TechSpot

System Check removed, still having problems with desktop and Firefox

Inactive
By ladymanson
Feb 25, 2012
  1. Hey guys, I have been at this for days and I am at a loss. I have removed this kind of virus before and had success every time. I used to removed the HDD Scan and System Fix with no problem in other people's computers. I now have a new laptop that I literally bought two weeks ago, and I got sucker punched with this stupid System Check thing.

    I used the normal process ( i.e, Malwarebytes and TDSSKiller and such) and I believe it was taken out. Ran Avast and it found a bunch of corrupted files in the Audio drivers. I wasn't surprised of this because since I bought the thing right out of the box it had stuttering audio problems.

    More to the point. I followed a thread here because this other person was having similar issues. The one helping the other user was Broni.

    Please shed some light, I am at a loss right now.

    This is how my Desktop looks at the moment

    Edit: over-sized image of desktop deleted by Bobbye

    This is what is happening with Firefox

    Edit over-sized image of Firefox/Proxy Server deleted by Bobbye

    I hope you guys can help me

    Note please: Please don't leave such large images. Either give a description instead or zip the image and attach it.
     
  2. ladymanson

    ladymanson TS Rookie Topic Starter

    As I followed the instructions this is what I found

    From FSS

    Farbar Service Scanner Version: 22-02-2012
    Ran by Lady Manson (administrator) on 25-02-2012 at 14:07:34
    Running from "C:\Users\Lady Manson\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    From aswMBR

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-25 14:12:34
    -----------------------------
    14:12:34.170 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:12:34.170 Number of processors: 4 586 0x100
    14:12:34.170 ComputerName: DEVIANT UserName:
    14:12:35.715 Initialize success
    14:12:36.042 AVAST engine defs: 12022501
    14:12:46.167 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:12:46.182 Disk 0 Vendor: TOSHIBA_MK5059GSXP GN003J Size: 476940MB BusType: 11
    14:12:46.292 Disk 0 MBR read successfully
    14:12:46.292 Disk 0 MBR scan
    14:12:46.292 Disk 0 Windows 7 default MBR code
    14:12:46.307 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
    14:12:46.323 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
    14:12:46.338 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460454 MB offset 33761280
    14:12:46.354 Disk 0 scanning C:\Windows\system32\drivers
    14:12:52.469 Service scanning
    14:13:19.395 Modules scanning
    14:13:19.411 Disk 0 trace - called modules:
    14:13:19.426 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    14:13:19.442 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800471b060]
    14:13:19.457 3 CLASSPNP.SYS[fffff8800195643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040c8060]
    14:13:20.487 AVAST engine scan C:\Windows
    14:13:23.763 AVAST engine scan C:\Windows\system32
    14:15:57.610 AVAST engine scan C:\Windows\system32\drivers
    14:16:15.176 AVAST engine scan C:\Users\Lady Manson
    14:16:15.972 File: C:\Users\Lady Manson\AppData\Local\AppCore\ACFinder\ACFinder.exe **INFECTED** Win32:Adware-gen [Adw]
    14:38:25.501 AVAST engine scan C:\ProgramData
    14:39:24.687 Scan finished successfully
    14:44:16.966 Disk 0 MBR has been saved successfully to "C:\Users\Lady Manson\Desktop\MBR.dat"
    14:44:16.982 The log file has been saved successfully to "C:\Users\Lady Manson\Desktop\aswMBR.txt"


    I see there was an infection there at ACFinder.exe, I did not run the fix, I was not sure.
     
