Solved Rootkit/Trojans; antivirus realtime protection won't run

[Barturo]

Hello TechSpot members!

I am trying to clean up an XP Pro SP3 system that has/had a number of trojans on it. I ran Malwarebytes and found several trojans, which were then removed. However, I tried to install AVG Internet Security and it wouldn't load. I also tried to reinstall Symantec Endpoint Protection and it wouldn't load either. I was able to load Microsoft Security Essentials, but the antivirus realtime protection won't activate.

I ran a scan with Microsoft Security Essentials and it found a potential hidden rootkit.

I read the post on the Updated 5 Step Viruses/Spyware/Malware Preliminary Removal Instructions and created the Malwarebytes, GMER, and DDS logs. Here are the results:

Malwarebytes
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.16.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Friedrich :: COMPBarturo

16.02.2012 12:46:27
mbam-log-2012-02-16 (12-46-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 331948
Time elapsed: 32 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{A3C523B0-EC59-4D62-8E57-A0A4F452EA0B}\RP109\A0065983.exe (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.

(end)


GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-17 08:53:00
Windows 5.1.2600 Service Pack 3
Running: i8d65jei.exe


---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\Drivers\11aa006c6c0ad6db.sys (*** hidden *** ) [BOOT] 11aa006c6c0ad6db <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


