdc02772c (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bdc02772c@002106526949 0xB3 0x0F 0xD0 0x24 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x9C 0x73 0x06 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}@iaggmepognjiibbbih 0x6B 0x61 0x6B 0x6A ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}@haabcgbncnalgije 0x6B 0x61 0x6B 0x6A ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}@gajhhnhlppelni 0x61 0x63 0x6A 0x6A ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}@oadfahacemhlmcnegegkmkkkalijfm 0x64 0x61 0x6F 0x6C ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}@oapeafgaomcgkappdfgelakiekblej 0x6A 0x61 0x62 0x6D ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}@najecgpjbofmjndogamchhnklnfb 0x6A 0x61 0x62 0x6D ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sectors 488396912 (+254): rootkit-like behavior;

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\System32\drivers\afd.sys suspicious modification; TDL3 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----





    DDS Attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-08.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25/11/2009 17:28:50
    System Uptime: 11/08/2010 13:59:23 (2137 hours ago)

    Motherboard: Sony Corporation | | VAIO
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | N/A | 1662/167mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 98 GiB total, 7.453 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 135 GiB total, 11.977 GiB free.
    F: is Removable
    G: is CDROM (CDFS)
    H: is CDROM (CDFS)
    I: is CDROM (CDFS)
    J: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Modem Device on High Definition Audio Bus
    Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_104D0200&REV_0900\4&B1E7652&0&0102
    Manufacturer:
    Name: Modem Device on High Definition Audio Bus
    PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_104D0200&REV_0900\4&B1E7652&0&0102
    Service:

    ==== System Restore Points ===================

    RP60: 05/11/2010 03:19:36 - System Checkpoint
    RP61: 06/11/2010 23:33:02 - System Checkpoint
    RP62: 08/11/2010 01:28:39 - System Checkpoint
    RP63: 08/11/2010 13:15:34 - Revo Uninstaller Pro's restore point - Ad-Aware 2007
    RP64: 08/11/2010 13:23:40 - Revo Uninstaller Pro's restore point - Malwarebytes' Anti-Malware
    RP65: 08/11/2010 13:24:46 - Revo Uninstaller Pro's restore point - Spyware Doctor 7.0

    ==== Installed Programs ======================

    3Connect
    7-Zip 4.57
    ACID Pro 7.0
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.3.4
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Alchemy
    Anvil Studio
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    Atmosphere
    Audacity 1.2.6
    avast! Internet Security
    AviSynth 2.5
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.4
    BBC iPlayer Desktop
    BIAS SoundSoap SE 2.2
    BlackBerry Desktop Software 5.0.1
    BlackBerry Desktop Software 6.0
    BlackBerry USB and Modem Drivers 5.0.1
    BlackBerry® Media Sync
    Bonjour
    CardRecovery
    CCleaner
    Connect
    ConvertXtoDVD 3.3.4.106e
    Crystal Reports Basic Runtime for Visual Studio 2008
    DebugMode PluginPac (remove only)
    DirectWave
    DX10
    Easy MP3 Cutter 2.9
    Edison
    EPSON Printer Software
    ERUNT 1.1j
    Facebook Plug-In
    FL Studio 9
    Free Studio version 4.9
    FreeStar Free AMR MP3 Converter 1.0.3
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Huawei modem
    IL Autogun
    IL Download Manager
    IL DrumSynth Live
    IL Gross Beat
    IL Juice Pack
    IL Vocodex
    Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 19
    K-Lite Codec Pack 5.6.1 (Basic)
    Karaoke CD+G Creator Pro
    kuler
    LAME v3.98.2 for Audacity
    LAN Setting Utility
    Magic ISO Maker v5.5 (build 0276)
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Maximus
    mCore
    mDriver
    MediaInfo 0.7.26
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mMHouse
    Morphine
    Mozilla Firefox (3.6.12)
    MP3Resizer 1.9.2
    mPfMgr
    mProSafe
    MSVCRT Redists
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    mWlsSafe
    mXML
    NewBlue 3D Explosions for Windows
    NewBlue 3D Transformations for Windows
    NewBlue Art Blends for Windows
    NewBlue Art Effects for Windows
    NewBlue Film Effects for Windows
    NewBlue Motion Blends for Windows
    NewBlue Motion Effects for Windows
    NewBlue Video Essentials for Windows
    NVIDIA Drivers
    OpenOffice.org 3.2
    OpenWith.org 1.0.3
    PDF Settings CS4
    PeerBlock 1.0+ (r320)
    Photoshop Camera Raw
    Picasa 3
    PixiePack Codec Pack
    PoiZone
    Power CD+G Burner
    QuickTime
    RegSupreme Pro
    Replay Music
    Revo Uninstaller Pro 2.4.1
    Sawer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Setting Utility Series
    Siglos Karaoke Player/Recorder
    SigmaTel Audio
    Skype web features
    Skype™ 4.1
    SmartSound Quicktracks Plugin
    Sony CD Architect 5.2
    Sony MP4 Shared Library
    Sony Utilities DLL
    Sony Video Shared Library
    Sound Forge Pro 10.0
    SpiceMASTER 2.5 PRO for Vegas
    Spybot - Search & Destroy
    Stellar Phoenix Windows Data Recovery V3.0
    Suite Shared Configuration CS4
    Syncrosoft's License Control
    SyncroSoft Emu (Remove only)
    T-RackS 3 Deluxe
    The Rosetta Stone
    Toxic Biohazard
    TrackItNow ERA Client
    Trojan Remover 6.8.2
    Tunebite
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Uninstall 1.0.0.1
    Uninstall Mystical
    Uninstall Startup Inspector
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    V Stuff Backup v1.6.2.18253
    VAIO Camera Utility
    VAIO Control Center
    VAIO Event Service
    VAIO Power Management
    VAIO Update 5
    Vegas Pro 10.0
    VLC media player 1.0.3
    Vuze
    Vuze Remote Toolbar
    WebFldrs XP
    Wi-Fi fastconnect
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    Wireless LAN Starter
    Wireless Switch Setting Utility
    Xiph QuickTime Components
    Xtranormal State
    Xtranormal State - Showpak-Playgoz-Preview
    Xtranormal State - SoundPack-Starter Kit
    Xtranormal State - Voicepack-English-UK-Daniel
    Xtranormal State - Voicepack-English-UK-Serena
    Xtranormal State - Voicepack-English-US-Samantha
    Xtranormal State - Voicepack-English-US-Tom

    ==== Event Viewer Messages From Past Week ========

    08/11/2010 13:35:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
    08/11/2010 13:27:34, error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s).
    08/11/2010 13:27:34, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    08/11/2010 13:27:33, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    08/11/2010 13:27:33, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    08/11/2010 13:27:33, error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).
    08/11/2010 13:27:32, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    08/11/2010 13:27:32, error: Service Control Manager [7034] - The BecHelperService service terminated unexpectedly. It has done this 1 time(s).
    08/11/2010 13:27:31, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    08/11/2010 13:27:31, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    07/11/2010 05:36:35, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
    07/11/2010 05:36:35, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
    07/11/2010 05:36:35, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
    07/11/2010 05:36:35, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
    07/11/2010 05:36:35, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
    07/11/2010 05:36:35, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
    07/11/2010 05:36:35, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
    07/11/2010 05:36:35, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    06/11/2010 19:48:27, error: Dhcp [1002] - The IP address lease 192.168.0.12 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    06/11/2010 18:04:36, error: BTHUSB [17] - The local Bluetooth radio has failed in an undetermined manner and will be unloaded.
    06/11/2010 14:08:36, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    06/11/2010 05:12:43, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Crypkey License service to connect.
    06/11/2010 05:12:43, error: Service Control Manager [7000] - The Crypkey License service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    06/11/2010 04:48:13, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    05/11/2010 11:55:11, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    05/11/2010 11:55:03, error: Dhcp [1002] - The IP address lease 192.168.1.15 for the Network Card with network address 0013A90F7A6D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    05/11/2010 11:20:33, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    05/11/2010 01:53:51, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    01/11/2010 14:41:38, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    01/11/2010 13:13:41, error: Service Control Manager [7000] - The TuneUpUtilitiesDrv service failed to start due to the following error: The parameter is incorrect.
    01/11/2010 13:12:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
    01/11/2010 13:12:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    01/11/2010 13:12:09, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    01/11/2010 13:11:00, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.10.2 (The DHCP Server sent a DHCPNACK message).
    01/11/2010 13:10:52, error: NetBT [4311] - Initialization failed because the driver device could not be created.
    01/11/2010 13:10:52, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    01/11/2010 13:10:52, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    01/11/2010 13:08:38, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    01/11/2010 01:16:17, error: Dhcp [1002] - The IP address lease 192.168.1.15 for the Network Card with network address 0013020D6FB9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================



    Cont..........
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'm glad you like the site. It's always helpful if we know what problem you're having. You do have a Rootkit and we can address that.There is also another log for DDS> it is the one name DDS.txt. You have only included the log named Attach.txt.
    =========================================
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    All content for this problem must be posted to this thread. I have deleted the other 2 threads you started.
     
  4. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Cool, thanks
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    All logs need to be posted to the same thread. You're online posting to 3 threads while I'm trying to stop you!

    Logs to be posted:

    GMER>> already here
    Malwarebytes> already here>
    DDS.txt>>missing
    Attach.txt (part of DDS)> already here
    TDSSKiller> program to be run and log posted here

    Do not repost the logs if they are here now!!! Do you understand?
     
  6. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Yeah, sorry. All sorted now. :)
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I have deleted your reply with the 4th post of the same log:

    NOTE: The DDS scan puts out two (2) logs. One is named Attach.txt> you continue to post this same log. The other log is different and is names DDS.txt. That is the additional log you need to post.