  3. ladymanson

    ladymanson TS Rookie Topic Starter

    This one came from Bootkit Remover

    .\debug.cpp(238) : Debug log started at 25.02.2012 - 20:45:36
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601), 64-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x03253000 0x005e9000 "\SystemRoot\system32\ntoskrnl.exe"
    .\debug.cpp(256) : 0x0320a000 0x00049000 "\SystemRoot\system32\hal.dll"
    .\debug.cpp(256) : 0x00ba5000 0x0000a000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x00cad000 0x0000d000 "\SystemRoot\system32\mcupdate_AuthenticAMD.dll"
    .\debug.cpp(256) : 0x00cba000 0x00014000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x00cce000 0x0005e000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x00d2c000 0x000c0000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x00c00000 0x000a4000 "\SystemRoot\system32\drivers\Wdf01000.sys"
    .\debug.cpp(256) : 0x00dec000 0x0000f000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
    .\debug.cpp(256) : 0x00ee7000 0x00057000 "\SystemRoot\system32\drivers\ACPI.sys"
    .\debug.cpp(256) : 0x00f3e000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
    .\debug.cpp(256) : 0x00f47000 0x0000a000 "\SystemRoot\system32\drivers\msisadrv.sys"
    .\debug.cpp(256) : 0x00f51000 0x00033000 "\SystemRoot\system32\drivers\pci.sys"
    .\debug.cpp(256) : 0x00f84000 0x0000d000 "\SystemRoot\system32\drivers\vdrvroot.sys"
    .\debug.cpp(256) : 0x00f91000 0x00015000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x00fa6000 0x00009000 "\SystemRoot\system32\drivers\compbatt.sys"
    .\debug.cpp(256) : 0x00faf000 0x0000c000 "\SystemRoot\system32\drivers\BATTC.SYS"
    .\debug.cpp(256) : 0x00fbb000 0x00015000 "\SystemRoot\system32\drivers\volmgr.sys"
    .\debug.cpp(256) : 0x00e00000 0x0005c000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x00e5c000 0x0001a000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x00e76000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
    .\debug.cpp(256) : 0x00e7f000 0x0002a000 "\SystemRoot\system32\drivers\ataport.SYS"
    .\debug.cpp(256) : 0x00ea9000 0x0000b000 "\SystemRoot\system32\drivers\msahci.sys"
    .\debug.cpp(256) : 0x00eb4000 0x00010000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x00ec4000 0x0000b000 "\SystemRoot\system32\drivers\amdxata.sys"
    .\debug.cpp(256) : 0x0105a000 0x0004c000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x010a6000 0x00014000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x01207000 0x001a3000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x010ba000 0x0005e000 "\SystemRoot\System32\Drivers\msrpc.sys"
    .\debug.cpp(256) : 0x013aa000 0x0001b000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x01118000 0x00072000 "\SystemRoot\System32\Drivers\cng.sys"
    .\debug.cpp(256) : 0x013c5000 0x00011000 "\SystemRoot\System32\drivers\pcw.sys"
    .\debug.cpp(256) : 0x013d6000 0x0000a000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
    .\debug.cpp(256) : 0x0149c000 0x000f3000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x0158f000 0x00060000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x01400000 0x00042000 "\SystemRoot\System32\Drivers\aswNdis2.sys"
    .\debug.cpp(256) : 0x01442000 0x0002b000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
    .\debug.cpp(256) : 0x01607000 0x00204000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x0180b000 0x0004a000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x01855000 0x00007000 "\SystemRoot\system32\DRIVERS\aswNdis.sys"
    .\debug.cpp(256) : 0x0185c000 0x0004c000 "\SystemRoot\system32\drivers\volsnap.sys"
    .\debug.cpp(256) : 0x018a8000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
    .\debug.cpp(256) : 0x018b0000 0x0003a000 "\SystemRoot\System32\drivers\rdyboost.sys"
    .\debug.cpp(256) : 0x018ea000 0x00012000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x018fc000 0x00009000 "\SystemRoot\System32\drivers\hwpolicy.sys"
    .\debug.cpp(256) : 0x01905000 0x0003a000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
    .\debug.cpp(256) : 0x0193f000 0x00016000 "\SystemRoot\system32\drivers\disk.sys"
    .\debug.cpp(256) : 0x01955000 0x00030000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x019bd000 0x0002a000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0x02c84000 0x00096000 "\SystemRoot\System32\Drivers\aswSnx.SYS"
    .\debug.cpp(256) : 0x02d1a000 0x0000b000 "\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys"
    .\debug.cpp(256) : 0x02d25000 0x00009000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x02d2e000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x02d35000 0x0000e000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x02d43000 0x00025000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x02d68000 0x00010000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x02d78000 0x00009000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0x02d81000 0x00009000 "\SystemRoot\system32\drivers\rdpencdd.sys"
    .\debug.cpp(256) : 0x02d8a000 0x00009000 "\SystemRoot\system32\drivers\rdprefmp.sys"
    .\debug.cpp(256) : 0x02d93000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x02d9e000 0x00011000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x02daf000 0x00022000 "\SystemRoot\system32\DRIVERS\tdx.sys"
    .\debug.cpp(256) : 0x02dd1000 0x0000d000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x02c00000 0x00025000 "\SystemRoot\System32\Drivers\aswFW.SYS"