DDS
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by Barturo at 9:46:14 on 2012-02-17
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3033.2438 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
svchost.exe
C:\Programme\Option\Driver Installer\GtDetectSc.exe
C:\Programme\Gemeinsame Dateien\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe
C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Notes\nsd.exe
C:\Notes\nslsvice.exe
C:\Notes\ntmulti.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Fujitsu\Mobile Software Suite\Common\UiMdmTip\UiMdmTip.exe
C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Fujitsu\Manageability\CnMdKHkH.exe\1.01\CnMdKHkH.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [COMImpersonator] c:\programme\fujitsu\mobile software suite\common\uimdmtip\UiMdmTip.exe
mRun: [IAAnotif] c:\programme\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NBAgent] "c:\programme\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\programme\gemeinsame dateien\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [BrowserChoice] "c:\windows\system32\browserchoice.exe" /run
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\office\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\office\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 12.127.16.68
TCP: Interfaces\{DBFD8E5B-72D0-4542-9EEC-BA5C6134178C} : DhcpNameServer = 12.127.16.68
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2011-8-23 210736]
R2 GtDetectSc;GtDetectSc;c:\programme\option\driver installer\GtDetectSc.exe [2009-5-4 545792]
R2 HaMDevMg.1.01;Fujitsu HaMDevMg.1.01;c:\programme\gemeinsame dateien\fujitsu\manageability\hamdevmg.exe\1.01\HaMDevMg.exe [2009-5-20 557056]
R2 Lotus Notes Diagnostics;Lotus Notes-Diagnose;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2011-8-23 13312]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2011-8-23 244368]
R3 FscGabi;FscGabi;c:\windows\system32\drivers\FscGabi.sys [2009-5-5 12288]
R3 FSCSLII;FSCSLII;c:\windows\system32\drivers\FSCSLII.sys [2009-3-10 15360]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-5-13 66560]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-5-13 8064]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2011-8-23 41216]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S2 OS Selector;Acronis OS Selector activator;c:\oss\reinstall_svc.exe --> c:\oss\reinstall_svc.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\gemeinsame dateien\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-12-1 106104]
S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2012-1-13 107776]
.
=============== Created Last 30 ================
.
2012-02-17 08:45:23 -------- d-----w- c:\windows\ms
2012-02-16 14:54:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 14:52:40 6557240 ------w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{2ef7e0f3-7a63-4856-8fc8-fd49052a564b}\mpengine.dll
2012-02-16 14:47:22 -------- d-----w- c:\programme\Microsoft Security Client
2012-02-16 13:13:18 -------- d-----w- c:\dokumente und einstellungen\friedrich\lokale einstellungen\anwendungsdaten\Apple Computer
2012-02-16 13:04:04 76768 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-02-16 12:34:42 -------- d-----w- c:\windows\system32\NtmsData
2012-02-16 11:46:07 -------- d-----w- c:\dokumente und einstellungen\friedrich\anwendungsdaten\Malwarebytes
2012-02-16 11:34:22 388096 ----a-r- c:\dokumente und einstellungen\friedrich\anwendungsdaten\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-16 11:34:22 -------- d-----w- c:\programme\Trend Micro
2012-02-16 11:24:13 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-16 11:02:24 -------- d--h--w- c:\dokumente und einstellungen\all users\anwendungsdaten\Common Files
2012-02-16 11:01:52 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\AVG2012
2012-02-16 10:55:31 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\MFAData
2012-02-16 10:25:12 -------- d-----w- c:\dokumente und einstellungen\friedrich\lokale einstellungen\anwendungsdaten\Symantec
2012-02-16 09:42:12 -------- d-----w- c:\dokumente und einstellungen\friedrich\lokale einstellungen\anwendungsdaten\WMTools Downloaded Files
2012-02-16 09:06:00 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2012-02-16 09:05:59 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 09:05:59 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-01-19 15:49:40 90112 ----a-w- c:\windows\DUMP53ad.tmp
2012-01-03 15:59:41 90112 ----a-w- c:\windows\DUMP4a09.tmp
2012-01-03 15:58:33 90112 ----a-w- c:\windows\DUMP4a58.tmp
2012-01-03 14:55:17 90112 ----a-w- c:\windows\DUMP45e2.tmp
2012-01-03 14:54:14 90112 ----a-w- c:\windows\DUMP47c7.tmp
2012-01-03 14:53:19 90112 ----a-w- c:\windows\DUMP470b.tmp
2012-01-02 14:02:06 90112 ----a-w- c:\windows\DUMP4b60.tmp
2012-01-02 13:58:01 90112 ----a-w- c:\windows\DUMP4d16.tmp
2012-01-02 13:57:03 90112 ----a-w- c:\windows\DUMP4e10.tmp
2012-01-02 13:54:13 90112 ----a-w- c:\windows\DUMP4c1c.tmp
2012-01-02 13:49:57 90112 ----a-w- c:\windows\DUMP5052.tmp
2012-01-02 13:48:57 90112 ----a-w- c:\windows\DUMP4b80.tmp
2012-01-02 13:47:57 90112 ----a-w- c:\windows\DUMP4baf.tmp
2012-01-02 13:47:01 90112 ----a-w- c:\windows\DUMP4e9d.tmp
2012-01-02 09:25:48 90112 ----a-w- c:\windows\DUMP4b12.tmp
2012-01-02 09:24:25 90112 ----a-w- c:\windows\DUMP4a57.tmp
2012-01-02 09:23:02 90112 ----a-w- c:\windows\DUMP4b22.tmp
2012-01-02 09:21:39 90112 ----a-w- c:\windows\DUMP4cf7.tmp
2012-01-02 09:20:43 90112 ----a-w- c:\windows\DUMP4da3.tmp
2011-12-29 14:56:04 90112 ----a-w- c:\windows\DUMP443d.tmp
2011-12-29 14:53:15 90112 ----a-w- c:\windows\DUMP43ee.tmp
2011-12-29 14:52:19 90112 ----a-w- c:\windows\DUMP44e9.tmp
2011-12-29 14:50:56 90112 ----a-w- c:\windows\DUMP445d.tmp
2011-12-29 14:49:33 90112 ----a-w- c:\windows\DUMP43ff.tmp
2011-12-29 14:48:38 90112 ----a-w- c:\windows\DUMP44e8.tmp
2011-12-29 14:47:41 90112 ----a-w- c:\windows\DUMP447c.tmp
2011-12-29 14:46:19 90112 ----a-w- c:\windows\DUMP46ec.tmp
2011-12-29 14:45:23 90112 ----a-w- c:\windows\DUMP440d.tmp
2011-12-29 14:41:46 90112 ----a-w- c:\windows\DUMP443c.tmp
2011-12-29 14:40:52 90112 ----a-w- c:\windows\DUMP445c.tmp
2011-12-29 14:33:55 90112 ----a-w- c:\windows\DUMP44c9.tmp
2011-12-29 14:28:13 90112 ----a-w- c:\windows\DUMP4507.tmp
2011-12-29 14:24:51 90112 ----a-w- c:\windows\DUMP449a.tmp
2011-12-29 14:23:28 90112 ----a-w- c:\windows\DUMP447b.tmp
2011-12-29 14:16:38 90112 ----a-w- c:\windows\DUMP469e.tmp
2011-12-29 14:15:42 90112 ----a-w- c:\windows\DUMP43fe.tmp
2011-12-23 13:58:28 44160 ----a-w- c:\windows\system32\drivers\11aa006c6c0ad6db.sys
.
============= FINISH: 9:46:39,67 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 23.08.2011 16:52:39
System Uptime: 17.02.2012 08:50:39 (1 hours ago)
.
Motherboard: FUJITSU SIEMENS | | S118DB
Processor: Intel Pentium III Xeon-Prozessor | U2E1 | 2526/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 404,245 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: GlobeTrotter MO40x - Network Interface
Device ID: OPTIONBUS\GTHSM_NET\6&249E3588&0&1
Manufacturer: Option
Name: GlobeTrotter MO40x - Network Interface
PNP Device ID: OPTIONBUS\GTHSM_NET\6&249E3588&0&1
Service: GTUHSNDISIPXP
.
==== System Restore Points ===================
.
RP80: 19.11.2011 15:36:59 - Systemprüfpunkt
RP81: 21.11.2011 07:30:12 - Systemprüfpunkt
RP82: 22.11.2011 10:37:01 - Systemprüfpunkt
RP83: 24.11.2011 12:03:16 - Systemprüfpunkt
RP84: 28.11.2011 09:25:23 - Systemprüfpunkt
RP85: 29.11.2011 14:17:35 - Systemprüfpunkt
RP86: 01.12.2011 15:52:55 - Systemprüfpunkt
RP87: 05.12.2011 07:43:01 - Systemprüfpunkt
RP88: 06.12.2011 07:59:49 - Systemprüfpunkt
RP89: 08.12.2011 09:30:37 - Systemprüfpunkt
RP90: 09.12.2011 10:02:58 - Systemprüfpunkt
RP91: 11.12.2011 18:51:46 - Systemprüfpunkt
RP92: 13.12.2011 07:59:39 - Systemprüfpunkt
RP93: 15.12.2011 16:09:39 - Systemprüfpunkt
RP94: 16.12.2011 16:54:08 - Systemprüfpunkt
RP95: 19.12.2011 13:30:16 - Systemprüfpunkt
RP96: 21.12.2011 14:14:15 - Systemprüfpunkt
RP97: 22.12.2011 19:30:18 - Systemprüfpunkt
RP98: 24.12.2011 12:04:16 - Systemprüfpunkt
RP99: 27.12.2011 09:57:29 - Systemprüfpunkt
RP100: 28.12.2011 18:47:21 - Systemprüfpunkt
RP101: 02.01.2012 12:48:15 - Systemprüfpunkt
RP102: 03.01.2012 13:52:09 - Systemprüfpunkt
RP103: 04.01.2012 14:24:13 - Systemprüfpunkt
RP104: 05.01.2012 15:30:50 - Systemprüfpunkt
RP105: 09.01.2012 12:51:13 - Systemprüfpunkt
RP106: 12.01.2012 17:14:54 - Removed Vodafone Mobile Connect.
RP107: 18.01.2012 16:21:56 - Removed Symantec Endpoint Protection.
RP108: 18.01.2012 16:32:47 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch
RP109: 16.02.2012 09:51:20 - Removed Lotus Notes 8.5 Deployment Patch.
RP110: 16.02.2012 11:21:47 - Installed Symantec Endpoint Protection.
RP111: 16.02.2012 11:43:26 - Removed Symantec Endpoint Protection.
RP112: 16.02.2012 12:01:14 - AVG 2012 wurde installiert
RP113: 16.02.2012 12:02:20 - AVG 2012 wurde installiert
RP114: 16.02.2012 12:02:22 - AVG 2012 wurde entfernt
RP115: 16.02.2012 12:34:21 - Installed HiJackThis
RP116: 16.02.2012 14:04:06 - Installed Acronis*Disk*Director*11*Home
RP117: 16.02.2012 14:06:29 - Installed Acronis*Disk*Director*11*Home
RP118: 16.02.2012 14:08:24 - Installed Acronis*Disk*Director*11*Home
RP119: 16.02.2012 14:10:28 - Installed Acronis*Disk*Director*11*Home
RP120: 16.02.2012 14:11:35 - Skype™ 5.6 wird entfernt
RP121: 16.02.2012 14:13:11 - iTunes wird entfernt
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
7-Zip 4.65
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.0.1 - Deutsch
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Brother HL-5240
CFiles Backup
Configuration Manager Client
CorelDRAW Graphics Suite 12
Driver Installer
Driver Installer
FreeMind
HiJackThis
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB942288-v3)
Hotfix für Windows XP (KB952287)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 22
JDE ActiveX Controls
JDEShortcuts
Kalender-Excel-8.8
Lotus Notes 8.5 de
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Codec Pack 4.1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Software Update for Web Folders (German) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileSoftwareSuite
Mozilla Firefox 6.0 (x86 de)
MSXML 4.0 SP2 Parser und SDK
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero Express
Nero RescueAgent
OZ776 SCR Driver V1.1.4.204
Pointofix
Print Server Utilities
QuickTime
RDC
Realtek High Definition Audio Driver
Safari
Sicherheitsupdate für Step by Step Interactive Training (KB923723)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2412687)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2476490)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485663)
Sicherheitsupdate für Windows XP (KB2503665)
Sicherheitsupdate für Windows XP (KB2507938)
Sicherheitsupdate für Windows XP (KB2508272)
Sicherheitsupdate für Windows XP (KB2524375)
Sicherheitsupdate für Windows XP (KB2535512)
Sicherheitsupdate für Windows XP (KB2536276-v2)
Sicherheitsupdate für Windows XP (KB2544521)
Sicherheitsupdate für Windows XP (KB2544893)
Sicherheitsupdate für Windows XP (KB2555917)
Sicherheitsupdate für Windows XP (KB2562937)
Sicherheitsupdate für Windows XP (KB2566454)
Sicherheitsupdate für Windows XP (KB2570222)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982665)
Synaptics Pointing Device Driver
Tinypic 3.18
Update für Windows XP (KB898461)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB971029)
Update für Windows XP (KB973687)
WebFldrs XP
WIMGAPI
Windows Media Format 11 runtime
Windows Media Player 11
.
==== End Of File ===========================


Thanks in advance for your assistance!