    And add logs for TDSSKiller when finished
     
  8. Anno

    Anno TS Rookie Topic Starter Posts: 20

    TDSS Killer Log

    2010/11/08 15:37:34.0584 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
    2010/11/08 15:37:34.0584 ================================================================================
    2010/11/08 15:37:34.0584 SystemInfo:
    2010/11/08 15:37:34.0584
    2010/11/08 15:37:34.0584 OS Version: 5.1.2600 ServicePack: 3.0
    2010/11/08 15:37:34.0584 Product type: Workstation
    2010/11/08 15:37:34.0584 ComputerName: ANNO
    2010/11/08 15:37:34.0584 UserName: NewUser
    2010/11/08 15:37:34.0584 Windows directory: C:\WINDOWS
    2010/11/08 15:37:34.0584 System windows directory: C:\WINDOWS
    2010/11/08 15:37:34.0584 Processor architecture: Intel x86
    2010/11/08 15:37:34.0584 Number of processors: 2
    2010/11/08 15:37:34.0584 Page size: 0x1000
    2010/11/08 15:37:34.0584 Boot type: Normal boot
    2010/11/08 15:37:34.0584 ================================================================================
    2010/11/08 15:37:35.0006 Initialize success
    2010/11/08 15:37:38.0881 ================================================================================
    2010/11/08 15:37:38.0881 Scan started
    2010/11/08 15:37:38.0881 Mode: Manual;
    2010/11/08 15:37:38.0881 ================================================================================
    2010/11/08 15:37:44.0990 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/11/08 15:37:45.0130 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/08 15:37:45.0162 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2010/11/08 15:37:45.0208 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
    2010/11/08 15:37:45.0255 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
    2010/11/08 15:37:45.0318 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/08 15:37:45.0365 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2010/11/08 15:37:45.0411 AFD (98aca741cdc997f92e887d1939e7ced8) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/08 15:37:45.0411 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 98aca741cdc997f92e887d1939e7ced8, Fake md5: 7e775010ef291da96ad17ca4b17137d7
    2010/11/08 15:37:45.0427 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/11/08 15:37:45.0552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/11/08 15:37:45.0693 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2010/11/08 15:37:45.0755 aswFW (50bb1e65de922ce96c61cd5fc23ce59e) C:\WINDOWS\system32\drivers\aswFW.sys
    2010/11/08 15:37:45.0802 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/11/08 15:37:45.0833 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
    2010/11/08 15:37:45.0849 aswNdis2 (bd5a889e5804d968301a414a0fda42b2) C:\WINDOWS\system32\drivers\aswNdis2.sys
    2010/11/08 15:37:45.0880 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/11/08 15:37:45.0927 aswSnx (9da5b209d9843ebfbb3fd6bb197b276f) C:\WINDOWS\system32\drivers\aswSnx.sys
    2010/11/08 15:37:45.0958 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/11/08 15:37:45.0974 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/11/08 15:37:46.0005 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/08 15:37:46.0036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/08 15:37:46.0083 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/08 15:37:46.0130 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/08 15:37:46.0193 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/08 15:37:46.0255 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    2010/11/08 15:37:46.0286 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    2010/11/08 15:37:46.0302 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    2010/11/08 15:37:46.0349 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    2010/11/08 15:37:46.0380 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    2010/11/08 15:37:46.0427 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/08 15:37:46.0490 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/08 15:37:46.0536 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/08 15:37:46.0583 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/08 15:37:46.0646 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
    2010/11/08 15:37:46.0724 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/11/08 15:37:46.0755 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/11/08 15:37:46.0849 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/08 15:37:46.0896 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
    2010/11/08 15:37:46.0911 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2010/11/08 15:37:46.0943 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2010/11/08 15:37:46.0974 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\WINDOWS\system32\DLA\DLADResM.SYS
    2010/11/08 15:37:46.0990 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2010/11/08 15:37:47.0005 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2010/11/08 15:37:47.0021 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2010/11/08 15:37:47.0068 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    2010/11/08 15:37:47.0083 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2010/11/08 15:37:47.0099 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2010/11/08 15:37:47.0161 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/08 15:37:47.0224 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
    2010/11/08 15:37:47.0255 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/08 15:37:47.0286 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/08 15:37:47.0349 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/08 15:37:47.0427 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/08 15:37:47.0474 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2010/11/08 15:37:47.0505 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2010/11/08 15:37:47.0568 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/11/08 15:37:47.0630 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/08 15:37:47.0693 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/11/08 15:37:47.0708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/08 15:37:47.0740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/11/08 15:37:47.0786 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/11/08 15:37:47.0818 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/08 15:37:47.0849 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/08 15:37:47.0880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/11/08 15:37:47.0911 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/08 15:37:47.0974 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/11/08 15:37:48.0021 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
    2010/11/08 15:37:48.0052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/08 15:37:48.0130 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/08 15:37:48.0193 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    2010/11/08 15:37:48.0271 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/08 15:37:48.0318 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/08 15:37:48.0396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/08 15:37:48.0427 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/11/08 15:37:48.0458 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/08 15:37:48.0489 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/08 15:37:48.0536 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/08 15:37:48.0568 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/08 15:37:48.0599 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/08 15:37:48.0646 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/08 15:37:48.0677 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/08 15:37:48.0708 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/11/08 15:37:48.0739 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/08 15:37:48.0771 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/08 15:37:48.0880 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    2010/11/08 15:37:48.0943 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
    2010/11/08 15:37:48.0989 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2010/11/08 15:37:49.0036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/08 15:37:49.0068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/08 15:37:49.0099 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/08 15:37:49.0130 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/11/08 15:37:49.0161 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/08 15:37:49.0208 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/08 15:37:49.0255 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/08 15:37:49.0302 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/08 15:37:49.0333 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/08 15:37:49.0349 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/08 15:37:49.0380 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/08 15:37:49.0427 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/08 15:37:49.0443 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/08 15:37:49.0489 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/08 15:37:49.0521 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/08 15:37:49.0552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/08 15:37:49.0583 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/08 15:37:49.0599 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/08 15:37:49.0630 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/08 15:37:49.0661 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/08 15:37:49.0724 NetworkX (97bfe3e4325ac71060227683da7b2f26) C:\WINDOWS\system32\ckldrv.sys
    2010/11/08 15:37:49.0771 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/11/08 15:37:49.0833 NPF (243126da7ba441d7c7c3262dcf435a9c) C:\WINDOWS\system32\drivers\npf.sys
    2010/11/08 15:37:49.0864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/08 15:37:49.0896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/08 15:37:49.0974 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/08 15:37:50.0099 nv (16ee81f89c97d15da2b0dadb594ffc62) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/11/08 15:37:50.0239 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/08 15:37:50.0271 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/08 15:37:50.0286 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/11/08 15:37:50.0318 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2010/11/08 15:37:50.0333 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/08 15:37:50.0380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/08 15:37:50.0396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/08 15:37:50.0443 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/08 15:37:50.0458 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2010/11/08 15:37:50.0505 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    2010/11/08 15:37:50.0677 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/08 15:37:50.0693 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/08 15:37:50.0724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/08 15:37:50.0802 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/11/08 15:37:50.0911 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/08 15:37:50.0942 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/08 15:37:50.0958 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/08 15:37:50.0974 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/08 15:37:51.0005 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/08 15:37:51.0036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/08 15:37:51.0052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/11/08 15:37:51.0083 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/08 15:37:51.0146 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/08 15:37:51.0192 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
    2010/11/08 15:37:51.0239 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    2010/11/08 15:37:51.0302 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2010/11/08 15:37:51.0333 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2010/11/08 15:37:51.0427 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2010/11/08 15:37:51.0521 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/08 15:37:51.0567 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2010/11/08 15:37:51.0614 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/08 15:37:51.0708 SNC (1a992c8136c015453e82041c35b299da) C:\WINDOWS\system32\DRIVERS\SonyNC.sys
    2010/11/08 15:37:51.0755 SndTDriverV32 (5aef86abf40ba275164cddc6238744ce) C:\WINDOWS\system32\drivers\SndTDriverV32.sys
    2010/11/08 15:37:51.0802 SonyImgF (b98be9c307a7f6695203a294276f9cd8) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
    2010/11/08 15:37:51.0896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/08 15:37:51.0989 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
    2010/11/08 15:37:51.0989 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
    2010/11/08 15:37:52.0005 sptd - detected Locked file (1)
    2010/11/08 15:37:52.0036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/08 15:37:52.0083 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/08 15:37:52.0161 STHDA (bbbc5bf9a5f1fb5d57e91b944d2e51a5) C:\WINDOWS\system32\drivers\sthda.sys
    2010/11/08 15:37:52.0239 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/08 15:37:52.0271 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/08 15:37:52.0755 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/08 15:37:52.0817 tbhsd (5d8c820e2d885c25ffc6bbc5d4fe073c) C:\WINDOWS\system32\drivers\tbhsd.sys
    2010/11/08 15:37:52.0864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/08 15:37:52.0896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/08 15:37:52.0942 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/08 15:37:52.0974 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/08 15:37:53.0083 ti21sony (403d3ed8b7f5e5a47e1e51fe5297c640) C:\WINDOWS\system32\drivers\ti21sony.sys
    2010/11/08 15:37:53.0224 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
    2010/11/08 15:37:53.0255 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/08 15:37:53.0317 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/08 15:37:53.0411 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/11/08 15:37:53.0458 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/08 15:37:53.0505 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/08 15:37:53.0536 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/08 15:37:53.0583 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/11/08 15:37:53.0630 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/11/08 15:37:53.0677 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/08 15:37:53.0724 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/08 15:37:53.0755 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/08 15:37:53.0817 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/08 15:37:53.0927 w39n51 (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    2010/11/08 15:37:53.0989 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/08 15:37:54.0036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/08 15:37:54.0130 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2010/11/08 15:37:54.0192 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/11/08 15:37:54.0224 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/11/08 15:37:54.0458 ================================================================================
    2010/11/08 15:37:54.0458 Scan finished
    2010/11/08 15:37:54.0458 ================================================================================
    2010/11/08 15:37:54.0474 Detected object count: 2
    2010/11/08 15:38:24.0660 AFD (98aca741cdc997f92e887d1939e7ced8) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/08 15:38:24.0660 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 98aca741cdc997f92e887d1939e7ced8, Fake md5: 7e775010ef291da96ad17ca4b17137d7
     
  9. Anno

    Anno TS Rookie Topic Starter Posts: 20

    DDS Log

    DDS (Ver_10-11-08.01) - NTFSx86
    Run by NewUser at 14:00:53.10 on 08/11/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.594 [GMT 0:00]

    AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\afwServ.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\3\3Connect\BecHelperService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\NewUser\Desktop\dds.scr
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\WINDOWS\system32\wuauclt.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.facebook.com/?ref=hp
    uWindow Title =
    mWindow Title =
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\newuser\locals~1\temp\ixp000.tmp\"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: Free YouTube Download - c:\documents and settings\newuser\application data\dvdvideosoftiehelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\newuser\application data\dvdvideosoftiehelpers\youtubetomp3.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\newuser\applic~1\mozilla\firefox\profiles\c47yvygt.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
    FF - component: c:\documents and settings\newuser\application data\mozilla\firefox\profiles\c47yvygt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\newuser\application data\mozilla\firefox\profiles\c47yvygt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\newuser\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-10-24 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-10-24 190416]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-10-24 99280]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-10-24 307280]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-24 164048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-24 19024]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-24 40384]
    R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-10-24 119200]
    R2 BecHelperService;BecHelperService;c:\program files\3\3connect\BecHelperService.exe [2010-6-17 1737464]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-12-2 33792]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-10-4 217472]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-5 135664]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;"c:\program files\common files\roxio shared\12.0\sharedcom\roxwatch12.exe" --> c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [?]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-11-25 20160]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-24 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-24 40384]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2010-10-27 42512]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-10-16 27064]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-11-30 28800]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-1-15 673136]
    S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-12-18 57344]
    S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\roxio creator 2009\digital home 11\roxioupnprenderer11.exe" --> c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [?]
    S4 RoxMediaDB12;RoxMediaDB12;"c:\program files\common files\roxio shared\12.0\sharedcom\roxmediadb12.exe" --> c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [?]