    .\debug.cpp(256) : 0x02c25000 0x00012000 "\SystemRoot\System32\Drivers\aswTdi.SYS"
    .\debug.cpp(256) : 0x02c37000 0x00045000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0x040b8000 0x00089000 "\SystemRoot\system32\drivers\afd.sys"
    .\debug.cpp(256) : 0x04141000 0x0000d000 "\SystemRoot\System32\Drivers\aswRdr.SYS"
    .\debug.cpp(256) : 0x0414e000 0x00009000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
    .\debug.cpp(256) : 0x04157000 0x00026000 "\SystemRoot\system32\DRIVERS\pacer.sys"
    .\debug.cpp(256) : 0x0417d000 0x00016000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
    .\debug.cpp(256) : 0x04193000 0x0000f000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0x041a2000 0x0001b000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0x041bd000 0x00014000 "\SystemRoot\system32\drivers\termdd.sys"
    .\debug.cpp(256) : 0x04000000 0x00051000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0x04051000 0x0000c000 "\SystemRoot\system32\drivers\nsiproxy.sys"
    .\debug.cpp(256) : 0x0405d000 0x00013000 "\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys"
    .\debug.cpp(256) : 0x04070000 0x00008000 "\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys"
    .\debug.cpp(256) : 0x04078000 0x0000b000 "\SystemRoot\system32\drivers\mssmbios.sys"
    .\debug.cpp(256) : 0x04083000 0x0000f000 "\SystemRoot\System32\drivers\discache.sys"
    .\debug.cpp(256) : 0x04092000 0x0001e000 "\SystemRoot\System32\Drivers\dfsc.sys"
    .\debug.cpp(256) : 0x041d1000 0x00011000 "\SystemRoot\system32\drivers\blbdrive.sys"
    .\debug.cpp(256) : 0x0118a000 0x00051000 "\SystemRoot\System32\Drivers\aswSP.SYS"
    .\debug.cpp(256) : 0x0146d000 0x00026000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
    .\debug.cpp(256) : 0x041e2000 0x00015000 "\SystemRoot\system32\DRIVERS\amdppm.sys"
    .\debug.cpp(256) : 0x01000000 0x0004f000 "\SystemRoot\system32\DRIVERS\atikmpag.sys"
    .\debug.cpp(256) : 0x04832000 0x00928000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
    .\debug.cpp(256) : 0x0426b000 0x000f4000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
    .\debug.cpp(256) : 0x0435f000 0x00046000 "\SystemRoot\System32\drivers\dxgmms1.sys"
    .\debug.cpp(256) : 0x043a5000 0x00024000 "\SystemRoot\system32\drivers\HDAudBus.sys"
    .\debug.cpp(256) : 0x043c9000 0x00015000 "\SystemRoot\system32\DRIVERS\L1C62x64.sys"
    .\debug.cpp(256) : 0x05664000 0x002a6000 "\SystemRoot\system32\DRIVERS\athrx.sys"
    .\debug.cpp(256) : 0x0590a000 0x0000d000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
    .\debug.cpp(256) : 0x05917000 0x00008000 "\??\C:\Windows\system32\drivers\UBHelper.sys"
    .\debug.cpp(256) : 0x0591f000 0x00008000 "\??\C:\Windows\system32\drivers\NTIDrvr.sys"
    .\debug.cpp(256) : 0x05927000 0x0000d000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
    .\debug.cpp(256) : 0x05934000 0x0000b000 "\SystemRoot\system32\drivers\usbohci.sys"
    .\debug.cpp(256) : 0x0593f000 0x00056000 "\SystemRoot\system32\drivers\USBPORT.SYS"
    .\debug.cpp(256) : 0x05995000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbfilter.sys"
    .\debug.cpp(256) : 0x059a4000 0x00011000 "\SystemRoot\system32\drivers\usbehci.sys"
    .\debug.cpp(256) : 0x059b5000 0x0001e000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0x059d3000 0x0000f000 "\SystemRoot\system32\drivers\kbdclass.sys"
    .\debug.cpp(256) : 0x05600000 0x00025000 "\SystemRoot\system32\DRIVERS\ETD.sys"
    .\debug.cpp(256) : 0x05625000 0x0000f000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0x05634000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
    .\debug.cpp(256) : 0x0563d000 0x00005000 "\SystemRoot\system32\drivers\CmBatt.sys"
    .\debug.cpp(256) : 0x05642000 0x00010000 "\SystemRoot\system32\drivers\CompositeBus.sys"
    .\debug.cpp(256) : 0x05652000 0x00003000 "\SystemRoot\system32\DRIVERS\wacomvhid.sys"
    .\debug.cpp(256) : 0x059e2000 0x00019000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0x05655000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0x043de000 0x00016000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
    .\debug.cpp(256) : 0x04200000 0x00024000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0x04224000 0x0000c000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0x04230000 0x0002f000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0x0515a000 0x0001b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0x05175000 0x00021000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0x05196000 0x0001a000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
    .\debug.cpp(256) : 0x0565e000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
    .\debug.cpp(256) : 0x051b0000 0x00043000 "\SystemRoot\system32\drivers\ks.sys"
    .\debug.cpp(256) : 0x04800000 0x00012000 "\SystemRoot\system32\DRIVERS\umbus.sys"
    .\debug.cpp(256) : 0x052f1000 0x0005a000 "\SystemRoot\system32\drivers\usbhub.sys"
    .\debug.cpp(256) : 0x0534b000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0x05358000 0x00008000 "\SystemRoot\system32\DRIVERS\wacommousefilter.sys"
    .\debug.cpp(256) : 0x05360000 0x00015000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0x05375000 0x00021000 "\SystemRoot\system32\drivers\AtihdW76.sys"