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\System32\Drivers\11aa006c6c0ad6db.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

 

[Barturo]

VirusTotal Scan Results

Broni...thank you for your assistance with this problem. I have scanned the suspicious file using VirusTotal and the results were Detection Ratio: 0/43

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"

 

[Barturo]

Scans Completed--aswMBR and BTKR_Runbox

Broni,

I ran the scans as directed. Here are the results:

ASWMBR:
aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-21 08:39:56
-----------------------------
08:39:56.750 OS Version: Windows 5.1.2600 Service Pack 3
08:39:56.750 Number of processors: 2 586 0x170A
08:39:56.750 ComputerName: COMPBarturo UserName: Barturo
08:39:57.984 Initialze error C0000001 - driver not loaded
08:41:18.718 AVAST engine defs: 12022002
08:41:25.953 Service scanning
08:41:26.359 Service 11aa006c6c0ad6db C:\WINDOWS\System32\Drivers\11aa006c6c0ad6db.sys **HIDDEN**
08:41:40.296 Modules scanning
08:41:40.296 Disk 0 trace - called modules:
08:41:40.296
08:41:41.671 AVAST engine scan C:\WINDOWS
08:41:49.890 AVAST engine scan C:\WINDOWS\system32
08:43:16.437 AVAST engine scan C:\WINDOWS\system32\drivers
08:43:16.640 File: C:\WINDOWS\system32\drivers\11aa006c6c0ad6db.sys **INFECTED** Win32:Rootkit-gen [Rtk]
08:43:23.593 AVAST engine scan C:\Dokumente und Einstellungen\Barturo
08:43:47.531 AVAST engine scan C:\Dokumente und Einstellungen\All Users
08:44:11.937 Scan finished successfully
08:49:30.531 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Barturo\Desktop\aswMBR.txt"

BTKR_RunBox:
.\debug.cpp(238) : Debug log started at 21.02.2012 - 08:06:09
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020f000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e6000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x8aac8000 0x0000c000 "11aa006c6c0ad6db.sys"
.\debug.cpp(256) : 0xb9f78000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f67000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0b8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xb9f49000 0x0001e000 "pcmcia.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f2a000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5ac000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f04000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba4c4000 0x00003000 "ACPIEC.sys"
.\debug.cpp(256) : 0xba670000 0x00001000 "\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS"
.\debug.cpp(256) : 0xba328000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0d8000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9e34000 0x000d0000 "iaStor.sys"
.\debug.cpp(256) : 0xb9dfe000 0x00036000 "Si3531.sys"
.\debug.cpp(256) : 0xb9de6000 0x00018000 "\WINDOWS\system32\DRIVERS\SCSIPORT.SYS"
.\debug.cpp(256) : 0xba0e8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0f8000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9dc6000 0x00020000 "fltMgr.sys"
.\debug.cpp(256) : 0xb9db4000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba4c8000 0x00003000 "SiWinAcc.sys"
.\debug.cpp(256) : 0xb9d9d000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9d10000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9ce3000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba5ae000 0x00002000 "SiRemFil.sys"
.\debug.cpp(256) : 0xb9cc9000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba7db000 0x00001000 "\SystemRoot\system32\DRIVERS\smsmdm.sys"
.\debug.cpp(256) : 0xb88a7000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb82e2000 0x005c5000 "\SystemRoot\system32\DRIVERS\igxpmp32.sys"
.\debug.cpp(256) : 0xad743000 0x0003e000 "\SystemRoot\system32\DRIVERS\e1y5132.sys"
.\debug.cpp(256) : 0xaf15f000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xad71f000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xadf8b000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xad6f7000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xad37f000 0x00378000 "\SystemRoot\system32\DRIVERS\NETw5x32.sys"
.\debug.cpp(256) : 0xaf1ab000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xadbc8000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xae8ef000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xad36b000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xb47b3000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xadf73000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xad334000 0x00037000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0xba62e000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xadf5b000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba128000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xb88bb000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xb303d000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xad311000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xadf4b000 0x00008000 "\SystemRoot\system32\DRIVERS\Acceler.sys"
.\debug.cpp(256) : 0xae8d7000 0x00004000 "\SystemRoot\system32\DRIVERS\FSCSLII.sys"
.\debug.cpp(256) : 0xae8cf000 0x00003000 "\SystemRoot\system32\DRIVERS\FscGabi.sys"
.\debug.cpp(256) : 0xb2ffd000 0x0000b000 "\SystemRoot\system32\DRIVERS\IFXTPM.SYS"
.\debug.cpp(256) : 0xb2fdd000 0x0000a000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xadecd000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xb2fad000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xade65000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xad2fa000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba2c8000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba2e8000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xadcc8000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xad2e9000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba318000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xadcb8000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xadca8000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xad2b9000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba178000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba632000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xad25b000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xade45000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb4d44000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xb47f3000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x9caea000 0x004b1000 "\SystemRoot\system32\drivers\RtkHDAud.sys"
.\debug.cpp(256) : 0x9cac6000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba1f8000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb4de8000 0x00003000 "\SystemRoot\System32\Drivers\i2omgmt.SYS"
.\debug.cpp(256) : 0xaf0bb000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xad982000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xaf0b7000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba468000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xba478000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xaf0b3000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xaf0af000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb4043000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xb4033000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xb3069000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x9ca93000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0x9ca3a000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0x9ca12000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x9c9ec000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb4db4000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x9c9ca000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xb4d54000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x9c99f000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x9c92f000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xadfee000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xadfbe000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xb23a4000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x9c911000 0x0001e000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x9c900000 0x00011000 "\SystemRoot\system32\DRIVERS\gtuhsbus.sys"
.\debug.cpp(256) : 0xadc18000 0x00010000 "\SystemRoot\System32\Drivers\oz776.sys"
.\debug.cpp(256) : 0xb9c5c000 0x00004000 "\SystemRoot\System32\Drivers\SMCLIB.SYS"
.\debug.cpp(256) : 0xae1dd000 0x00002000 "\SystemRoot\system32\DRIVERS\gtuhsser.sys"
.\debug.cpp(256) : 0xb2394000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0x9c830000 0x000d0000 "\SystemRoot\System32\Drivers\dump_iaStor.sys"
.\debug.cpp(256) : 0xbf800000 0x001c6000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xb9478000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba488000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xb2fa6000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf024000 0x00034000 "\SystemRoot\System32\igxpgd32.dll"
.\debug.cpp(256) : 0xbf012000 0x00012000 "\SystemRoot\System32\igxprd32.dll"
.\debug.cpp(256) : 0xbf058000 0x0023f000 "\SystemRoot\System32\igxpdv32.DLL"
.\debug.cpp(256) : 0xbf297000 0x0034d000 "\SystemRoot\System32\igxpdx32.DLL"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xba588000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x9c69b000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xaf157000 0x00005000 "\SystemRoot\System32\drivers\BrPar.sys"