    =============== Created Last 30 ================

    2010-11-05 01:38:16 -------- d-----w- C:\Sony Loops & Sample Library - 13 Full Sample Packs
    2010-11-04 11:48:01 -------- d-----w- c:\program files\common files\Doblon
    2010-10-27 19:22:37 -------- d-----w- c:\program files\common files\FilePlaybackTerminal
    2010-10-27 15:16:51 -------- d-----w- c:\program files\common files\cdrdao
    2010-10-27 13:42:19 88704 ----a-w- c:\windows\system32\packet.dll
    2010-10-27 13:42:19 42512 ----a-w- c:\windows\system32\drivers\npf.sys
    2010-10-27 13:42:19 240240 ----a-w- c:\windows\system32\wpcap.dll
    2010-10-27 13:11:14 -------- d-----w- c:\program files\Doblon
    2010-10-27 13:10:46 -------- d-----w- c:\program files\common files\RCMFontPicker
    2010-10-26 11:18:54 -------- d-----w- c:\docume~1\newuser\applic~1\Malwarebytes
    2010-10-26 11:15:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-26 11:15:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-26 11:15:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-26 11:15:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-25 19:32:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-25 19:32:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-10-25 12:15:07 -------- d-----w- c:\program files\CardRecovery
    2010-10-24 19:32:26 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-10-24 19:32:25 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-10-24 19:31:44 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-10-24 19:29:23 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2010-10-23 14:52:28 -------- d-----w- c:\docume~1\newuser\applic~1\Doblon
    2010-10-23 14:35:33 -------- d-----w- c:\program files\Okdo Document Converter Professional
    2010-10-23 14:25:04 -------- d-----w- c:\program files\Browser Hijack Recover
    2010-10-23 13:05:10 -------- d-----w- c:\program files\Doblon(2)
    2010-10-22 12:12:04 -------- d-----w- c:\program files\Spybot - Search & Destroy(2)
    2010-10-22 12:12:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy(2)
    2010-10-21 17:22:41 -------- d-----w- c:\program files\Lame for Audacity
    2010-10-21 17:15:22 -------- d-----w- c:\program files\Audacity
    2010-10-20 11:57:52 -------- d-----w- c:\program files\Easy MP3 Cutter
    2010-10-20 11:46:37 -------- d-----w- c:\program files\MP3Resizer
    2010-10-18 18:06:57 -------- d-----w- C:\spoolerlogs
    2010-10-16 13:12:24 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-16 13:12:24 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-16 13:12:14 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-16 12:54:59 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-10-16 12:54:59 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-10-16 12:54:59 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-10-16 12:54:59 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-10-16 12:54:59 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-10-16 12:54:57 -------- d-----w- c:\program files\Trojan Remover
    2010-10-16 12:54:57 -------- d-----w- c:\docume~1\newuser\applic~1\Simply Super Software
    2010-10-16 12:54:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
    2010-10-16 12:34:43 -------- d-----w- c:\docume~1\newuser\locals~1\applic~1\VS Revo Group
    2010-10-16 12:34:28 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2010-10-16 12:34:25 -------- d-----w- c:\program files\VS Revo Group
    2010-10-16 10:05:18 102439 ----a-w- c:\windows\system32\sipr3260.dll
    2010-10-16 10:05:17 65602 ----a-w- c:\windows\system32\cook3260.dll
    2010-10-16 10:05:17 217127 ----a-w- c:\windows\system32\drv43260.dll
    2010-10-16 10:05:17 208935 ----a-w- c:\windows\system32\drv33260.dll
    2010-10-16 10:05:17 176165 ----a-w- c:\windows\system32\drv23260.dll
    2010-10-16 10:05:12 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-10-16 10:05:09 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2010-10-16 08:26:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-10-16 08:26:54 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-14 18:57:20 -------- d-----w- c:\docume~1\newuser\applic~1\DVDVideoSoft
    2010-10-14 18:29:04 -------- d-----w- c:\program files\BBC iPlayer Desktop
    2010-10-14 18:08:46 -------- d-----w- c:\docume~1\newuser\applic~1\4Media
    2010-10-13 14:24:13 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
    2010-10-13 14:24:13 21504 ----a-w- c:\windows\system32\hidserv.dll
    2010-10-13 12:52:33 306688 ----a-w- c:\windows\IsUninst.exe

    ==================== Find3M ====================

    2010-11-03 08:43:08 16 ----a-w- c:\windows\system32\msvcsv60.dll
    2010-10-16 10:05:29 87608 ----a-w- c:\docume~1\newuser\applic~1\inst.exe
    2010-10-16 10:05:29 47360 ----a-w- c:\docume~1\newuser\applic~1\pcouffin.sys
    2010-09-18 11:23:26 974848 ------w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ------w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ------w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD2500BEVT-00ZCT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\000000b6

    device: opened successfully
    user: MBR read successfully
    error: Read The device is not ready.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD2500BEVT-00ZCT0___________________11.01A11#5&aaba3cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8517FAEA
    user & kernel MBR OK

    Registry trace:
    called modules: ntkrnlpa.exe aswSnx.SYS hal.dll fltmgr.sys aswSP.SYS sphi.sys >>UNKNOWN [0x86F858B0]<<
    c:\windows\system32\drivers\aswSnx.SYS ALWIL Software avast! Antivirus System
    c:\windows\system32\drivers\aswSP.SYS ALWIL Software avast! Antivirus System
    sphi.sys
    _asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffff9635bd7; }

    ============= FINISH: 14:03:33.57 ===============
     
  10. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Sorry for being a muppet! I'm far better at making music than posting to forums! ;-)
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, now that I have you one one thread with all of the logs in the same place, how about taking a breath and tell me what problem you're having. Knowing this helps me help you.
     
     
  12. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Breathe......

    Ok, well my search engines are constantly redirected to other sites and the system slows down dramtically. I also get a 'Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.' message and this shuts down my sound-card and wireless connection, as well as changes the 'look' of my desktops fonts.
    I hope this is enough to enable you to assist me, and thanks in advance.

    A.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    All internet forums that offer free computer help want the logs from the scans and any comments for the same problem posted in the same thread. And all, or most, having a 'sticky' that explains this above the Virus and Malware forums. And all forums ask patience in giving us time to review the logs and make the decision on what the most appropriate.

    You have several point to be addressed and until they are, you will continue to have problems with the system. Please tell us if anything new happens or if something we ask you to do doesn't work. We can't just look at a bunch of logs and magically solve the problem.
    ==================================================
    If you cannot access the internet to download the following scans, please download the programs to a flash drive, then install and run on the problem computer.

    Please run the following in the order I am giving them:
    1. Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ========================================
    2. Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    ==================================
    3. Download bootkitremover.rar and save it to your desktop.
    • Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip
    • Double-click on the remover.exe file to run the program.
    • Paste the output in your next reply.
     
  14. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Next Logs

    ESET LOG

    C:\Documents and Settings\NewUser\My Documents\Downloads\Setup_LadbrokesCasino.exe Win32/PrimeCasino application
    C:\Program Files\Alwil Software\Avast5\ashBase.dll a variant of Win32/Packed.VMProtect.AAA trojan
    C:\Program Files\Common Files\FilePlaybackTerminal\FilePlaybackTerminal.dll a variant of Win32/Sefnit.AD trojan
    C:\Program Files\Common Files\RCMFontPicker\RCMFontPicker.dll a variant of Win32/Sefnit.AD trojan
    C:\Program Files\Image-Line\FL Studio 9\FL.exe Win32/BadJoke.F trojan
    C:\WINDOWS\system32\drivers\afd.sys Win32/Olmarik.ZC trojan
    Operating memory a variant of Win32/Packed.VMProtect.AAA trojan



    Combofix

    ComboFix 10-11-07.A2 - NewUser 08/11/2010 22:13:00.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.512 [GMT 0:00]
    Running from: c:\documents and settings\NewUser\Desktop\ComboFix.exe
    AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ADS - WINDOWS: deleted 0 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\NewUser\LOCALS~1\Temp\swtlib-32\swt-gdip-win32-3650.dll
    c:\docume~1\NewUser\LOCALS~1\Temp\swtlib-32\swt-win32-3650.dll
    c:\documents and settings\NewUser\Application Data\inst.exe
    c:\documents and settings\NewUser\Local Settings\Temp\swtlib-32\swt-gdip-win32-3650.dll
    c:\documents and settings\NewUser\Local Settings\Temp\swtlib-32\swt-win32-3650.dll
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\msvcsv60.dll
    c:\windows\system32\Packet.dll
    c:\windows\system32\system
    c:\windows\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-10-08 to 2010-11-08 )))))))))))))))))))))))))))))))
    .