    .\debug.cpp(256) : 0x05396000 0x0003d000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0x053d3000 0x00022000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0x053f5000 0x00006000 "\SystemRoot\system32\drivers\ksthunk.sys"
    .\debug.cpp(256) : 0x064aa000 0x002e9000 "\SystemRoot\system32\drivers\RTKVHD64.sys"
    .\debug.cpp(256) : 0x06793000 0x0001d000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0x067b0000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0x067b2000 0x0002e000 "\SystemRoot\System32\Drivers\usbvideo.sys"
    .\debug.cpp(256) : 0x067e0000 0x0000e000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0x067ee000 0x0000c000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
    .\debug.cpp(256) : 0x06400000 0x0000b000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
    .\debug.cpp(256) : 0x0640b000 0x00013000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
    .\debug.cpp(256) : 0x00010000 0x00315000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0x0641e000 0x0000c000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0x00500000 0x0000a000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0x006b0000 0x00027000 "\SystemRoot\System32\cdd.dll"
    .\debug.cpp(256) : 0x00890000 0x00061000 "\SystemRoot\System32\ATMFD.DLL"
    .\debug.cpp(256) : 0x06438000 0x00023000 "\SystemRoot\system32\drivers\luafv.sys"
    .\debug.cpp(256) : 0x0645b000 0x0003c000 "\??\C:\Windows\system32\drivers\aswMonFlt.sys"
    .\debug.cpp(256) : 0x06497000 0x00009000 "\SystemRoot\System32\Drivers\aswFsBlk.SYS"
    .\debug.cpp(256) : 0x05200000 0x00021000 "\SystemRoot\system32\drivers\WudfPf.sys"
    .\debug.cpp(256) : 0x05221000 0x00015000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
    .\debug.cpp(256) : 0x05236000 0x00053000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
    .\debug.cpp(256) : 0x05289000 0x00013000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0x0529c000 0x00018000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
    .\debug.cpp(256) : 0x05478000 0x000c9000 "\SystemRoot\system32\drivers\HTTP.sys"
    .\debug.cpp(256) : 0x05541000 0x00031000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
    .\debug.cpp(256) : 0x05572000 0x0001e000 "\SystemRoot\system32\DRIVERS\bowser.sys"
    .\debug.cpp(256) : 0x05590000 0x00018000 "\SystemRoot\System32\drivers\mpsdrv.sys"
    .\debug.cpp(256) : 0x055a8000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0x05400000 0x0004e000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
    .\debug.cpp(256) : 0x0544e000 0x00024000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
    .\debug.cpp(256) : 0x0629e000 0x00069000 "\SystemRoot\System32\DRIVERS\srv2.sys"
    .\debug.cpp(256) : 0x06307000 0x00098000 "\SystemRoot\System32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0x078cc000 0x000a6000 "\SystemRoot\system32\drivers\peauth.sys"
    .\debug.cpp(256) : 0x07972000 0x0000b000 "\SystemRoot\System32\Drivers\secdrv.SYS"
    .\debug.cpp(256) : 0x0797d000 0x00012000 "\SystemRoot\System32\drivers\tcpipreg.sys"
    .\debug.cpp(256) : 0x0798f000 0x0000a000 "\??\C:\Windows\system32\drivers\mbam.sys"
    .\debug.cpp(256) : 0x07871000 0x0000e000 "\SystemRoot\system32\DRIVERS\monitor.sys"
    .\debug.cpp(256) : 0x07800000 0x00036000 "\SystemRoot\System32\Drivers\fastfat.SYS"
    .\debug.cpp(256) : 0x0787f000 0x0001b000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
    .\debug.cpp(256) : 0x0789a000 0x00031000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
    .\debug.cpp(256) : 0x07999000 0x0000f000 "\??\C:\Users\LADYMA~1\AppData\Local\Temp\aswMBR.sys"
    .\debug.cpp(256) : 0x776a0000 0x001a9000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(256) : 0x47fc0000 0x00020000 "\Windows\System32\smss.exe"
    .\debug.cpp(256) : 0xff9c0000 0x00050000 "\Windows\System32\apisetschema.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP_Open"
    .\debug.cpp(400) : Destination "\Device\aswSP_Open"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector"
    .\debug.cpp(400) : Destination "\Device\MBAMProtector"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col03#1&2d595ca7&0&0002#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000074"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ8B0AW________________1.00____#5&24c6cac0&0&1.0.0#{78fce97a-ca8a-4897-aa16-3f5a248665bf}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{7adf7792-0bd3-11e1-b562-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
    .\debug.cpp(400) : Destination "\Device\Harddisk1\DR2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&3321de71&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
    .\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{60BB8835-2F39-41E6-B233-C47D90C9B0BB}"
    .\debug.cpp(400) : Destination "\Device\NDMP10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7adf779b-0bd3-11e1-b562-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_1.20#20043516721AF4B315A7&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
    .\debug.cpp(400) : Destination "\Device\0000008c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000047"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&f878e85&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002E&SUBSYS_660311AD&REV_01#4&d237528&0&0028#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{50E3E67E-3FEC-44A9-8608-092D84EEEF6D}"