.\debug.cpp(256) : 0x9c5a1000 0x00052000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x9c26c000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0x9c3e1000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0x9be93000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0x9ae9b000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZ00#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0262&SUBSYS_17341141&REV_1002#4&195b76e8&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d40214f8-cd94-11e0-b8a6-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&ff861e6&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0b97&Pid_7772#6&2b98534c&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3a74505e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1fc407&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#5&33643bb5&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000072"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2AAC6AF7-74BE-4CBF-A7BC-E047F11FAC51}"
.\debug.cpp(400) : Destination "\Device\{2AAC6AF7-74BE-4CBF-A7BC-E047F11FAC51}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\gtuhsbus0"
.\debug.cpp(400) : Destination "\Device\GTUHSBus0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0262&SUBSYS_17341141&REV_1002#4&195b76e8&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2939&SUBSYS_11411734&REV_03#3&11583659&0&D2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&18233f59&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2934&SUBSYS_11411734&REV_03#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*CM_RCDISPLAY#0000#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_23#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2938&SUBSYS_11411734&REV_03#3&11583659&0&D1#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_10f1&Pid_1a0c&MI_00#6&3530c56d&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000009c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FA6E66E1-ABB8-4F73-AD0D-67DA95866504}"
.\debug.cpp(400) : Destination "\Device\{FA6E66E1-ABB8-4F73-AD0D-67DA95866504}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\VCSerial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B931CA48-AD20-4204-B98C-EF63ECA396CE}"
.\debug.cpp(400) : Destination "\Device\{B931CA48-AD20-4204-B98C-EF63ECA396CE}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_10f1&Pid_1a0c#5&227c9467&0&6#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\OPTIONBUS#GTHSM_DBG#6&249e3588&0&1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\000000a2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM4"
.\debug.cpp(400) : Destination "\Device\VCSerial1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9D0436AD-04A5-47C1-8CF8-1474EDBA5192}"
.\debug.cpp(400) : Destination "\Device\{9D0436AD-04A5-47C1-8CF8-1474EDBA5192}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4235&SUBSYS_10018086&REV_00#4&492937f&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I2OExec"
.\debug.cpp(400) : Destination "\Device\I2OExec"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM5"
.\debug.cpp(400) : Destination "\Device\VCSerial2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0b97&Pid_7772#6&2b98534c&0&2#{50dd5230-ba8a-11d1-bf5d-0000f805f530}"
.\debug.cpp(400) : Destination "\Device\USBPDO-12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&243ccaa3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1907#4&ff861e6&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293C&SUBSYS_11411734&REV_03#3&11583659&0&D7#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1f201478&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0af0&Pid_7601#5&24c4855f&0&5#{a5f7788b-ea01-4bf1-9741-03c687a7b26c}"
.\debug.cpp(400) : Destination "\Device\USBPDO-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0262&SUBSYS_17341141&REV_1002#4&195b76e8&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1095&DEV_3531&SUBSYS_35311095&REV_01#4&b04cce1&0&00E1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A43&SUBSYS_11411734&REV_07#3&11583659&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskSAMSUNG_HM500JI_________________________2AC101C4#4&2a49a281&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#IFX0102#1#{c3fa81c6-2299-48f4-bd45-915e62b4db92}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B429AA3C-CD85-41CE-BBD3-686B5DAF5E31}"
.\debug.cpp(400) : Destination "\Device\{B429AA3C-CD85-41CE-BBD3-686B5DAF5E31}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\gtmdiag0"
.\debug.cpp(400) : Destination "\Device\VCSerial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#2#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&38e6d321&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination "\Device\USBFDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\INTELPRO_{E75A234C-2BFC-41FF-A965-503F4D5C85C3}"
.\debug.cpp(400) : Destination "\Device\INTELPRO_{E75A234C-2BFC-41FF-A965-503F4D5C85C3}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination "\Device\USBFDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\OPTIONBUS#GTHSM_MDM#6&249e3588&0&1#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\000000a5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E75A234C-2BFC-41FF-A965-503F4D5C85C3}"
.\debug.cpp(400) : Destination "\Device\{E75A234C-2BFC-41FF-A965-503F4D5C85C3}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#6&356ff5e0&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BRLPT1"
.\debug.cpp(400) : Destination "\Device\BrPar0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7700S_________________1.44____#4&2a49a281&0&0.1.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NtSecureSys"
.\debug.cpp(400) : Destination "\Device\NtSecureSys"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&ae90394&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_05e3&Pid_0607#5&24c4855f&0&6#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FSC_GABI"
.\debug.cpp(400) : Destination "\Device\FSC_GABI"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureB4C319CEOffset7E00Length74701A8200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\gtmmdm0"
.\debug.cpp(400) : Destination "\Device\VCSerial2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_293A&SUBSYS_11411734&REV_03#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7700S_________________1.44____#4&2a49a281&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0af0&Pid_7601#5&24c4855f&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2A42&SUBSYS_11411734&REV_07#3&11583659&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DBFD8E5B-72D0-4542-9EEC-BA5C6134178C}"
.\debug.cpp(400) : Destination "\Device\{DBFD8E5B-72D0-4542-9EEC-BA5C6134178C}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{d40214f9-cd94-11e0-b8a6-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2935&SUBSYS_11411734&REV_03#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\iaStor0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0b97&Pid_7761#5&18197702&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FSC_SLII"
.\debug.cpp(400) : Destination "\Device\FSC_SLII"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Acceler"
.\debug.cpp(400) : Destination "\Device\Acceler"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7700S_________________1.44____#4&2a49a281&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IAAStorageDevice-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D878B185-F9B0-484F-B1F8-DC0E8E5E4457}"
.\debug.cpp(400) : Destination "\Device\{D878B185-F9B0-484F-B1F8-DC0E8E5E4457}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2937&SUBSYS_11411734&REV_03#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&ff861e6&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5C1183E3-7DBE-44B4-A097-705FD241DB6E}"
.\debug.cpp(400) : Destination "\Device\{5C1183E3-7DBE-44B4-A097-705FD241DB6E}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Scsi\Si35311"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GlobeTrotter MO40x - Modem Interface"
.\debug.cpp(400) : Destination "\Device\000000a5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0262&SUBSYS_17341141&REV_1002#4&195b76e8&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_2936&SUBSYS_11411734&REV_03#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\OPTIONBUS#GTHSM_MDM#6&249e3588&0&1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\000000a5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\OPTIONBUS#GTHSM_APP#6&249e3588&0&1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\000000a3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0262&SUBSYS_17341141&REV_1002#4&195b76e8&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000090"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&158f0c7a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\gtmapp0"
.\debug.cpp(400) : Destination "\Device\VCSerial1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_10BF&SUBSYS_11411734&REV_03#3&11583659&0&C8#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_10f1&Pid_1a0c&MI_00#6&3530c56d&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000009c"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;