    2010-11-08 19:11 . 2010-11-08 19:11 -------- d-----w- c:\program files\ESET
    2010-11-08 15:38 . 2010-11-08 15:38 78040 ----a-w- c:\windows\system32\drivers\klmdb.sys
    2010-11-08 15:38 . 2010-11-08 15:38 138496 ----a-w- c:\windows\system32\drivers\tsk2E.tmp
    2010-11-05 01:38 . 2010-11-05 15:37 -------- d-----w- C:\Sony Loops & Sample Library - 13 Full Sample Packs
    2010-11-04 11:48 . 2010-11-04 11:48 -------- d-----w- c:\program files\Common Files\Doblon
    2010-10-27 19:22 . 2010-10-27 19:22 -------- d-----w- c:\program files\Common Files\FilePlaybackTerminal
    2010-10-27 15:16 . 2010-11-02 18:00 -------- d-----w- c:\program files\Common Files\cdrdao
    2010-10-27 13:11 . 2010-11-04 11:48 -------- d-----w- c:\program files\Doblon
    2010-10-27 13:10 . 2010-10-27 13:10 -------- d-----w- c:\program files\Common Files\RCMFontPicker
    2010-10-26 11:18 . 2010-10-26 11:18 -------- d-----w- c:\documents and settings\NewUser\Application Data\Malwarebytes
    2010-10-26 11:15 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-26 11:15 . 2010-10-26 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-26 11:15 . 2010-10-26 11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-26 11:15 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-26 11:12 . 2010-10-26 11:12 -------- d-----w- c:\program files\ERUNT
    2010-10-26 08:59 . 2010-10-26 08:59 -------- d-----w- c:\documents and settings\Administrator
    2010-10-25 19:32 . 2010-10-26 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-10-25 19:32 . 2010-10-25 19:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-25 12:15 . 2010-10-25 12:15 -------- d-----w- c:\program files\CardRecovery
    2010-10-24 19:32 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-24 19:32 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-24 19:32 . 2010-05-06 20:41 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-10-24 19:32 . 2010-05-06 20:41 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-10-24 19:31 . 2010-05-06 20:40 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-10-24 19:31 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-24 19:31 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-24 19:31 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-24 19:31 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-24 19:31 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-24 19:29 . 2010-03-19 19:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2010-10-24 19:29 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-10-24 19:29 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-23 14:52 . 2010-10-23 14:52 -------- d-----w- c:\documents and settings\NewUser\Application Data\Doblon
    2010-10-23 14:35 . 2010-10-23 15:43 -------- d-----w- c:\program files\Okdo Document Converter Professional
    2010-10-23 14:25 . 2010-10-23 15:43 -------- d-----w- c:\program files\Browser Hijack Recover
    2010-10-21 17:22 . 2010-10-21 17:22 -------- d-----w- c:\program files\Lame for Audacity
    2010-10-21 17:15 . 2010-10-21 17:38 -------- d-----w- c:\program files\Audacity
    2010-10-20 11:57 . 2010-10-20 11:58 -------- d-----w- c:\program files\Easy MP3 Cutter
    2010-10-20 11:46 . 2010-10-20 11:46 -------- d-----w- c:\program files\MP3Resizer
    2010-10-18 18:06 . 2010-10-18 18:06 -------- d-----w- C:\spoolerlogs
    2010-10-18 13:16 . 2010-11-08 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-10-16 13:12 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-16 13:12 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-16 13:12 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-16 12:54 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-10-16 12:54 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-10-16 12:54 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-10-16 12:54 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-10-16 12:54 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-10-16 12:54 . 2010-10-18 11:45 -------- d-----w- c:\program files\Trojan Remover
    2010-10-16 12:54 . 2010-10-16 12:54 -------- d-----w- c:\documents and settings\NewUser\Application Data\Simply Super Software
    2010-10-16 12:54 . 2010-10-16 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2010-10-16 12:34 . 2010-10-16 12:34 -------- d-----w- c:\documents and settings\NewUser\Local Settings\Application Data\VS Revo Group
    2010-10-16 12:34 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2010-10-16 12:34 . 2010-10-16 12:34 -------- d-----w- c:\program files\VS Revo Group
    2010-10-16 10:05 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
    2010-10-16 10:05 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
    2010-10-16 10:05 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
    2010-10-16 10:05 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
    2010-10-16 10:05 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
    2010-10-16 10:05 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-10-16 10:05 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2010-10-16 08:26 . 2010-10-16 08:26 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-14 18:57 . 2010-10-16 09:10 -------- d-----w- c:\documents and settings\NewUser\Application Data\DVDVideoSoft
    2010-10-14 18:29 . 2010-10-14 18:29 -------- d-----w- c:\program files\BBC iPlayer Desktop
    2010-10-14 18:08 . 2010-10-14 18:08 -------- d-----w- c:\documents and settings\NewUser\Application Data\4Media
    2010-10-13 14:24 . 2008-04-14 04:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
    2010-10-13 14:24 . 2008-04-14 04:41 21504 ----a-w- c:\windows\system32\hidserv.dll
    2010-10-13 12:52 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-16 10:05 . 2009-12-09 16:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-10-16 10:05 . 2009-12-09 16:58 47360 ----a-w- c:\documents and settings\NewUser\Application Data\pcouffin.sys
    2010-09-18 11:23 . 2004-08-10 12:00 974848 ------w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-10 12:00 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-10 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-14 14:45 . 2010-09-14 14:45 69632 ----a-r- c:\documents and settings\NewUser\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
    2010-09-14 14:45 . 2010-09-14 14:45 413696 ----a-r- c:\documents and settings\NewUser\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
    2010-09-14 14:45 . 2010-09-14 14:45 413696 ----a-r- c:\documents and settings\NewUser\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
    2010-09-14 14:45 . 2010-09-14 14:45 413696 ----a-r- c:\documents and settings\NewUser\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
    2010-09-10 05:58 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51 . 2004-08-10 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-10 12:00 1852800 ------w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-10 12:00 99840 ------w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-10 12:00 357248 ------w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-11-26 03:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2004-08-10 12:00 617472 ------w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-10 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-09-10 2735200]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2010-09-10 2735200]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
    @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
    [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
    2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-26 7335936]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "wextract_cleanup0"="c:\windows\system32\advpack.dll" [2009-03-08 128512]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    c:\documents and settings\Anno Creative\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2005-05-20 17:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
    2010-03-09 09:58 1738352 ----a-w- c:\program files\PeerBlock\peerblock.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=c:\windows\system32\ctfmon.exe
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ISBMgr.exe"=c:\program files\Sony\ISB Utility\ISBMgr.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe"
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "VAIO Update 5"="c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe" /Stationary
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    "ehTray"=c:\windows\ehome\ehtray.exe
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\winver.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [24/10/2010 19:29 12112]
    R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [24/10/2010 19:31 190416]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/12/2009 21:47 721904]
    R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [24/10/2010 19:32 99280]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24/10/2010 19:32 307280]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/10/2010 19:32 164048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/10/2010 19:32 19024]
    R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [24/10/2010 19:29 119200]
    R2 BecHelperService;BecHelperService;c:\program files\3\3Connect\BecHelperService.exe [17/06/2010 10:59 1737464]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15:05 1021256]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [02/12/2009 20:17 33792]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [04/10/2005 15:59 217472]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/12/2009 18:46 135664]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;"c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" --> c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [?]
    S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [25/11/2009 17:54 20160]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [16/10/2010 12:34 27064]
    S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [30/11/2005 16:12 28800]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [15/01/2010 19:12 673136]
    S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [18/12/2009 09:58 57344]
    S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
    S4 RoxMediaDB12;RoxMediaDB12;"c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" --> c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [?]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

    2010-11-08 c:\windows\Tasks\Automatic troubleshooting.job
    - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 15:12]

    2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 18:46]

    2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 18:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.facebook.com/?ref=hp
    mWindow Title =
    IE: Free YouTube Download - c:\documents and settings\NewUser\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\NewUser\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    FF - ProfilePath - c:\documents and settings\NewUser\Application Data\Mozilla\Firefox\Profiles\c47yvygt.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
    FF - component: c:\documents and settings\NewUser\Application Data\Mozilla\Firefox\Profiles\c47yvygt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\NewUser\Application Data\Mozilla\Firefox\Profiles\c47yvygt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\documents and settings\NewUser\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Notify-cbXQkihI - (no file)
    SafeBoot-klmdb.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-08 22:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
    "ImagePath"="system32\drivers\tsk2E.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-854245398-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iaggmepognjiibbbih"=hex:6b,61,6b,6a,68,6d,69,6b,6f,6d,6f,6a,66,6e,6b,69,62,6c,
    6b,6e,70,6f,00,00
    "haabcgbncnalgije"=hex:6b,61,6b,6a,68,6d,69,6b,6f,6d,6f,6a,66,6e,6b,69,62,6c,
    6b,6e,70,6f,00,00
    "gajhhnhlppelni"=hex:61,63,6a,6a,68,6c,62,69,70,63,64,6f,67,6a,70,6b,68,63,64,
    62,66,68,62,6b,64,6f,6b,6a,65,70,65,67,6b,65,64,68,66,6a,6a,67,68,6d,6e,70,\

    [HKEY_USERS\S-1-5-21-854245398-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "oadfahacemhlmcnegegkmkkkalijfm"=hex:64,61,6f,6c,66,6d,70,6a,00,85
    "oapeafgaomcgkappdfgelakiekblej"=hex:6a,61,62,6d,61,6b,62,70,6d,63,6d,64,6e,68,
    6b,62,69,63,61,68,00,02
    "najecgpjbofmjndogamchhnklnfb"=hex:6a,61,62,6d,61,6b,62,70,6d,63,6d,64,6e,68,
    6b,62,69,63,61,68,00,02
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1868)
    c:\windows\system32\VESWinlogon.dll

    - - - - - - - > 'explorer.exe'(3428)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\crypserv.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-08 22:49:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-08 22:49

    Pre-Run: 7,654,760,448 bytes free
    Post-Run: 7,582,969,856 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 0AE6D3FD78BB9C6B6DDA71B69616E126




    Cont......
     