    .\debug.cpp(400) : Destination "\Device\NDMP7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
    .\debug.cpp(400) : Destination "\Device\Psched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&20df04b7&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000068"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_18_Model_1_-_AMD_A6-3400M_APU_with_Radeon(tm)_HD_Graphics#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000055"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2864A0AD-6E79-4F04-87C5-EF6731B3C6CE}"
    .\debug.cpp(400) : Destination "\Device\NDMP9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskTOSHIBA_MK5059GSXP______________________GN003J__#5&120d1a1b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\mwlPSDNServ"
    .\debug.cpp(400) : Destination "\Device\mwlPSDNServ"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9647&SUBSYS_059D1025&REV_00#3&2411e6fe&2&08#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1083&SUBSYS_059D1025&REV_C0#4&3f78a9a&0&0020#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\00000080"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_D20C#HF2015-A821-OV01-VA-R01.01.01#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#4&13941f10&0&0001#{dba43692-ad00-48aa-b1a7-ffa99a04ee17}"
    .\debug.cpp(400) : Destination "\Device\00000076"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E43D242B-9EAB-4626-A952-46649FBB939A}"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000005c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-444e1ec4-5fea-11e1-9131-dc0ea1171480"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-444e1ec4-5fea-11e1-9131-dc0ea1171480"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AUO139E#4&3acea8d4&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\00000082"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{e849804e-c719-43d8-ac88-96b894c191e2}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
    .\debug.cpp(400) : Destination "\Device\AgileVPN"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSnx"
    .\debug.cpp(400) : Destination "\Device\aswSnx"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer&Rev_1.20#20043516721AF4B315A7&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\0000008a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-444e1ec2-5fea-11e1-9131-dc0ea1171480"
    .\debug.cpp(400) : Destination "\Device\UMDFCtrlDev-444e1ec2-5fea-11e1-9131-dc0ea1171480"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
    .\debug.cpp(400) : Destination "\Device\PEAuth"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
    .\debug.cpp(400) : Destination "\Device\IPSECDOSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&20df04b7&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000068"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&123d2653&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EC681EF5-D7BC-4A99-B75C-8A35B0F4B5E0}"
    .\debug.cpp(400) : Destination "\Device\NDMP11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2ccc135&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
    .\debug.cpp(400) : Destination "\Device\Video5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1025059D&REV_1001#4&1757c05a&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#4&13941f10&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000076"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
    .\debug.cpp(400) : Destination "\Device\vwififlt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NDMP15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
    .\debug.cpp(400) : Destination "\Device\SPDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{444e1c59-5fea-11e1-9131-dc0ea1171480}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{7adf7792-0bd3-11e1-b562-806e6f6e6963}#0000000400100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination "\Device\00000082"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1025059D&REV_1001#4&1757c05a&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000005d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1025059D&REV_1001#4&1757c05a&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_1.20#20043516721AF4B315A7&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
    .\debug.cpp(400) : Destination "\Device\0000008c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002E&SUBSYS_660311AD&REV_01#4&d237528&0&0028#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer&Rev_1.20#20043516721AF4B315A7&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWRDR"
    .\debug.cpp(400) : Destination "\Device\ASWRDR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2f1a557c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1022&DEV_7808&SUBSYS_059D1025&REV_11#3&2411e6fe&2&9A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UBHelper0"
    .\debug.cpp(400) : Destination "\DosDevices\UBHel"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7adf7796-0bd3-11e1-b562-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000046"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1022&DEV_7807&SUBSYS_059D1025&REV_11#3&2411e6fe&2&98#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7adf7797-0bd3-11e1-b562-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ8B0AW________________1.00____#5&24c6cac0&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}"
    .\debug.cpp(400) : Destination "\Device\NDMP17"
    .\debug.cpp(409) : --
     