Thanks again for the assistance!!

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Barturo]

ComboFix Scan Completed

Broni,

I ran the ComboFix scan as directed. Here are the results. I have a German operating system, so some of the info is in German.

ComboFix 12-02-22.01 - Barturo 22.02.2012 12:21:50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3033.2351 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Barturo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((( Further Deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\config.ini
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\11aa006c6c0ad6db.sys
c:\windows\system32\SET62.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET6E.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_11aa006c6c0ad6db
-------\Service_11aa006c6c0ad6db
.
.
((((((((((((((((((((((( Files created from 2012-01-22 to 2012-02-22 ))))))))))))))))))))))))))))))
.
.
2012-02-22 11:26 . 2012-02-22 11:26 -------- d-----w- c:\windows\ms
2012-02-21 07:09 . 2012-02-21 07:09 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
2012-02-20 10:44 . 2012-02-20 10:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-02-20 10:43 . 2012-02-20 10:45 -------- d-----w- c:\dokumente und einstellungen\Barturo
2012-02-20 10:41 . 2012-02-20 10:41 -------- dc-h--w- c:\windows\ie8
2012-02-16 14:54 . 2012-01-29 04:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 14:52 . 2012-01-17 03:39 6557240 ------w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{2EF7E0F3-7A63-4856-8FC8-FD49052A564B}\mpengine.dll
2012-02-16 14:47 . 2012-02-16 14:47 -------- d-----w- c:\programme\Microsoft Security Client
2012-02-16 13:04 . 2012-02-16 13:10 76768 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-02-16 12:34 . 2012-02-16 12:35 -------- d-----w- c:\windows\system32\NtmsData
2012-02-16 11:34 . 2012-02-16 11:34 -------- d-----w- c:\programme\Trend Micro
2012-02-16 11:24 . 2012-02-16 11:33 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-16 11:02 . 2012-02-16 11:02 -------- d--h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2012-02-16 11:01 . 2012-02-16 11:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG2012
2012-02-16 10:55 . 2012-02-16 11:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2012-02-16 09:40 . 2012-02-16 09:40 -------- d-----w- c:\dokumente und einstellungen\Friedrich
2012-02-16 09:06 . 2012-02-16 09:06 -------- d-----w- c:\dokumente und einstellungen\Markus\Anwendungsdaten\Malwarebytes
2012-02-16 09:06 . 2012-02-16 09:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-16 09:05 . 2012-02-16 09:06 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-02-16 09:05 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Ready ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 15:49 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP53ad.tmp
2012-01-03 15:59 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4a09.tmp
2012-01-03 15:58 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4a58.tmp
2012-01-03 14:55 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP45e2.tmp
2012-01-03 14:54 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP47c7.tmp
2012-01-03 14:53 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP470b.tmp
2012-01-02 14:02 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4b60.tmp
2012-01-02 13:58 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4d16.tmp
2012-01-02 13:57 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4e10.tmp
2012-01-02 13:54 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4c1c.tmp
2012-01-02 13:49 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP5052.tmp
2012-01-02 13:48 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4b80.tmp
2012-01-02 13:47 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4baf.tmp
2012-01-02 13:47 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4e9d.tmp
2012-01-02 09:25 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4b12.tmp
2012-01-02 09:24 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4a57.tmp
2012-01-02 09:23 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4b22.tmp
2012-01-02 09:21 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4cf7.tmp
2012-01-02 09:20 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4da3.tmp
2011-12-29 14:56 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP443d.tmp
2011-12-29 14:53 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP43ee.tmp
2011-12-29 14:52 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP44e9.tmp
2011-12-29 14:50 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP445d.tmp
2011-12-29 14:49 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP43ff.tmp
2011-12-29 14:48 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP44e8.tmp
2011-12-29 14:47 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP447c.tmp
2011-12-29 14:46 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP46ec.tmp
2011-12-29 14:45 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP440d.tmp
2011-12-29 14:41 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP443c.tmp
2011-12-29 14:40 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP445c.tmp
2011-12-29 14:33 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP44c9.tmp
2011-12-29 14:28 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP4507.tmp
2011-12-29 14:24 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP449a.tmp
2011-12-29 14:23 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP447b.tmp
2011-12-29 14:16 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP469e.tmp
2011-12-29 14:15 . 2011-08-23 14:28 90112 ----a-w- c:\windows\DUMP43fe.tmp
2011-08-12 06:20 . 2011-08-25 07:26 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Auto start points of registering ))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries and legit default entries are not shown.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"COMImpersonator"="c:\programme\Fujitsu\Mobile Software Suite\Common\UiMdmTip\UiMdmTip.exe" [2009-05-20 176128]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 1036288]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NBAgent"="c:\programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-06-08 1086760]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Office\\Office12\\OUTLOOK.EXE"=
"c:\\Notes\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.200811140851\\win32\\x86\\notes2.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [23.08.2011 15:31 210736]
R2 GtDetectSc;GtDetectSc;c:\programme\Option\Driver Installer\GtDetectSc.exe [04.05.2009 15:49 545792]
R2 HaMDevMg.1.01;Fujitsu HaMDevMg.1.01;c:\programme\Gemeinsame Dateien\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe [20.05.2009 08:57 557056]
R2 Lotus Notes Diagnostics;Lotus Notes-Diagnose;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 Registry;Sage Registrierungsdienst;c:\programme\Gemeinsame Dateien\Sage KHK Shared\REGISTRY.EXE [25.08.2011 09:35 86016]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [23.08.2011 15:31 13312]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [23.08.2011 15:30 244368]
R3 FscGabi;FscGabi;c:\windows\system32\drivers\FscGabi.sys [05.05.2009 11:09 12288]
R3 FSCSLII;FSCSLII;c:\windows\system32\drivers\FSCSLII.sys [10.03.2009 11:51 15360]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [13.05.2009 14:57 66560]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [13.01.2012 08:26 107776]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [13.05.2009 14:56 8064]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.08.2011 15:31 41216]
S2 OS Selector;Acronis OS Selector activator;c:\oss\reinstall_svc.exe --> c:\oss\reinstall_svc.exe [?]
S3 CFcatchme;CFcatchme;\??\c:\combofix\CFcatchme.sys --> c:\combofix\CFcatchme.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [01.12.2011 11:17 106104]
.
--- Other Services/Drivers in Memory---
.
*NewlyCreated* - MPFILTER
.
Contents of the 'Scheduled Tasks Folder'
.
2011-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-02-22 c:\windows\Tasks\Markus Local Autobackup.job
- c:\programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBCore.exe [2010-06-08 06:45]
.
2011-12-29 c:\windows\Tasks\Markus NBAgent.job
- c:\programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-06-08 06:45]
.
2012-02-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
.
.
- - - - Removed Orphan Registry Entries - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- DLL's Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Ongoing Processes ------------------------
.
c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\notes\nslsvice.exe
c:\notes\ntmulti.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\programme\Gemeinsame Dateien\Fujitsu\Manageability\CnMdKHkH.exe\1.01\CnMdKHkH.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-22 12:30:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-22 11:30
.
Vor Suchlauf: 15 Verzeichnis(se), 433.804.505.088 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 434.423.795.712 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 146377AB7CF27C8E9004B5361C9A46F8

 

[Broni]

Looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Barturo]

OTL Scan Completed

Broni,

I have completed the OTL Scan. Here are the results for the OTL Text File. I will have to post the OTL Extras in another post as the number of characters exceeded 50000.

OTL text file:
OTL logfile created on: 23.02.2012 08:07:16 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Dokumente und Einstellungen\Barturo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 80,63% Memory free
4,80 Gb Paging File | 4,34 Gb Available in Paging File | 90,45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 404,44 Gb Free Space | 86,84% Space Free | Partition Type: NTFS

Computer Name: COMPBarturo | User Name: Barturo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.23 08:06:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Barturo\Desktop\OTL.exe
PRC - [2011.10.09 16:02:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.06.08 07:45:38 | 001,086,760 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2010.05.14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.09.18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009.05.20 09:04:32 | 000,176,128 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\Mobile Software Suite\Common\UiMdmTip\UIMdmTip.exe
PRC - [2009.05.20 08:57:14 | 000,557,056 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Gemeinsame Dateien\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe
PRC - [2009.05.20 08:56:04 | 000,335,872 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Gemeinsame Dateien\Fujitsu\Manageability\CnMdKHkH.exe\1.01\CnMdKHkH.exe
PRC - [2009.05.04 15:49:20 | 000,545,792 | ---- | M] (OptionNV) -- C:\Programme\Option\Driver Installer\GtDetectSc.exe
PRC - [2008.12.06 07:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Notes\ntmulti.exe
PRC - [2008.12.06 07:36:56 | 000,031,624 | ---- | M] (IBM Corp) -- C:\Notes\nslsvice.exe
PRC - [2008.12.06 07:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Notes\nsd.exe
PRC - [2008.05.07 16:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.05.07 16:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.02.13 12:28:36 | 000,086,016 | ---- | M] (Sage KHK Software) -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\REGISTRY.EXE


========== Modules (No Company Name) ==========

MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.30 08:02:10 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2011.08.30 08:02:06 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2011.08.30 08:01:57 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2011.08.30 08:01:07 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2011.08.30 08:01:02 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (OS Selector)
SRV - [2011.10.09 16:02:32 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.09.19 15:53:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.09.18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009.09.18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009.05.20 08:57:14 | 000,557,056 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Fujitsu\Manageability\HaMDevMg.exe\1.01\HaMDevMg.exe -- (HaMDevMg.1.01)
SRV - [2009.05.04 15:49:20 | 000,545,792 | ---- | M] (OptionNV) [Auto | Running] -- C:\Programme\Option\Driver Installer\GtDetectSc.exe -- (GtDetectSc)
SRV - [2008.12.06 07:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008.12.06 07:36:56 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2008.12.06 07:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008.05.07 16:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.08.24 02:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.02.13 12:28:36 | 000,086,016 | ---- | M] (Sage KHK Software) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Sage KHK Shared\REGISTRY.EXE -- (Registry)