  15. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Final Log pt1

    Bootkit

    .\debug.cpp(238) : Debug log started at 08.11.2010 - 22:55:48
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.0
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
    .\debug.cpp(256) : 0xf7a9d000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
    .\debug.cpp(256) : 0xf79ad000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0xf739b000 0x00101000 "spka.sys"
    .\debug.cpp(256) : 0xf7a9f000 0x00002000 "\WINDOWS\System32\Drivers\WMILIB.SYS"
    .\debug.cpp(256) : 0xf7383000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS"
    .\debug.cpp(256) : 0xf7355000 0x0002e000 "ACPI.sys"
    .\debug.cpp(256) : 0xf7344000 0x00011000 "pci.sys"
    .\debug.cpp(256) : 0xf759d000 0x00010000 "ohci1394.sys"
    .\debug.cpp(256) : 0xf75ad000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
    .\debug.cpp(256) : 0xf75bd000 0x0000a000 "isapnp.sys"
    .\debug.cpp(256) : 0xf79b1000 0x00003000 "compbatt.sys"
    .\debug.cpp(256) : 0xf79b5000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
    .\debug.cpp(256) : 0xf7b65000 0x00001000 "pciide.sys"
    .\debug.cpp(256) : 0xf781d000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
    .\debug.cpp(256) : 0xf7326000 0x0001e000 "pcmcia.sys"
    .\debug.cpp(256) : 0xf75cd000 0x0000b000 "MountMgr.sys"
    .\debug.cpp(256) : 0xf7307000 0x0001f000 "ftdisk.sys"
    .\debug.cpp(256) : 0xf79b9000 0x00003000 "ACPIEC.sys"
    .\debug.cpp(256) : 0xf7b66000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
    .\debug.cpp(256) : 0xf7825000 0x00005000 "PartMgr.sys"
    .\debug.cpp(256) : 0xf75dd000 0x0000d000 "VolSnap.sys"
    .\debug.cpp(256) : 0xf72ef000 0x00018000 "atapi.sys"
    .\debug.cpp(256) : 0xf75ed000 0x00009000 "disk.sys"
    .\debug.cpp(256) : 0xf75fd000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
    .\debug.cpp(256) : 0xf72cf000 0x00020000 "fltmgr.sys"
    .\debug.cpp(256) : 0xf72bd000 0x00012000 "sr.sys"
    .\debug.cpp(256) : 0xf72a7000 0x00016000 "DRVMCDB.SYS"
    .\debug.cpp(256) : 0xf760d000 0x0000a000 "PxHelp20.sys"
    .\debug.cpp(256) : 0xf7290000 0x00017000 "KSecDD.sys"
    .\debug.cpp(256) : 0xf7203000 0x0008d000 "Ntfs.sys"
    .\debug.cpp(256) : 0xf71d6000 0x0002d000 "NDIS.sys"
    .\debug.cpp(256) : 0xf71a9000 0x0002d000 "aswNdis2.sys"
    .\debug.cpp(256) : 0xf7aa1000 0x00002000 "aswNdis.sys"
    .\debug.cpp(256) : 0xf718f000 0x0001a000 "Mup.sys"
    .\debug.cpp(256) : 0xf767d000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
    .\debug.cpp(256) : 0xf6da8000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
    .\debug.cpp(256) : 0xf6819000 0x00370000 "\SystemRoot\system32\DRIVERS\nv4_mini.sys"
    .\debug.cpp(256) : 0xf6805000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0xf67dd000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
    .\debug.cpp(256) : 0xf6680000 0x0015d000 "\SystemRoot\system32\DRIVERS\w39n51.sys"
    .\debug.cpp(256) : 0xf794d000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
    .\debug.cpp(256) : 0xf665c000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0xf7955000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0xf768d000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
    .\debug.cpp(256) : 0xf6626000 0x00036000 "\SystemRoot\system32\drivers\ti21sony.sys"
    .\debug.cpp(256) : 0xf65fe000 0x00028000 "\SystemRoot\system32\DRIVERS\e100b325.sys"
    .\debug.cpp(256) : 0xf795d000 0x00005000 "\SystemRoot\system32\DRIVERS\SonyNC.sys"
    .\debug.cpp(256) : 0xf769d000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0xf7965000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0xf796d000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0xf76ad000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
    .\debug.cpp(256) : 0xf7af1000 0x00002000 "\SystemRoot\System32\Drivers\DLACDBHM.SYS"
    .\debug.cpp(256) : 0xf76bd000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0xf76cd000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
    .\debug.cpp(256) : 0xf65db000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0xf7975000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
    .\debug.cpp(256) : 0xf797d000 0x00005000 "\SystemRoot\system32\drivers\tbhsd.sys"
    .\debug.cpp(256) : 0xf65b7000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0xf76dd000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0xf7c4c000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
    .\debug.cpp(256) : 0xf7af3000 0x00002000 "\SystemRoot\System32\Drivers\RootMdm.sys"
    .\debug.cpp(256) : 0xf7985000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
    .\debug.cpp(256) : 0xf76ed000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0xf6d90000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0xf65a0000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0xf76fd000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0xf770d000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0xf798d000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0xf658f000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
    .\debug.cpp(256) : 0xf771d000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
    .\debug.cpp(256) : 0xf7995000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
    .\debug.cpp(256) : 0xf799d000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
    .\debug.cpp(256) : 0xf772d000 0x0000c000 "\SystemRoot\System32\Drivers\pcouffin.sys"
    .\debug.cpp(256) : 0xf79a5000 0x00007000 "\SystemRoot\system32\DRIVERS\RimSerial.sys"
    .\debug.cpp(256) : 0xf655f000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
    .\debug.cpp(256) : 0xf773d000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0xf6542000 0x0001d000 "\SystemRoot\system32\DRIVERS\mcdbus.sys"
    .\debug.cpp(256) : 0xf7af5000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0xf64e4000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
    .\debug.cpp(256) : 0xf7a79000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0xf774d000 0x0000e000 "\SystemRoot\system32\DRIVERS\cledx.sys"
    .\debug.cpp(256) : 0xf775d000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0xf43be000 0x000fe000 "\SystemRoot\system32\drivers\sthda.sys"
    .\debug.cpp(256) : 0xf779d000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0xf7b09000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0xf7b0b000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0xf7cab000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0xf7b0d000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0xf7875000 0x00006000 "\SystemRoot\System32\Drivers\DLARTL_M.SYS"
    .\debug.cpp(256) : 0xf787d000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0xf7885000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0xf7b0f000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
    .\debug.cpp(256) : 0xf7b11000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0xf788d000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0xf7895000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0xf712e000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
    .\debug.cpp(256) : 0xf4363000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
    .\debug.cpp(256) : 0xf430a000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
    .\debug.cpp(256) : 0xf42f3000 0x00017000 "\SystemRoot\System32\Drivers\aswFW.SYS"
    .\debug.cpp(256) : 0xf42cd000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
    .\debug.cpp(256) : 0xf77bd000 0x0000a000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
    .\debug.cpp(256) : 0xf42a5000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0xf77cd000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0xf4283000 0x00022000 "\SystemRoot\system32\drivers\tsk2E.tmp"
    .\debug.cpp(256) : 0xf77dd000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
    .\debug.cpp(256) : 0xf77ed000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0xf4258000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0xf789d000 0x00005000 "\SystemRoot\system32\ckldrv.sys"
    .\debug.cpp(256) : 0xf41c0000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0xf77fd000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
    .\debug.cpp(256) : 0xf7c83000 0x00001000 "\SystemRoot\system32\DRIVERS\DMICall.sys"
    .\debug.cpp(256) : 0xf40f9000 0x00027000 "\SystemRoot\System32\Drivers\aswSP.SYS"
    .\debug.cpp(256) : 0xf40a9000 0x00050000 "\SystemRoot\System32\Drivers\aswSnx.SYS"
    .\debug.cpp(256) : 0xf78ad000 0x00006000 "\SystemRoot\System32\Drivers\Aavmker4.SYS"
    .\debug.cpp(256) : 0xf762d000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
    .\debug.cpp(256) : 0xf4069000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
    .\debug.cpp(256) : 0xf7b29000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
    .\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0xf43a6000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0xf78d5000 0x00005000 "\SystemRoot\System32\watchdog.sys"
    .\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
    .\debug.cpp(256) : 0xf7c9d000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
    .\debug.cpp(256) : 0xbf012000 0x003c4000 "\SystemRoot\System32\nv4_disp.dll"
    .\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0xf7a59000 0x00003000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
    .\debug.cpp(256) : 0xf777d000 0x0000b000 "\SystemRoot\System32\Drivers\DRVNDDM.SYS"
    .\debug.cpp(256) : 0xf7bfd000 0x00001000 "\SystemRoot\System32\DLA\DLADResM.SYS"
    .\debug.cpp(256) : 0xba4a8000 0x00018000 "\SystemRoot\System32\DLA\DLAIFS_M.SYS"
    .\debug.cpp(256) : 0xf78ed000 0x00005000 "\SystemRoot\System32\DLA\DLAOPIOM.SYS"
    .\debug.cpp(256) : 0xf7ab5000 0x00002000 "\SystemRoot\System32\DLA\DLAPoolM.SYS"
    .\debug.cpp(256) : 0xf78f5000 0x00007000 "\SystemRoot\System32\DLA\DLABMFSM.SYS"
    .\debug.cpp(256) : 0xf78fd000 0x00007000 "\SystemRoot\System32\DLA\DLABOIOM.SYS"
    .\debug.cpp(256) : 0xba442000 0x00016000 "\SystemRoot\System32\DLA\DLAUDFAM.SYS"
    .\debug.cpp(256) : 0xba42b000 0x00017000 "\SystemRoot\System32\DLA\DLAUDF_M.SYS"
    .\debug.cpp(256) : 0xf7915000 0x00005000 "\SystemRoot\system32\DRIVERS\AegisP.sys"
    .\debug.cpp(256) : 0xba3c7000 0x00014000 "\??\C:\WINDOWS\system32\drivers\mdvrmng.sys"
    .\debug.cpp(256) : 0xba4e8000 0x00004000 "\SystemRoot\system32\DRIVERS\s24trans.sys"
    .\debug.cpp(256) : 0xba4c4000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0xb99a8000 0x00017000 "\SystemRoot\System32\Drivers\aswMon2.SYS"
    .\debug.cpp(256) : 0xb8f13000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
    .\debug.cpp(256) : 0xb97a0000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
    .\debug.cpp(256) : 0xb8cab000 0x00011000 "\SystemRoot\System32\Drivers\adfs.SYS"
    .\debug.cpp(256) : 0xb8b02000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
    .\debug.cpp(256) : 0xb8a5a000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0xf783d000 0x00007000 "\??\C:\DOCUME~1\NewUser\LOCALS~1\Temp\mbr.sys"
    .\debug.cpp(256) : 0xf7cdd000 0x00001000 "\??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys"
    .\debug.cpp(256) : 0xba468000 0x00005000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
    .\debug.cpp(256) : 0xb8197000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
    .\debug.cpp(256) : 0xf78a5000 0x00008000 "\??\C:\ComboFix\catchme.sys"
    .\debug.cpp(256) : 0xf7aad000 0x00002000 "\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS"
    .\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\mcdbus"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0007#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0005#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswFw"
    .\debug.cpp(400) : Destination "\Device\aswFw"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&23b8c14a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{953ad796-1f97-4aac-b0c3-24ea46dfc091}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TBHSDControl9"
    .\debug.cpp(400) : Destination "\Device\TBHSDControl9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ00#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000062"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0007#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
    .\debug.cpp(400) : Destination "\Device\aswSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{953ad796-1f97-4aac-b0c3-24ea46dfc091}"
    .\debug.cpp(400) : Destination "\Device\0000004f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000067"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
    .\debug.cpp(400) : Destination "\Device\Ip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Pot2"
    .\debug.cpp(400) : Destination "\Device\aswSP_Pot2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\000000af"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ01#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000063"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
    .\debug.cpp(400) : Destination "\Device\IPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0008#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ckldrv"
    .\debug.cpp(400) : Destination "\Device\ckldrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6A918469-C2B7-4BD0-BABB-FD1E9ED7202B}"
    .\debug.cpp(400) : Destination "\Device\{6A918469-C2B7-4BD0-BABB-FD1E9ED7202B}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000066"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5af323f7-ec4a-11de-8801-001bdc02772c}"
    .\debug.cpp(400) : Destination "\Device\CdRom4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureEC1DEC1DOffset7E00Length1869E51A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
    .\debug.cpp(400) : Destination "\Device\NDProxy"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWMON"
    .\debug.cpp(400) : Destination "\Device\aswMon"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DMICALL"
    .\debug.cpp(400) : Destination "\Device\DMICall"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1a0dffdf&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_81EF104D&REV_02#3&b1bfb68&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#1fac83b8004603#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000082"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0005#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9EE4B7CA-EC73-4963-BEB5-6F60B41704D3}"
    .\debug.cpp(400) : Destination "\Device\{9EE4B7CA-EC73-4963-BEB5-6F60B41704D3}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MODEM#0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
    .\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TBHSDControl"
    .\debug.cpp(400) : Destination "\Device\TBHSDControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8cc12cc3-d9e2-11de-ba2f-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0002#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\000000b1"
    .\debug.cpp(409) : --



    cont................
     