  4. ladymanson

    ladymanson TS Rookie Topic Starter

    Bootkit log continued -


    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1022&DEV_7809&SUBSYS_059D1025&REV_11#3&2411e6fe&2&A5#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{7adf7798-0bd3-11e1-b562-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000043"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswSP_Avar"
    .\debug.cpp(400) : Destination "\Device\aswSP_Avar"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{7adf7792-0bd3-11e1-b562-806e6f6e6963}#0000000406500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000008b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col02#1&2d595ca7&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000073"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{07E1D4C2-E5CE-486C-9CC0-B1DD4605CFC0}"
    .\debug.cpp(400) : Destination "\Device\NDMP2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000041"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_D20C&MI_00#6&1ae0faa3&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_18_Model_1_-_AMD_A6-3400M_APU_with_Radeon(tm)_HD_Graphics#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000056"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1022&DEV_7808&SUBSYS_059D1025&REV_11#3&2411e6fe&2&B2#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswFw"
    .\debug.cpp(400) : Destination "\Device\aswFw"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&2ccc135&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
    .\debug.cpp(400) : Destination "\Device\nativewifip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_18_Model_1_-_AMD_A6-3400M_APU_with_Radeon(tm)_HD_Graphics#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000054"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NTIDrvr0"
    .\debug.cpp(400) : Destination "\Device\NTIDrvr0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMonFltProxy"
    .\debug.cpp(400) : Destination "\Device\aswMonFltProxy"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMBR"
    .\debug.cpp(400) : Destination "\Device\aswMBR"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col04#1&2d595ca7&0&0003#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000075"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0781&PID_5530#20043516721AF4B315A7#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1022&DEV_7807&SUBSYS_059D1025&REV_11#3&2411e6fe&2&B0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-09199396-e3b4-4cbf-a731-6ab10f4f7d84"
    .\debug.cpp(400) : Destination "\Device\HostProcess-09199396-e3b4-4cbf-a731-6ab10f4f7d84"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ETD"
    .\debug.cpp(400) : Destination "\Device\ETD"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&afbd11&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
    .\debug.cpp(400) : Destination "\Device\00000050"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk1Partition1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWTDI"
    .\debug.cpp(400) : Destination "\Device\ASWTDI"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
    .\debug.cpp(400) : Destination "\Device\WwanProt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NDMP14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000043"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1083&SUBSYS_059D1025&REV_C0#4&3f78a9a&0&0020#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0023"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\mwlPSDVDiskTemp"
    .\debug.cpp(400) : Destination "\Device\mwlPSDVDiskTemp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
    .\debug.cpp(400) : Destination "\Device\WANARPV6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000051"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
    .\debug.cpp(400) : Destination "\Device\Nsi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col01#1&2d595ca7&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000004d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000081"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000004f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F9DC5F8E-B3B0-4B8B-B387-406E314304D6}"
    .\debug.cpp(400) : Destination "\Device\NDMP3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{959011C7-8D35-4A81-85BC-609CC3ACDE98}"
    .\debug.cpp(400) : Destination "\Device\NDMP4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1025059D&REV_1001#4&1757c05a&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\mwlPSDVDisk"
    .\debug.cpp(400) : Destination "\Device\mwlPSDVDisk"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1025059D&REV_1001#4&1757c05a&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#WACOMVIRTUALHID&Col03#1&2d595ca7&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000074"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
    .\debug.cpp(400) : Destination "\Device\TeredoTun"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
    .\debug.cpp(400) : Destination "\Device\SstpDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}"
    .\debug.cpp(400) : Destination "\Device\NDMP18"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{29898C9D-B0A4-4FEF-BDB6-57A562022CEE}"
    .\debug.cpp(400) : Destination "\Device\NDMP12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NTIDrvr1"
    .\debug.cpp(400) : Destination "\Device\NTIDrvr1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-6bf80453-5faf-4cd2-9396-c0ffae7aff25"
    .\debug.cpp(400) : Destination "\Device\HostProcess-6bf80453-5faf-4cd2-9396-c0ffae7aff25"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}"
    .\debug.cpp(400) : Destination "\Device\NDMP19"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000044"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
    .\debug.cpp(400) : Destination "\Device\MPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
    .\debug.cpp(400) : Destination "\Device\ProcessManagement"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D3DF0E9A-7406-4E21-9626-8DB52C220873}"
    .\debug.cpp(400) : Destination "\Device\NDMP20"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#4&13941f10&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000076"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_AMD64_Family_18_Model_1_-_AMD_A6-3400M_APU_with_Radeon(tm)_HD_Graphics#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000053"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASWSP"
    .\debug.cpp(400) : Destination "\Device\aswSP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000003e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswWalkStack"
    .\debug.cpp(400) : Destination "\Device\aswWalkStack"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ETD0500#4&20df04b7&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_D20C&MI_00#6&1ae0faa3&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000007d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1025059D&REV_1001#4&1757c05a&0&0001#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1025059D&REV_1001#4&1757c05a&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomMATSHITA_DVD-RAM_UJ8B0AW________________1.00____#5&24c6cac0&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002E&SUBSYS_660311AD&REV_01#4&d237528&0&0028#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0024"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswRoot"
    .\debug.cpp(400) : Destination "\Device\aswRoot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
    .\debug.cpp(400) : Destination "\Device\NDMP16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USNTracker"
    .\debug.cpp(400) : Destination "\Device\USNTracker"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SW_ASWNDISMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000004b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2D4A7525-CE1E-4420-96BC-A2658198CC93}"
    .\debug.cpp(400) : Destination "\Device\NDMP5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Oceanus.00"
    .\debug.cpp(400) : Destination "\Device\Oceanus.00"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-d37fee50-42a0-444c-b4e7-1a0bea52ce1a"
    .\debug.cpp(400) : Destination "\Device\HostProcess-d37fee50-42a0-444c-b4e7-1a0bea52ce1a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#AUO139E#4&3acea8d4&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\00000082"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A2F0708C-6332-432C-92F7-5CA6346B4D2C}"
    .\debug.cpp(400) : Destination "\Device\NDMP6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9647&SUBSYS_059D1025&REV_00#3&2411e6fe&2&08#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
    .\debug.cpp(400) : Destination "\Device\USBFDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-7ef2032f-1f83-4550-9dfd-a5c29d431157"
    .\debug.cpp(400) : Destination "\Device\HostProcess-7ef2032f-1f83-4550-9dfd-a5c29d431157"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000045"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`06500000
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;
     
  5. ladymanson

    ladymanson TS Rookie Topic Starter

    ListParts by Farbar
    Ran by Lady Manson (administrator) on 25-02-2012 at 14:59:11
    Windows 7 (X64)
    Running From: C:\Users\Lady Manson\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 60%
    Total physical RAM: 3562.9 MB
    Available physical RAM: 1419.53 MB
    Total Pagefile: 7124 MB
    Available Pagefile: 4958.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:282.75 GB) NTFS
    3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.67 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 3819 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 16 GB 1024 KB
    Partition 2 Primary 100 MB 16 GB
    Partition 3 Primary 449 GB 16 GB

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 PQSERVICE NTFS Partition 16 GB Healthy Hidden

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Acer NTFS Partition 449 GB Healthy Boot

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3818 MB 16 KB

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E FAT32 Removable 3818 MB Healthy



    ****** End Of Log ******

    Sorry about the multiple posts but I guess this could help you guys help me
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please stop running random programs. Help is given to one person specifically for the problem at that time. That does not mean the same directions apply to you.