========== Driver Services (SafeList) ==========

DRV - [2012.02.13 11:48:14 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.11.09 09:17:42 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.09.18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009.08.18 11:06:58 | 000,107,776 | R--- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009.05.13 14:57:46 | 000,066,560 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009.05.13 14:56:46 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009.05.05 11:09:08 | 000,012,288 | ---- | M] (Fujitsu Technology Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FscGabi.sys -- (FscGabi)
DRV - [2009.03.10 11:51:06 | 000,015,360 | ---- | M] (Fujitsu) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FSCSLII.sys -- (FSCSLII)
DRV - [2008.11.16 20:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.10.20 19:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008.09.24 23:38:32 | 000,069,408 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2008.07.24 07:02:44 | 004,749,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.22 13:00:00 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel(R)
DRV - [2008.04.13 22:04:34 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2007.05.31 23:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2007.05.24 22:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.24 22:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.04 08:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2000.07.24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3091123333-3705974054-2978810523-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-3091123333-3705974054-2978810523-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.30 13:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins

[2011.09.07 15:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.07 15:11:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.12 07:20:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.08.12 05:19:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.08.12 05:19:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 05:19:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 05:19:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 05:19:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.02.22 12:28:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [COMImpersonator] C:\Programme\Fujitsu\Mobile Software Suite\Common\UiMdmTip\UIMdmTip.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [BrowserChoice] C:\WINDOWS\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [BrowserChoice] C:\WINDOWS\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3091123333-3705974054-2978810523-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3091123333-3705974054-2978810523-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3091123333-3705974054-2978810523-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3091123333-3705974054-2978810523-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.16.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBFD8E5B-72D0-4542-9EEC-BA5C6134178C}: DhcpNameServer = 12.127.16.68
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Fujitsu.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Fujitsu.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.20 05:45:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.02.23 08:08:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ms
[2012.02.23 08:08:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.23 08:06:14 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Barturo\Desktop\OTL.exe
[2012.02.22 12:20:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.02.22 12:16:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.02.22 12:16:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.02.22 12:16:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.02.22 12:16:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.02.22 12:16:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.02.22 12:16:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.22 12:16:26 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Barturo\Startmenü\Programme\Verwaltung
[2012.02.22 12:16:26 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Barturo\Eigene Dateien\Eigene Videos
[2012.02.22 11:39:20 | 004,417,295 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Barturo\Desktop\ComboFix.exe
[2012.02.21 09:04:09 | 000,083,968 | -H-- | C] (eSage Lab) -- C:\Dokumente und Einstellungen\Barturo\Desktop\remover.exe
[2012.02.21 08:39:36 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Barturo\Desktop\aswMBR.exe
[2012.02.21 08:09:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.02.20 13:31:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Sun
[2012.02.20 12:52:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Malwarebytes
[2012.02.20 11:45:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Macromedia
[2012.02.20 11:45:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Adobe
[2012.02.20 11:45:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Barturo\PrivacIE
[2012.02.20 11:44:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Nero
[2012.02.20 11:44:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Apple Computer
[2012.02.20 11:43:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Startmenü\Programme\Accessories
[2012.02.20 11:43:45 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Barturo\IETldCache
[2012.02.20 11:43:41 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Microsoft
[2012.02.20 11:43:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Barturo\SendTo
[2012.02.20 11:43:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Barturo\Recent
[2012.02.20 11:43:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten
[2012.02.20 11:43:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Barturo\Startmenü\Programme\Zubehör
[2012.02.20 11:43:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Barturo\Startmenü
[2012.02.20 11:43:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Barturo\Favoriten
[2012.02.20 11:43:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Barturo\Eigene Dateien\Eigene Musik
[2012.02.20 11:43:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Barturo\Eigene Dateien
[2012.02.20 11:43:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Barturo\Eigene Dateien\Eigene Bilder
[2012.02.20 11:43:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Barturo\Startmenü\Programme\Autostart
[2012.02.20 11:43:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Barturo\Cookies
[2012.02.20 11:43:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Barturo\Vorlagen
[2012.02.20 11:43:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Barturo\Netzwerkumgebung
[2012.02.20 11:43:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen
[2012.02.20 11:43:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Barturo\Druckumgebung
[2012.02.20 11:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Anwendungsdaten\Seven Zip
[2012.02.20 11:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
[2012.02.20 11:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2012.02.20 11:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\InstallShield
[2012.02.20 11:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Identities
[2012.02.20 11:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Desktop
[2012.02.20 11:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2012.02.20 11:43:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Anwendungsdaten\Adobe
[2012.02.20 11:41:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012.02.20 11:41:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.02.16 15:47:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2012.02.16 13:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.02.16 12:34:22 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2012.02.16 12:24:13 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012.02.16 12:02:24 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.02.16 12:01:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2012.02.16 11:55:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2012.02.16 10:06:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.02.16 10:06:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.02.16 10:05:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.02.16 10:05:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[36 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.23 08:08:44 | 000,000,475 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2012.02.23 08:07:57 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012.02.23 08:06:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Barturo\Desktop\OTL.exe
[2012.02.23 08:03:00 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG
[2012.02.23 08:02:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.23 08:02:51 | 3179,995,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.22 17:01:57 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012.02.22 16:00:00 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\markus Local Autobackup.job
[2012.02.22 12:28:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.02.22 11:39:31 | 004,417,295 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Barturo\Desktop\ComboFix.exe
[2012.02.21 09:04:13 | 000,401,408 | -H-- | M] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\wget.exe
[2012.02.21 09:04:13 | 000,004,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\paste.exe
[2012.02.21 09:03:43 | 000,568,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\BTKR_RunBox.exe
[2012.02.21 08:39:40 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Barturo\Desktop\aswMBR.exe
[2012.02.20 11:54:25 | 003,072,054 | ---- | M] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\VirusTotal Scan Results.bmp
[2012.02.20 11:43:49 | 000,000,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\Windows Media Player.lnk
[2012.02.20 11:33:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.16 15:50:17 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.02.16 12:33:28 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012.02.16 10:06:00 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.16 09:41:14 | 000,276,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[36 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.22 12:20:08 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.02.22 12:16:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.02.22 12:16:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.02.22 12:16:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.02.22 12:16:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.02.22 12:16:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.21 09:04:09 | 000,401,408 | -H-- | C] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\wget.exe
[2012.02.21 09:04:09 | 000,004,096 | -H-- | C] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\paste.exe
[2012.02.21 09:03:39 | 000,568,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\BTKR_RunBox.exe
[2012.02.20 11:54:24 | 003,072,054 | ---- | C] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\VirusTotal Scan Results.bmp
[2012.02.20 11:43:49 | 000,000,774 | ---- | C] () -- C:\Dokumente und Einstellungen\Barturo\Startmenü\Programme\Windows Media Player.lnk
[2012.02.20 11:43:49 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\Windows Media Player.lnk
[2012.02.20 11:43:42 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Barturo\Startmenü\Programme\Remoteunterstützung.lnk
[2012.02.20 11:43:42 | 000,000,789 | ---- | C] () -- C:\Dokumente und Einstellungen\Barturo\Startmenü\Programme\Internet Explorer.lnk
[2012.02.20 11:43:42 | 000,000,724 | ---- | C] () -- C:\Dokumente und Einstellungen\Barturo\Startmenü\Programme\Outlook Express.lnk
[2012.02.20 11:43:42 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2012.02.17 08:51:01 | 3179,995,136 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.16 15:52:47 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012.02.16 15:50:17 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.02.16 15:47:29 | 000,001,658 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk
[2012.02.16 10:06:00 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.01 14:18:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.09.22 18:08:56 | 003,902,976 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011.08.30 08:00:21 | 000,664,416 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.08.30 07:06:50 | 000,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2011.08.25 09:36:14 | 000,000,163 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.08.25 09:36:00 | 000,382,976 | ---- | C] () -- C:\WINDOWS\System32\c4dll.dll
[2011.08.25 08:41:47 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2011.08.25 08:41:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2011.08.25 08:41:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011.08.25 08:41:36 | 000,014,441 | ---- | C] () -- C:\WINDOWS\HL-5240.INI
[2011.08.25 08:41:15 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.08.25 08:41:15 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD5240.DAT
[2011.08.25 08:39:19 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2011.08.25 08:37:56 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll
[2011.08.25 08:37:56 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI
[2011.08.23 15:31:37 | 000,000,475 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011.08.23 15:30:33 | 000,000,206 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2011.08.23 15:29:26 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011.08.23 15:29:25 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011.08.23 15:29:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2011.08.22 20:07:48 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.08.22 20:07:02 | 000,158,208 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011.08.22 20:07:00 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011.08.22 20:06:30 | 001,524,224 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011.08.22 20:06:30 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011.08.22 20:06:30 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011.08.22 20:06:28 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011.08.22 20:06:28 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011.08.22 20:06:26 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011.08.22 20:06:26 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011.05.30 14:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.05.23 08:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini

========== LOP Check ==========

[2012.02.16 12:02:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2012.02.16 12:02:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.02.16 12:02:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2012.01.12 17:15:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2011.08.30 18:28:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.05.20 16:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011.08.25 10:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone
[2011.08.25 10:10:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Bytemobile
[2011.11.29 10:23:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Ogheuzn
[2011.08.30 18:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Thunderbird
[2011.08.25 10:13:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Vodafone
[2011.09.15 06:56:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Vodafone Mobile Connect
[2012.02.16 10:32:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Xiabat
[2012.01.03 16:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Markus\Anwendungsdaten\Vodafone
[2011.08.25 10:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Bytemobile
[2012.02.22 16:00:00 | 000,000,608 | ---- | M] () -- C:\WINDOWS\Tasks\markus Local Autobackup.job
[2011.12.29 16:28:46 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\Markus NBAgent.job
[2012.02.23 08:07:57 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010.01.27 15:38:14 | 000,000,937 | ---- | M] () -- C:\2000XP.bat
[2009.05.20 05:45:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011.08.23 15:52:02 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008.04.14 13:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2004.08.03 23:00:10 | 000,262,448 | RHS- | M] () -- C:\cmldr
[2012.02.22 12:30:57 | 000,013,732 | ---- | M] () -- C:\ComboFix.txt
[2009.05.20 05:45:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011.08.25 10:10:50 | 000,031,608 | ---- | M] () -- C:\debug1214.txt
[2012.02.23 08:02:51 | 3179,995,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.24 14:14:39 | 007,348,586 | ---- | M] () -- C:\Install.LOG
[2009.05.20 05:45:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.02.14 01:30:00 | 000,319,488 | ---- | M] (J.D. Edwards) -- C:\jdeexpimpU.ocx
[2010.09.30 09:21:02 | 000,434,176 | ---- | M] (J.D. Edwards) -- C:\jdewebctlsU.ocx
[2011.08.23 16:13:30 | 000,004,861 | ---- | M] () -- C:\Lang.txt
[2011.08.23 15:31:17 | 000,061,359 | ---- | M] () -- C:\LogVBS.LOG
[2009.05.20 05:45:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.04.14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.04.14 13:00:00 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2012.02.23 08:02:50 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011.08.25 08:05:58 | 000,000,000 | ---- | M] () -- C:\ROBOCOPY.EXE

< %systemroot%\Fonts\*.com >
[2006.04.18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.06.29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.06.29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.05.20 05:44:26 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.07.06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008.07.06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009.05.20 07:33:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.05.20 07:33:48 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.05.20 07:33:47 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009.05.20 05:51:10 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2012.02.20 11:43:53 | 000,000,124 | -HS- | M] () -- C:\Dokumente und Einstellungen\Barturo\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012.02.21 08:39:40 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Barturo\Desktop\aswMBR.exe
[2012.02.21 09:03:43 | 000,568,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\BTKR_RunBox.exe
[2012.02.21 09:04:13 | 000,026,624 | -H-- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Barturo\Desktop\clip.exe
[2012.02.22 11:39:31 | 004,417,295 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Barturo\Desktop\ComboFix.exe
[2012.02.23 08:06:23 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Barturo\Desktop\OTL.exe
[2012.02.21 09:04:13 | 000,004,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\paste.exe
[2010.09.21 20:40:19 | 000,083,968 | -H-- | M] (eSage Lab) -- C:\Dokumente und Einstellungen\Barturo\Desktop\remover.exe
[2012.02.21 09:04:13 | 000,401,408 | -H-- | M] () -- C:\Dokumente und Einstellungen\Barturo\Desktop\wget.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012.01.03 16:42:12 | 000,003,254 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012.02.23 08:05:58 | 000,049,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Barturo\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006.10.24 19:04:18 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008.04.14 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Messenger\custsat.dll
[2007.04.02 22:37:24 | 000,004,821 | ---- | M] () -- C:\Programme\Messenger\logowin.gif
[2007.04.02 22:37:24 | 000,007,047 | ---- | M] () -- C:\Programme\Messenger\lvback.gif
[2008.04.14 06:52:18 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Messenger\msgsc.dll
[2008.04.13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Messenger\msgslang.dll
[2008.04.14 06:52:56 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Messenger\msmsgs.exe
[2007.04.02 22:37:24 | 000,002,882 | ---- | M] () -- C:\Programme\Messenger\newalert.wav
[2007.04.02 22:37:24 | 000,006,156 | ---- | M] () -- C:\Programme\Messenger\newemail.wav
[2007.04.02 22:37:26 | 000,006,160 | ---- | M] () -- C:\Programme\Messenger\online.wav
[2007.04.02 22:37:28 | 000,004,454 | ---- | M] () -- C:\Programme\Messenger\type.wav
[2007.02.21 09:36:38 | 000,120,389 | ---- | M] () -- C:\Programme\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"UseWUServer" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

Thanks, Barturo

 

[Barturo]

OTL Extras

Broni,

Here is the OTL Extras file. The computer is running well, but I have not attempted to work on the antivirus issues yet.

OTL Extras
OTL Extras logfile created on: 23.02.2012 08:07:16 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Dokumente und Einstellungen\Barturo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,96 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 80,63% Memory free
4,80 Gb Paging File | 4,34 Gb Available in Paging File | 90,45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 404,44 Gb Free Space | 86,84% Space Free | Partition Type: NTFS

Computer Name: COMPBarturo | User Name: Barturo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "c:\Programme\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service
"C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Programme\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service
"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" = C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Office\Office12\OUTLOOK.EXE" = C:\Programme\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200811140851\win32\x86\notes2.exe" = C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200811140851\win32\x86\notes2.exe:*:Enabled:Lotus Notes -- (IBM)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{10DCCF52-2650-40BE-98CE-F3781782FA8A}" = Lotus Notes 8.5 de
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1E1760C2-6561-4546-BB77-91D072895E1B}" = Brother HL-5240
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38697498-F4AA-4A8A-81F6-C09446AD020D}" = Print Server Utilities
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Essentials
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = Driver Installer
"{8B129CA6-44E2-455F-A743-E21116220A26}" = JDEShortcuts
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{937B1F15-1E40-4FFD-B117-04811B59761A}" = JDE ActiveX Controls
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99AA7E28-EE0F-4CB2-8C5B-3DD8FF42DD29}" = OZ776 SCR Driver V1.1.4.204
"{9CBDEE77-EE60-4B9D-BCE9-3FD67A7B5D4D}" = Driver Installer
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{BA2740A7-E05E-41F2-9036-C9D9C56EF06F}" = CFiles Backup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0BD191D-8B19-47FC-9D61-A8076C3F7D32}" = MobileSoftwareSuite
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B31ACE-1DB6-448A-924E-49648609F3AF}" = Sage Classic Line 2008 Workstation
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{99AA7E28-EE0F-4CB2-8C5B-3DD8FF42DD29}" = OZ776 SCR Driver V1.1.4.204
"Kalender-Excel-8.8_is1" = Kalender-Excel-8.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Pointofix_is1" = Pointofix
"PROHYBRIDR" = 2007 Microsoft Office system
"RDC" = RDC
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.12.2011 12:18:40 | Computer Name = COMPBarturo | Source = MsiInstaller | ID = 10005
Description = Product: Configuration Manager Client -- Error 25100. Setup was unable
to create the WMI namespace CCM\DataTransferService The error code is 80041002