  16. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Final Log pt2

    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW__DVR-K16M________________1.10____#5&1fd6619f&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswRoot"
    .\debug.cpp(400) : Destination "\Device\aswRoot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\000000af"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW__DVR-K16M________________1.10____#5&1fd6619f&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&38462492&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000008d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0003#{d50f1fe3-64e1-4ce7-aac3-410dc6b98b2d}"
    .\debug.cpp(400) : Destination "\Device\0000005d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{95EB8303-22CC-434F-811D-3BF0BA434AF7}"
    .\debug.cpp(400) : Destination "\Device\{95EB8303-22CC-434F-811D-3BF0BA434AF7}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{e443fbf8-dabb-11de-9f23-0040f4b4d95c}"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\s24trans_{77A2D2CE-73FD-49C5-8472-2B0CE43EB2F2}"
    .\debug.cpp(400) : Destination "\Device\s24trans_{77A2D2CE-73FD-49C5-8472-2B0CE43EB2F2}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_81EF104D&REV_02#3&b1bfb68&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D29F29E7-E300-437D-882A-14E65E98F83B}"
    .\debug.cpp(400) : Destination "\Device\{D29F29E7-E300-437D-882A-14E65E98F83B}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\000000b0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#6&252876a6&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSnx"
    .\debug.cpp(400) : Destination "\Device\aswSnx"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bf378ee0-ea3d-11de-9f49-001bdc02772c}"
    .\debug.cpp(400) : Destination "\Device\CdRom2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW__DVR-K16M________________1.10____#5&1fd6619f&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
    .\debug.cpp(400) : Destination "\Device\CdRom1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
    .\debug.cpp(400) : Destination "\Device\PSched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0008#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
    .\debug.cpp(400) : Destination "\Device\IPNAT"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0004#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
    .\debug.cpp(400) : Destination "\Device\ASWTDI"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS_{77A2D2CE-73FD-49C5-8472-2B0CE43EB2F2}"
    .\debug.cpp(400) : Destination "\Device\s24trans_{77A2D2CE-73FD-49C5-8472-2B0CE43EB2F2}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP_{77A2D2CE-73FD-49C5-8472-2B0CE43EB2F2}"
    .\debug.cpp(400) : Destination "\Device\AegisP_{77A2D2CE-73FD-49C5-8472-2B0CE43EB2F2}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803A&SUBSYS_81EF104D&REV_00#4&6b16d5b&0&19F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0008#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0006#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7661&SUBSYS_104D0C00&REV_1042#4&b1e7652&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\000000b3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination "\Device\VideoPdo0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E94B206B-7B50-493E-BF32-535D063C9FEA}"
    .\debug.cpp(400) : Destination "\Device\{E94B206B-7B50-493E-BF32-535D063C9FEA}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM7"
    .\debug.cpp(400) : Destination "\??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d3f71e48-fd4f-11de-a16f-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureEC1DEC1DOffset1869E61600Length21CEA4EC00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
    .\debug.cpp(400) : Destination "\Device\CdRom2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
    .\debug.cpp(400) : Destination "\Device\sysaudio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&296c3174&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM8"
    .\debug.cpp(400) : Destination "\??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FlashMedia#MemoryStickDevice0#5&3da5cbf&0&002#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\000000b8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{77A2D2CE-73FD-49C5-8472-2B0CE43EB2F2}"
    .\debug.cpp(400) : Destination "\Device\{77A2D2CE-73FD-49C5-8472-2B0CE43EB2F2}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
    .\debug.cpp(400) : Destination "\Device\CdRom1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000037"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24TRANS_S24TRANS.SYS"
    .\debug.cpp(400) : Destination "\Device\S24Trans.sys"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MipIrpFlt"
    .\debug.cpp(400) : Destination "\Device\MipIrpFlt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2"
    .\debug.cpp(400) : Destination "\Device\CdRom2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
    .\debug.cpp(400) : Destination "\Device\CdRom3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvnddm"
    .\debug.cpp(400) : Destination "\Device\drvnddm"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7661&SUBSYS_104D0C00&REV_1042#4&b1e7652&0&0001#{f6c58c1f-7d44-4dd1-b240-dee24d44fd91}"
    .\debug.cpp(400) : Destination "\Device\000000b3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom3"
    .\debug.cpp(400) : Destination "\Device\CdRom3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Pcmcia0"
    .\debug.cpp(400) : Destination "\Device\Pcmcia0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5af323f6-ec4a-11de-8801-001bdc02772c}"
    .\debug.cpp(400) : Destination "\Device\CdRom3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom4"
    .\debug.cpp(400) : Destination "\Device\CdRom4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0006#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0006#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7661&SUBSYS_104D0C00&REV_1042#4&b1e7652&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\000000b3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_81EF104D&REV_02#3&b1bfb68&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{46CF80B4-E449-4DF1-8201-D3592F3F7E29}"
    .\debug.cpp(400) : Destination "\Device\{46CF80B4-E449-4DF1-8201-D3592F3F7E29}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7661&SUBSYS_104D0C00&REV_1042#4&b1e7652&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
    .\debug.cpp(400) : Destination "\Device\000000b3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F2BDEB0E-3428-4727-96FD-62E966AA0866}"
    .\debug.cpp(400) : Destination "\Device\{F2BDEB0E-3428-4727-96FD-62E966AA0866}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
    .\debug.cpp(400) : Destination "\Device\00000065"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7661&SUBSYS_104D0C00&REV_1042#4&b1e7652&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\000000b3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
    .\debug.cpp(400) : Destination "\Device\ARP1394"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_1092&SUBSYS_81EF104D&REV_02#4&6b16d5b&0&40F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\patincouffin0"
    .\debug.cpp(400) : Destination "\Device\Patin couffin device0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#6&252876a6&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\catchme"
    .\debug.cpp(400) : Destination "\Device\catchme"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
    .\debug.cpp(400) : Destination "\Device\CdRom4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000037"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0002#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000038"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000037"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_81EF104D&REV_02#3&b1bfb68&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B3076D53-CCF6-414C-B093-D23D4C3BD384}"
    .\debug.cpp(400) : Destination "\Device\{B3076D53-CCF6-414C-B093-D23D4C3BD384}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7661&SUBSYS_104D0C00&REV_1042#4&b1e7652&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
    .\debug.cpp(400) : Destination "\Device\000000b3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803B&SUBSYS_81EF104D&REV_00#4&6b16d5b&0&1AF0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0003#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\000000b2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SNY5001#4&38462492&0#{f304eb09-5c5f-11d2-b53f-0800460198ac}"
    .\debug.cpp(400) : Destination "\Device\0000008c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0007#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AAVMKER4"
    .\debug.cpp(400) : Destination "\Device\AavmKer4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_01D8&SUBSYS_81EF104D&REV_A1#4&31b7bfb9&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000060"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
    .\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0005#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1AC97ACE-3316-45AD-9066-49897394EE5C}"
    .\debug.cpp(400) : Destination "\Device\{1AC97ACE-3316-45AD-9066-49897394EE5C}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A0EF027A-C8CB-489E-AC7E-88008B2425CB}"
    .\debug.cpp(400) : Destination "\Device\{A0EF027A-C8CB-489E-AC7E-88008B2425CB}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\mcdbus"
    .\debug.cpp(400) : Destination "\Device\mcdbus"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
    .\debug.cpp(400) : Destination "\Device\USNTracker"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD2500BEVT-00ZCT0___________________11.01A11#5&aaba3cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0007#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0000#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0001#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\000000b0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NdisWanIp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
    .\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AegisP"
    .\debug.cpp(400) : Destination "\Device\AegisP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&209f9437&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0AA465F-830F-4DDA-ABE2-3A8843A39CD4}"
    .\debug.cpp(400) : Destination "\Device\{C0AA465F-830F-4DDA-ABE2-3A8843A39CD4}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bf378edd-ea3d-11de-9f49-001bdc02772c}"
    .\debug.cpp(400) : Destination "\Device\CdRom1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ADVirtualDiskDevice"
    .\debug.cpp(400) : Destination "\Device\ADVirtualDisk\Control"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
    .\debug.cpp(400) : Destination "\Device\1394BUS0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7661&SUBSYS_104D0C00&REV_1042#4&b1e7652&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\000000b3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0003#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1b05e4fd&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9068F7C6-FBA2-40DC-8058-4931B2299DED}"
    .\debug.cpp(400) : Destination "\Device\{9068F7C6-FBA2-40DC-8058-4931B2299DED}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
    .\debug.cpp(400) : Destination "\Device\0000004f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000048"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
    .\debug.cpp(400) : Destination "\Device\ParTechInc0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
    .\debug.cpp(400) : Destination "\Device\NdisTapi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\S24Trans.sys"
    .\debug.cpp(400) : Destination "\Device\S24Trans.sys"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : Device "\GLOBAL??\DLAIFS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
    .\debug.cpp(400) : Destination "\Device\IPMULTICAST"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7661&SUBSYS_104D0C00&REV_1042#4&b1e7652&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
    .\debug.cpp(400) : Destination "\Device\000000b3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
    .\debug.cpp(400) : Destination "\Device\ParTechInc1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TBHSDControl2"
    .\debug.cpp(400) : Destination "\Device\TBHSDControl2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
    .\debug.cpp(400) : Destination "\Device\LanmanRedirector"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0006#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\0000003c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000061"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
    .\debug.cpp(400) : Destination "\Device\ParTechInc2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TBHSDControl3"
    .\debug.cpp(400) : Destination "\Device\TBHSDControl3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\drvmcdb"
    .\debug.cpp(400) : Destination "\Device\drvmcdb"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{8cc12cc4-d9e2-11de-ba2f-806d6172696f}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0005#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0003#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\000000b2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10518086&REV_02#4&2803e7c1&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TBHSDControl4"
    .\debug.cpp(400) : Destination "\Device\TBHSDControl4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\FtControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
    .\debug.cpp(400) : Destination "\Device\ASWRDR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
    .\debug.cpp(400) : Destination "\Device\aswSP_Avar"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
    .\debug.cpp(400) : Destination "\Device\mbr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000037"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_MagicISO&Prod_Virtual_DVD-ROM&Rev_1.0A#1&2afd7d61&0&0002#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\000000b1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TBHSDControl5"
    .\debug.cpp(400) : Destination "\Device\TBHSDControl5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0001#{34699dc2-f125-4490-ae54-e7db91946f9e}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Standard Modem"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TBHSDControl6"
    .\debug.cpp(400) : Destination "\Device\TBHSDControl6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MEDIA#0008#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000052"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_81EF104D&REV_02#3&b1bfb68&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#PORTS#0000#{34699dc2-f125-4490-ae54-e7db91946f9e}"
    .\debug.cpp(400) : Destination "\Device\0000004f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TBHSDControl7"
    .\debug.cpp(400) : Destination "\Device\TBHSDControl7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PROCEXP113"
    .\debug.cpp(400) : Destination "\Device\PROCEXP113"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SNY9001#4&38462492&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000008e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{B3076D53-CCF6-414C-B093-D23D4C3BD384}"
    .\debug.cpp(400) : Destination "\Device\INTELPRO_{B3076D53-CCF6-414C-B093-D23D4C3BD384}"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TBHSDControl8"
    .\debug.cpp(400) : Destination "\Device\TBHSDControl8"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
    .\boot_cleaner.cpp(1060) :
    .\boot_cleaner.cpp(1061) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1062) : --------------------------------------------
    .\boot_cleaner.cpp(1106) : 232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1112) :
    .\boot_cleaner.cpp(1151) : Done;