    Try the following for your problems:
    1).To disable the proxy:
    Internet Explorer
    1. Under "Tools" in the browser tool bar select "Internet Options".
    2. In the "Internet Options" window that pops up, click the "Connections" tab at the top.
    3. Click "LAN Settings" near the bottom of the "Connections" section.
    4. If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
    5. Click "OK" to close the "Local Area Network (LAN) Settings" window.
    6. Click "OK" to close the "Internet Options" window.
    7. You have completed removing the proxy settings for Internet Explorer.
    Firefox
    1. Under "Tools" in the browser tool bar select "Options".
    2. In the "Options" window that pops up, click the "Advanced" tab at the top.
    3. Click the "Network" subtab, and then click the "Settings" button in the "Connections" area.
    4. If "No proxy" isn't selected, click it to mark "No proxy" as your preference
    =================================
    2).Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    • Click on Start> Control Panel> Appearance & Personalization
    • Select Change Theme or Change Desktop Background
    =====================================
    3.Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • Choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    =====================================
    Let me know if these do not resolve what you are experiencing.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
     
  7. ladymanson

    ladymanson TS Rookie Topic Starter

    Thanks, the no proxy took care of the firefox problem and I reset the taskbar and theme as specified.

    I'm sorry for the excess of info, I have always thought the worst thing that can happen is me having to wipe the hard disk and it doesn't scare me.

    Anyways, now my only concern is the Infected ACFinder.exe. If you could help me with some instructions I would be really thankful
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =============================================
    There is nothing so far to show me what's on the system. I just gave you a 'cosmetic' fix, not a malware removal. That's why we have you run these preliminary scans.
     
  9. ladymanson

    ladymanson TS Rookie Topic Starter

    This is MBAN's log

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.28.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Lady Manson :: DEVIANT [administrator]

    Protection: Disabled

    2/28/2012 1:21:27 PM
    mbam-log-2012-02-28 (13-21-27).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 183551
    Time elapsed: 3 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Gmer found nothing. Following is the DDS log