Error - 19.12.2011 12:24:11 | Computer Name = COMPBarturo | Source = MsiInstaller | ID = 10005
Description = Product: Configuration Manager Client -- Error 25100. Setup was unable
to create the WMI namespace CCM\DataTransferService The error code is 80041002

Error - 19.12.2011 12:29:42 | Computer Name = COMPBarturo | Source = MsiInstaller | ID = 10005
Description = Product: Configuration Manager Client -- Error 25100. Setup was unable
to create the WMI namespace CCM\DataTransferService The error code is 80041002

Error - 19.12.2011 12:35:11 | Computer Name = COMPBarturo | Source = MsiInstaller | ID = 10005
Description = Product: Configuration Manager Client -- Error 25100. Setup was unable
to create the WMI namespace CCM\DataTransferService The error code is 80041002

Error - 19.12.2011 12:40:42 | Computer Name = COMPBarturo | Source = MsiInstaller | ID = 10005
Description = Product: Configuration Manager Client -- Error 25100. Setup was unable
to create the WMI namespace CCM\DataTransferService The error code is 80041002

Error - 19.12.2011 12:46:10 | Computer Name = COMPBarturo | Source = MsiInstaller | ID = 10005
Description = Product: Configuration Manager Client -- Error 25100. Setup was unable
to create the WMI namespace CCM\DataTransferService The error code is 80041002

Error - 19.12.2011 12:51:38 | Computer Name = COMPBarturo | Source = MsiInstaller | ID = 10005
Description = Product: Configuration Manager Client -- Error 25100. Setup was unable
to create the WMI namespace CCM\DataTransferService The error code is 80041002

Error - 19.12.2011 12:57:06 | Computer Name = COMPBarturo | Source = MsiInstaller | ID = 10005
Description = Product: Configuration Manager Client -- Error 25100. Setup was unable
to create the WMI namespace CCM\DataTransferService The error code is 80041002

Error - 19.12.2011 13:00:31 | Computer Name = COMPBarturo | Source = BackItUp5 | ID = 6277
Description = Job execution failed because the selected target for job does not
exist.

Error - 19.12.2011 13:00:31 | Computer Name = COMPBarturo | Source = BackItUp5 | ID = 3374
Description = Backup process failed.

[ System Events ]
Error - 03.01.2012 09:33:31 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error - 03.01.2012 09:33:41 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error - 03.01.2012 09:33:41 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error - 03.01.2012 09:33:41 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error - 03.01.2012 09:33:41 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error - 03.01.2012 09:33:41 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error - 03.01.2012 09:33:51 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error - 03.01.2012 09:33:51 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error - 03.01.2012 09:33:51 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31

Error - 03.01.2012 09:33:51 | Computer Name = COMPBarturo | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SYMTDI" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31


< End of report >

 

[Broni]

OTL log is clean.

I need you to figure out your AV program situation.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

==================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Barturo]

Additional tests completed

Broni,

I have updated Java and run the additional tests. Here are the results:

SecurityCheck:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (x86 de..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Farber:
Farbar Service Scanner Version: 22-02-2012
Ran by Barturo 24-02-2012 at 08:16:45
Running from "C:\Dokumente und Einstellungen\Barturo\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-05-20 05:26] - [2008-04-14 13:00] - 0127488 ____N (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2009-05-20 05:26] - [2008-04-14 13:00] - 0045568 ____N (Microsoft Corporation) 8C9ED3B2834AAE63081AB2DA831C6FE9

C:\WINDOWS\system32\ipnathlp.dll
[2009-05-20 05:26] - [2008-04-14 13:00] - 0334336 ____N (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF

C:\WINDOWS\system32\netman.dll
[2009-05-20 05:26] - [2008-04-14 13:00] - 0198144 ____N (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-20 05:40] - [2008-04-14 13:00] - 0145408 ____N (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\srsvc.dll
[2009-05-20 05:42] - [2008-04-14 13:00] - 0171520 ____N (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182

C:\WINDOWS\system32\Drivers\sr.sys
[2009-05-20 05:42] - [2008-04-14 13:00] - 0073472 ____N (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F

C:\WINDOWS\system32\wscsvc.dll
[2009-05-20 05:27] - [2008-04-14 13:00] - 0080896 ____N (Microsoft Corporation) 300B3E84FAF1A5C1F791C159BA28035D

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-05-20 05:40] - [2008-04-14 13:00] - 0145408 ____N (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729

C:\WINDOWS\system32\wuauserv.dll
[2009-05-20 05:42] - [2008-04-14 13:00] - 0006656 ____N (Microsoft Corporation) 7B4FE05202AA6BF9F4DFD0E6A0D8A085

C:\WINDOWS\system32\qmgr.dll
[2009-05-20 05:42] - [2008-04-14 13:00] - 0409088 ____N (Microsoft Corporation) D6F603772A789BB3228F310D650B8BD1

C:\WINDOWS\system32\es.dll
[2009-05-20 05:26] - [2008-07-07 21:26] - 0253952 ____N (Microsoft Corporation) AF4F6B5739D18CA7972AB53E091CBC74

C:\WINDOWS\system32\cryptsvc.dll
[2009-05-20 05:26] - [2008-04-14 13:00] - 0062464 ____N (Microsoft Corporation) 611F824E5C703A5A899F84C5F1699E4D

C:\WINDOWS\system32\svchost.exe
[2009-05-20 05:27] - [2008-04-14 13:00] - 0014336 ____N (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366

C:\WINDOWS\system32\rpcss.dll
[2009-05-20 05:27] - [2009-02-09 11:51] - 0401408 ____N (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B

C:\WINDOWS\system32\services.exe
[2009-05-20 05:27] - [2009-02-09 12:21] - 0111104 ____N (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(10) Tcpip(3)
0x0A000000040000000100000002000000030000000500000006000000070000000A0000000800000009000000
IpSec Tag value is correct.

**** End of log ****

ESET:
C:\Files\Downloads\media.player.codec.pack.v4.1.1.setup.exe probably a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_11aa006c6c0ad6db_.sys.zip probably a variant of Win32/AutoRun.Spy.Banker.N worm

Thanks,
Barturo

 

[Broni]

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

==================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Barturo]

Computer Running Well

Broni,

Thanks for all of your help. The computer is running well.

Here is the result of the OTL scan:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Barturo
->Temp folder emptied: 711300 bytes
->Temporary Internet Files folder emptied: 12913111 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Friedrich
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Markus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Markus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 11910 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24908 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Barturo
->Flash cache emptied: 0 bytes

User: Default User

User: Friedrich
->Flash cache emptied: 0 bytes

User: LocalService

User: Markus
->Flash cache emptied: 0 bytes

User: Markus
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Barturo
->Java cache emptied: 0 bytes

User: Default User

User: Friedrich
->Java cache emptied: 0 bytes

User: LocalService

User: Markus
->Java cache emptied: 0 bytes

User: Markus
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.33.2 log created on 02272012_184706

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temp\~DFE547.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temp\~DFE597.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temp\~DFEB7C.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temp\~DFEB88.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temp\~DFED3B.tmp not found!
File\Folder C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temp\~DFED47.tmp not found!
C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LYV9OXFK\partner[1].htm moved successfully.
C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AN8HEEPK\partner[1].htm moved successfully.
C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AN8HEEPK\topic177663[1].html moved successfully.
C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4EMJZCZF\918[1].htm moved successfully.
C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4EMJZCZF\partner[1].htm moved successfully.
C:\Dokumente und Einstellungen\Barturo\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Many thanks,

Barturo

 

[Broni]

Way to go!!

Good luck and stay safe