    How any of this makes sense to anyone I'll never know, but if it helps me return my computer back to a happy state, then i too will be very happy. Thanks.

    A.
     
  17. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Does it make any sense where my problems are?
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Somewhat, but we're not there yet:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes	
      :Files 
      C:\Documents and Settings\NewUser\My Documents\Downloads\Setup_LadbrokesCasino.exe 
      C:\Program Files\Alwil Software\Avast5\ashBase.dll 
      C:\Program Files\Common Files\FilePlaybackTerminal\FilePlaybackTerminal.dll 
      C:\Program Files\Common Files\RCMFontPicker\RCMFontPicker.dll 
      C:\Program Files\Image-Line\FL Studio 9\FL.exe 
      C:\WINDOWS\system32\drivers\afd.sys 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ==============================================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:

    Code:
    File::
    c:\windows\system32\drivers\tffsmon.sys
    c:\windows\system32\drivers\tfsysmon.sys
    c:\windows\system32\drivers\tfnetmon.sys
    c:\program files\common files\roxio shared\12.0\sharedcom\roxwatch12.exe
    c:\program files\roxio creator 2009\digital home 11\roxioupnprenderer11.exe
    c:\program files\common files\roxio shared\12.0\sharedcom\roxmediadb12.exe
    Folder::
    c:\program files\Browser Hijack Recover
    
    DDS::
    uWindow Title =
    mWindow Title =
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
    mRunOnce: [wextract_cleanup0] rundll32.exe c:\windows\system32\advpack.dll,delnoderundll32 "c:\docume~1\newuser\locals~1\temp\ixp000.tmp\"
    
    RegNull::
    [HKEY_USERS\S-1-5-21-854245398-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2571786D-702E-925D-9C11-DAA052E520D0}*]
    [HKEY_USERS\S-1-5-21-854245398-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E53274EE-FAC7-3F3B-BADC-60A9F4F674F4}*]
    Driver::
    TfFsMon
    TfSysMon
    TfNetMon
    RoxWatch12
    Roxio UPnP Renderer 11
    RoxMediaDB12
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :filefind
       afd.*
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    ====================================
    Repeat the Eset scan and include the entire log.
     
  19. Anno

    Anno TS Rookie Topic Starter Posts: 20

    New Logs

    Thanks for your help with all this Bobbye, much appreciated.
    Anyway, logs as requested.

    OLD TIMER
    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    C:\Documents and Settings\NewUser\My Documents\Downloads\Setup_LadbrokesCasino.exe moved successfully.
    LoadLibrary failed for C:\Program Files\Alwil Software\Avast5\ashBase.dll
    File move failed. C:\Program Files\Alwil Software\Avast5\ashBase.dll scheduled to be moved on reboot.
    LoadLibrary failed for C:\Program Files\Common Files\FilePlaybackTerminal\FilePlaybackTerminal.dll
    File move failed. C:\Program Files\Common Files\FilePlaybackTerminal\FilePlaybackTerminal.dll scheduled to be moved on reboot.
    LoadLibrary failed for C:\Program Files\Common Files\RCMFontPicker\RCMFontPicker.dll
    File move failed. C:\Program Files\Common Files\RCMFontPicker\RCMFontPicker.dll scheduled to be moved on reboot.
    C:\Program Files\Image-Line\FL Studio 9\FL.exe moved successfully.
    C:\WINDOWS\system32\drivers\afd.sys moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Anno Creative
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NewUser
    ->Temp folder emptied: 2005085 bytes



    COMBOFIX
    ComboFix 10-11-07.A2 - NewUser 11/11/2010 20:20:02.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.672 [GMT 0:00]
    Running from: c:\documents and settings\NewUser\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\NewUser\Desktop\CFScript.txt.txt

    FILE ::
    "c:\program files\common files\roxio shared\12.0\sharedcom\roxmediadb12.exe"
    "c:\program files\common files\roxio shared\12.0\sharedcom\roxwatch12.exe"
    "c:\program files\roxio creator 2009\digital home 11\roxioupnprenderer11.exe"
    "c:\windows\system32\drivers\tffsmon.sys"
    "c:\windows\system32\drivers\tfnetmon.sys"
    "c:\windows\system32\drivers\tfsysmon.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Browser Hijack Recover
    c:\program files\Browser Hijack Recover\backup\bklist.lst
    c:\program files\Browser Hijack Recover\bhrHelp.chm
    c:\program files\Browser Hijack Recover\lib\bholist.lib
    c:\program files\Browser Hijack Recover\lib\bss.lib
    c:\program files\Browser Hijack Recover\lib\en.temp
    c:\program files\Browser Hijack Recover\lib\startuplist.lib
    c:\program files\Browser Hijack Recover\lib\toolbarlist.lib
    c:\program files\Browser Hijack Recover\rtl60.bpl
    c:\program files\Browser Hijack Recover\unins000.dat
    c:\program files\spybot - search & destroy\SDHelper.dll
    c:\program files\vuze_remote\tbVuz1.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ROXWATCH12
    -------\Legacy_TFFSMON
    -------\Legacy_TFNETMON
    -------\Legacy_TFSYSMON
    -------\Service_Roxio UPnP Renderer 11
    -------\Service_RoxMediaDB12
    -------\Service_RoxWatch12
    -------\Service_TfFsMon
    -------\Service_TfNetMon
    -------\Service_TfSysMon


    ((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
    .