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
    Run by Lady Manson at 14:02:25 on 2012-02-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2034 [GMT -6:00]
    .
    AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Dolby PCEE4\pcee4.exe
    C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\EgisTec IPS\PMMUpdate.exe
    C:\Program Files\EgisTec IPS\EgisUpdate.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
    mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: C:\Users\LADYMA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{EC681EF5-D7BC-4A99-B75C-8A35B0F4B5E0} : DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{EC681EF5-D7BC-4A99-B75C-8A35B0F4B5E0}\24563747755637475627E6 : DhcpNameServer = 24.220.0.10 24.220.0.11
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
    mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Lady Manson\AppData\Roaming\Mozilla\Firefox\Profiles\zo4egkzr.default\
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&rls=org.mozilla:en-US:eek:fficial&client=firefox-a&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50545
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-24 44768]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-2-24 127192]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-12 353360]
    R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-11-10 872552]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-12 244624]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-19 6583160]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-19 528760]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
    S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-02-28 19:19:26 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-28 19:19:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-24 20:11:51 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2012-02-24 20:11:26 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2012-02-24 20:11:23 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-02-24 20:11:22 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-02-24 20:11:04 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys
    2012-02-24 20:11:01 41184 ----a-w- C:\Windows\avastSS.scr
    2012-02-24 20:10:48 -------- d-----w- C:\ProgramData\AVAST Software
    2012-02-24 20:10:48 -------- d-----w- C:\Program Files\AVAST Software
    2012-02-24 20:04:13 -------- d-----w- C:\Program Files (x86)\AVAST Software
    2012-02-24 00:26:01 -------- d-----w- C:\ProgramData\PC Tools
    2012-02-23 20:12:01 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-02-23 19:20:31 -------- d-----w- C:\myapp
    2012-02-23 19:17:16 256000 ----a-w- C:\Windows\PEV.exe
    2012-02-23 19:17:16 208896 ----a-w- C:\Windows\MBR.exe
    2012-02-23 19:17:15 98816 ----a-w- C:\Windows\sed.exe
    2012-02-23 19:17:15 518144 ----a-w- C:\Windows\SWREG.exe
    2012-02-23 18:30:47 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\Malwarebytes
    2012-02-23 18:30:43 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-02-23 18:27:43 -------- d-----w- C:\Program Files (x86)\4AF12
    2012-02-23 17:59:38 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\4AF12
    2012-02-23 17:59:04 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\6214A
    2012-02-23 17:58:36 -------- d-----w- C:\Users\Lady Manson\AppData\Local\AppCore
    2012-02-21 05:28:32 -------- d-----w- C:\Program Files\CCleaner
    2012-02-20 02:30:20 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    2012-02-20 02:29:21 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\Wacom
    2012-02-20 02:29:13 -------- d-----w- C:\ProgramData\Wacom
    2012-02-20 02:28:35 -------- d-----w- C:\Program Files (x86)\Bamboo Dock
    2012-02-19 07:35:37 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\StepMania 5
    2012-02-19 07:28:19 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\OpenOffice.org
    2012-02-19 07:18:55 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
    2012-02-19 07:17:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-02-19 07:17:32 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2012-02-19 06:57:00 -------- d-----w- C:\Program Files (x86)\StepMania
    2012-02-19 06:54:30 -------- d-----w- C:\Users\Lady Manson\AppData\Local\Diagnostics
    2012-02-19 06:28:57 -------- d-----w- C:\Windows\SysWow64\spool
    2012-02-19 06:26:07 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\TP
    2012-02-17 20:20:30 -------- d-----w- C:\Program Files (x86)\Free M4a to MP3 Converter
    2012-02-15 23:31:02 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-02-15 23:31:02 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-02-15 23:30:59 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-02-15 23:30:58 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-02-15 23:30:56 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-15 23:30:53 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-02-15 23:30:40 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-02-15 23:30:40 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-02-13 04:39:58 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9W.DLL
    2012-02-13 04:39:58 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9W.DLL
    2012-02-11 09:09:34 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-02-11 09:09:34 -------- d-----w- C:\Windows\System32\Wat
    2012-02-10 04:28:59 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2012-02-10 04:27:21 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-02-10 04:26:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2012-02-10 04:25:28 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-02-10 04:25:28 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-02-10 04:25:24 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-02-10 04:25:23 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-02-10 04:25:23 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-02-10 04:25:20 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-02-10 04:25:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-02-09 06:53:17 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\Web Technology
    2012-02-09 06:49:59 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
    2012-02-09 06:49:59 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2012-02-09 06:49:59 -------- d-----w- C:\Users\Lady Manson\AppData\Local\Web Technology
    2012-02-08 12:55:20 -------- d-----w- C:\Users\Lady Manson\AppData\Local\Apple Computer
    2012-02-08 12:55:14 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-02-08 12:55:14 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-02-08 12:55:14 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-02-08 12:53:49 -------- d-----w- C:\Program Files\iPod
    2012-02-08 12:53:47 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-02-08 12:53:47 -------- d-----w- C:\Program Files\iTunes
    2012-02-08 12:53:47 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-02-08 12:51:27 -------- d-----w- C:\Users\Lady Manson\AppData\Local\Apple
    2012-02-08 12:49:53 -------- d-----w- C:\Program Files\Bonjour
    2012-02-08 12:49:53 -------- d-----w- C:\Program Files (x86)\Bonjour
    2012-02-08 07:45:57 -------- d-----w- C:\Program Files (x86)\uTorrent
    2012-02-08 07:45:11 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\uTorrent
    2012-02-08 07:30:17 -------- d-----w- C:\ProgramData\HP Photo Creations
    2012-02-08 07:30:17 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
    2012-02-08 07:30:08 -------- d-----w- C:\Program Files (x86)\Coupons
    2012-02-08 07:29:51 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\HpUpdate
    2012-02-08 07:29:09 -------- d-----w- C:\Program Files (x86)\HP
    2012-02-08 07:28:29 -------- d-----w- C:\Program Files\HP
    2012-02-08 07:26:42 -------- d-----w- C:\Users\Lady Manson\AppData\Local\HP
    2012-02-08 05:50:27 -------- d-----w- C:\Users\Lady Manson\AppData\Local\EgisTec IPS
    2012-02-08 05:44:38 -------- d-----w- C:\Users\Lady Manson\AppData\Roaming\Screensaver
    2012-02-08 05:44:12 -------- d-----w- C:\ProgramData\clear.fi
    2012-02-08 05:44:09 -------- d-----w- C:\Users\Lady Manson\AppData\Local\PowerCinema
    2012-02-08 05:44:05 -------- d-----w- C:\Users\Lady Manson\AppData\Local\VirtualStore
    2012-02-08 05:44:01 -------- d-----w- C:\Users\Lady Manson\AppData\Local\Acer
    2012-02-08 05:42:41 -------- d-----w- C:\Program Files (x86)\AMD
    2012-02-08 05:42:09 -------- d-----w- C:\Program Files (x86)\OEM
    2012-02-08 05:41:45 -------- d-----w- C:\ProgramData\OEM_E471269A730D
    2012-02-08 05:41:28 -------- d-----w- C:\Program Files (x86)\Times Reader
    .
    ==================== Find3M ====================
    .
    2012-02-23 18:03:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
    2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 14:03:15.66 ===============
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Your attention is brought to this thread right at the top of this forum:Do NOT follow instructions given to others> http://www.techspot.com/vb/topic156572.html

    All reputable computer help forums will have this stated. Each forum also has instructions to follow, how to find the information they need and what preliminary scans they want you to do. Your attention is brought to this thread: http://www.techspot.com/vb/topic58138.html.

    Running the wrong scans can cause harm to your system. Additional information is requested if needed. None of the scan you ran were indicated for the problems you mentioned.
    ==================================
    The only indication of malware is this entry:
    C:\Users\Lady Manson\AppData\Local\AppCore\ACFinder\ACFinder.exe **INFECTED** Win32:Adware-gen [Adw]
    The interesting thing is that almost all site come up a unsafe using the WOT Site Advisor. This is common in malware. Choosing one of these sites will usually give you more malware and likely ask for money to remove it.
    ===================================
    Please run the following- note the line in Eset [*] Uncheck 'Remove found threats'. There is a reason or that. I can remove them and also other unneeded files.
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please leave the logs for the Eset scan and Combofix in your next reply.
     
  11. ladymanson

    ladymanson TS Rookie Topic Starter

    ESET scan did not give any log. . I need to run Combofix as soonas I get back from work.
     
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Do you plan to continue?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.