    2010-11-11 15:56 . 2009-06-11 23:34 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS
    2010-11-11 14:22 . 2010-11-11 14:22 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-11-11 14:12 . 2010-11-11 14:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Birdstep Technology
    2010-11-11 14:07 . 2010-11-11 14:07 -------- d-----w- C:\_OTM
    2010-11-08 19:11 . 2010-11-08 19:11 -------- d-----w- c:\program files\ESET
    2010-11-08 15:38 . 2010-11-08 15:38 78040 ----a-w- c:\windows\system32\drivers\klmdb.sys
    2010-11-05 01:38 . 2010-11-05 15:37 -------- d-----w- C:\Sony Loops & Sample Library - 13 Full Sample Packs
    2010-11-04 11:48 . 2010-11-04 11:48 -------- d-----w- c:\program files\Common Files\Doblon
    2010-10-27 19:22 . 2010-11-11 14:07 -------- d-----w- c:\program files\Common Files\FilePlaybackTerminal
    2010-10-27 15:16 . 2010-11-02 18:00 -------- d-----w- c:\program files\Common Files\cdrdao
    2010-10-27 13:11 . 2010-11-04 11:48 -------- d-----w- c:\program files\Doblon
    2010-10-27 13:10 . 2010-11-11 14:07 -------- d-----w- c:\program files\Common Files\RCMFontPicker
    2010-10-26 11:18 . 2010-10-26 11:18 -------- d-----w- c:\documents and settings\NewUser\Application Data\Malwarebytes
    2010-10-26 11:15 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-26 11:15 . 2010-10-26 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-26 11:15 . 2010-10-26 11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-26 11:15 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-26 11:12 . 2010-10-26 11:12 -------- d-----w- c:\program files\ERUNT
    2010-10-26 08:59 . 2010-11-11 14:22 -------- d-----w- c:\documents and settings\Administrator
    2010-10-25 19:32 . 2010-11-11 20:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-25 19:32 . 2010-10-26 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-10-25 12:15 . 2010-10-25 12:15 -------- d-----w- c:\program files\CardRecovery
    2010-10-24 19:32 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-24 19:32 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-24 19:32 . 2010-05-06 20:41 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-10-24 19:32 . 2010-05-06 20:41 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
    2010-10-24 19:31 . 2010-05-06 20:40 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
    2010-10-24 19:31 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-24 19:31 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-24 19:31 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-24 19:31 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-24 19:31 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-24 19:29 . 2010-03-19 19:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
    2010-10-24 19:29 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-10-24 19:29 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-23 14:52 . 2010-10-23 14:52 -------- d-----w- c:\documents and settings\NewUser\Application Data\Doblon
    2010-10-23 14:35 . 2010-10-23 15:43 -------- d-----w- c:\program files\Okdo Document Converter Professional
    2010-10-21 17:22 . 2010-10-21 17:22 -------- d-----w- c:\program files\Lame for Audacity
    2010-10-21 17:15 . 2010-10-21 17:38 -------- d-----w- c:\program files\Audacity
    2010-10-20 11:57 . 2010-10-20 11:58 -------- d-----w- c:\program files\Easy MP3 Cutter
    2010-10-20 11:46 . 2010-10-20 11:46 -------- d-----w- c:\program files\MP3Resizer
    2010-10-18 18:06 . 2010-10-18 18:06 -------- d-----w- C:\spoolerlogs
    2010-10-18 13:16 . 2010-11-08 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-10-16 13:12 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-16 13:12 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-16 13:12 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-16 12:54 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-10-16 12:54 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-10-16 12:54 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-10-16 12:54 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-10-16 12:54 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-10-16 12:54 . 2010-10-18 11:45 -------- d-----w- c:\program files\Trojan Remover
    2010-10-16 12:54 . 2010-10-16 12:54 -------- d-----w- c:\documents and settings\NewUser\Application Data\Simply Super Software
    2010-10-16 12:54 . 2010-10-16 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2010-10-16 12:34 . 2010-10-16 12:34 -------- d-----w- c:\documents and settings\NewUser\Local Settings\Application Data\VS Revo Group
    2010-10-16 12:34 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2010-10-16 12:34 . 2010-10-16 12:34 -------- d-----w- c:\program files\VS Revo Group
    2010-10-16 10:05 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
    2010-10-16 10:05 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
    2010-10-16 10:05 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
    2010-10-16 10:05 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
    2010-10-16 10:05 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
    2010-10-16 10:05 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
    2010-10-16 10:05 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
    2010-10-14 18:57 . 2010-10-16 09:10 -------- d-----w- c:\documents and settings\NewUser\Application Data\DVDVideoSoft
    2010-10-14 18:29 . 2010-10-14 18:29 -------- d-----w- c:\program files\BBC iPlayer Desktop
    2010-10-14 18:08 . 2010-10-14 18:08 -------- d-----w- c:\documents and settings\NewUser\Application Data\4Media
    2010-10-13 14:24 . 2008-04-14 04:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
    2010-10-13 14:24 . 2008-04-14 04:41 21504 ----a-w- c:\windows\system32\hidserv.dll
    2010-10-13 12:52 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-16 10:05 . 2009-12-09 16:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-10-16 10:05 . 2009-12-09 16:58 47360 ----a-w- c:\documents and settings\NewUser\Application Data\pcouffin.sys
    2010-09-18 11:23 . 2004-08-10 12:00 974848 ------w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-10 12:00 954368 ------w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-10 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-14 14:45 . 2010-09-14 14:45 69632 ----a-r- c:\documents and settings\NewUser\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
    2010-09-14 14:45 . 2010-09-14 14:45 413696 ----a-r- c:\documents and settings\NewUser\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
    2010-09-14 14:45 . 2010-09-14 14:45 413696 ----a-r- c:\documents and settings\NewUser\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
    2010-09-14 14:45 . 2010-09-14 14:45 413696 ----a-r- c:\documents and settings\NewUser\Application Data\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
    2010-09-10 05:58 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51 . 2004-08-10 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-10 12:00 1852800 ------w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-10 12:00 99840 ------w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-10 12:00 357248 ------w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-11-26 03:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2004-08-10 12:00 617472 ------w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-10 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ------- Sigcheck -------

    Cryptography Services Error !!
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-11-08_22.44.08 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-01-03 15:07 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
    - 2010-01-03 15:07 . 2007-11-30 04:39 17272 c:\windows\system32\spmsg.dll
    + 2009-12-21 22:21 . 2010-11-11 19:10 7860 c:\windows\system32\Restore\rstrlog.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
    @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
    [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
    2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-11-28 217088]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-26 7335936]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "wextract_cleanup0"="c:\windows\system32\advpack.dll" [2009-03-08 128512]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    c:\documents and settings\Anno Creative\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQkihI]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2005-05-20 17:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
    2010-03-09 09:58 1738352 ----a-w- c:\program files\PeerBlock\peerblock.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=c:\windows\system32\ctfmon.exe
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "ISBMgr.exe"=c:\program files\Sony\ISB Utility\ISBMgr.exe
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe"
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "VAIO Update 5"="c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe" /Stationary
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    "BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    "ehTray"=c:\windows\ehome\ehtray.exe
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\winver.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R2 BecHelperService;BecHelperService;c:\program files\3\3Connect\BecHelperService.exe [2010-01-28 1737464]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 135664]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
    R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
    R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2009-11-26 28800]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-12-08 673136]
    R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2009-12-18 57344]
    S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-03-19 12112]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-15 721904]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-05-06 119200]
    S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-10-23 33792]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2009-11-26 217472]


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

    2010-11-11 c:\windows\Tasks\Automatic troubleshooting.job
    - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 15:12]

    2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 18:46]

    2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-05 18:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.facebook.com/?ref=hp
    IE: Free YouTube Download - c:\documents and settings\NewUser\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    IE: Free YouTube to Mp3 Converter - c:\documents and settings\NewUser\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    FF - ProfilePath - c:\documents and settings\NewUser\Application Data\Mozilla\Firefox\Profiles\c47yvygt.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial
    FF - component: c:\documents and settings\NewUser\Application Data\Mozilla\Firefox\Profiles\c47yvygt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\NewUser\Application Data\Mozilla\Firefox\Profiles\c47yvygt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\documents and settings\NewUser\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-11 20:51
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
    "ImagePath"="system32\drivers\tsk2E.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1884)
    c:\windows\system32\VESWinlogon.dll

    - - - - - - - > 'explorer.exe'(1972)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Alwil Software\Avast5\setup\avast.setup
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\crypserv.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\ehome\mcrdsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-11 20:52:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-11 20:52
    ComboFix2.txt 2010-11-08 22:49

    Pre-Run: 6,925,688,832 bytes free
    Post-Run: 6,905,102,336 bytes free

    - - End Of File - - 14097258AB8F4035E9F91FA0A90014C9
     
  20. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Further New Logs

    System Look

    SystemLook 04.09.10 by jpshortstuff
    Log created at 20:57 on 11/11/2010 by NewUser
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for " afd.*"
    No files found.

    -= EOF =-


    I am unable to run another ESET scan as since the OTMOVIT scan my computer has now lost the ability to go online, either wirelessly or otherwise. I do not know which EST product to download in order to run the scan.
    Any further help appreciated.

    A.
     
  21. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Any help with the possible causes of why I have lost online abilty also welcomed as having to use a neighbour's to check my email and replies here is a pain!!! ;-)
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    There should be a section in the OTMoveIt log, at the bottom, after this "User: NewUser
    ->Temp folder emptied: 2005085 bytes" that lists the Files that were moved. Please see if you have it and just copy that part into next reply.

    There is also a line missing from the end of the Combofix log header- at the to of Combofix. It tells me what the AV is, what the FW is, and if they are disabled and updated.
    .[/QUOTE]
    =====================================
    Please run the following: Security Check

    Download Security Check and save it to your Desktop.
    • Double-click SecurityCheck.exe to run.
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post this log in your next reply.
    ======================
    Download the HijackThis Installer and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    =========================================
    Do any of the original problems remain? Are there any new problems?
     
  23. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Hey Bobbye.
    I can't find the first thing you mentioned.



    Top of Combofix....

    ComboFix 10-11-07.A2 - NewUser 11/11/2010 20:20:02.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.672 [GMT 0:00]
    Running from: c:\documents and settings\NewUser\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\NewUser\Desktop\CFScript.txt.txt

    FILE ::
    "c:\program files\common files\roxio shared\12.0\sharedcom\roxmediadb12.exe"
    "c:\program files\common files\roxio shared\12.0\sharedcom\roxwatch12.exe"
    "c:\program files\roxio creator 2009\digital home 11\roxioupnprenderer11.exe"
    "c:\windows\system32\drivers\tffsmon.sys"
    "c:\windows\system32\drivers\tfnetmon.sys"
    "c:\windows\system32\drivers\tfsysmon.sys"





    Security Check

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    CCleaner
    Java(TM) 6 Update 19
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.3.4
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ````````````````````````````````
    DNS Vulnerability Check:

    Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

    ``````````End of Log````````````




    Hijack This

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:49:54, on 17/11/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\3\3Connect\BecHelperService.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/?ref=hp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NewUser\LOCALS~1\Temp\IXP000.TMP\"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\NewUser\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\NewUser\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: cbXQkihI - Invalid registry found
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3\3Connect\BecHelperService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

    --
    End of file - 6720 bytes



    Whenever I boot up it shows a screen asking me which operating system to use, and auto selects XP. I still have disabled internet, both hardwired and wireless. Browser hijack no longer an issue though!
    Thanks again for your help in trying to resolve it for me.

    .Anno
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    What is 'the first thing I mentioned?'

    I'm having a problem resolving the contents of some of the entries in the various logs. They aren't consistent, such as the AV program. Is this a pirated operating system?

    Have you or the Administrator set this:
    # 06 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    Control Panel present: You or an administrator has set a policy which restricts access to the 'Internet options' from within the IE or in the control panel.


    Are you aware of it? Are you the owner and/or Administrator of this system?

    Please disable TuneUp Utilities while I am helping you.

    C:\Program Files\3\3Connect\BecHelperService.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\NewUser\LOCALS~1\Temp\IXP000.TMP\"
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O20 - Winlogon Notify: cbXQkihI - Invalid registry found
    O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3\3Connect\BecHelperService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe


    Close all Windows except HijackThis and click on "Fix Checked."
    =========================================
    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    Click on Start> Run> type in services.msc> Find each of the following and set Startup type to Disabled> Stop the Services:
    TuneUp.Defrag
    TuneUp.UtilitiesSvc

    Exit Services. You can reenable these when we are finished.
     
  25. Anno

    Anno TS Rookie Topic Starter Posts: 20

    Hey Bobbye.

    It isn't a pirated operating system, and I am the administrator. I am not aware of anything being changed regarding the internet settings.

    What may have happened is that before I changed anything i set a system restore point, and then when my internet connections failed I restored to this earlier point. This may have caused the inconsistencies, and if so I apologize for the confusion.

    The browser hijack problem seemed to have been resolved but the main issue now is that I cannot connect to the interent either wirelessly or networked. Ipconfig shows ip addresses with all zero's.

    I have removed TuneUp for now, and removed the list in Hijack This.

    A.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.