TechSpot

Unable to run Microsoft Updates on Windows Vista

Inactive
By dalewoody
May 21, 2012
  1. Hi all,

    I'm not sure if I have something nasty on my daughters laptop but it had become unworkable for her. I unistalled all the programs I knew she didn't need, followed by - Disk Clean up / ccleaner / msconfig to remove some start-up programs (All microsoft services are enabled) / Defrag'd and finally ran Malwarebytes.

    My problem is when trying to run 'Windows Update', it takes a very long time to launch. When I click on updates it tells me it cannot due to 'service is not running. You may need to restart your computer'. Which of course I have done without any further success. Interestingly on the same page it says 'Find out more about free software from (null). Click here for details. I'm sure 'null' should say 'Microsoft'.

    Also on startup Windows can't find - 2 files 'Mags license web.oj913' & 'mapi less less.ghrjxid'. I can't find any reference to them on the web.

    Finally, I followed your '5 steps' and on running the final DDS it did not initailly complete and I got the blue screen of death followed by a restart. I ran it again and it worked the 2nd time. I would kindly ask if someone can help me with this challenge or is this terminal and require a reinstall. My daughter can not find any of her original installation disks.

    PSB for all logs. I thank you in advance for any help.

    dalewoody

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.20.02

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19154
    Megan :: MEGAN-PC [administrator]

    20/05/2012 13:03:10
    mbam-log-2012-05-20 (13-03-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196744
    Time elapsed: 6 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-05-20 18:45:01
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 TOSHIBA_MK2555GSX rev.FG002C
    Running: rg1gny2z.exe; Driver: C:\Users\Megan\AppData\Local\Temp\agloypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8DFC4086]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8DFC4BE4]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8DFC4DDC]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8DFC85B2]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8DFC85E4]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8DFC8746]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x9F3E6004]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x9F3E60D4]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8DFC4CFC]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9F3E5D76]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8DFC43F0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8DFC4522]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8DFC86BC]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8DFC8626]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8DFC8658]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8DFC868A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8DFC402C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8DFC4E82]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8DFC854A]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8DFC3FC6]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9F3E5E1E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9F3E5EBA]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9F3E5F56]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x8D7C6640]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 191 82AF6914 4 Bytes [86, 40, FC, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 1D9 82AF695C 4 Bytes [E4, 4B, FC, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 2D1 82AF6A54 8 Bytes [DC, 4D, FC, 8D, B2, 85, FC, ...]
    .text ntkrnlpa.exe!KeSetEvent + 2E1 82AF6A64 4 Bytes [E4, 85, FC, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 381 82AF6B04 4 Bytes [46, 87, FC, 8D]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] ntdll.dll!KiUserApcDispatcher 777C5B48 5 Bytes JMP 00444990 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] kernel32.dll!LoadLibraryExW + 173 755A93EF 4 Bytes JMP 71AC000A
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] USER32.dll!InSendMessageEx + 3B1 76DAE6B0 6 Bytes JMP 71AE001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] WS2_32.dll!getaddrinfo 76BB418A 5 Bytes JMP 71A20022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[960] WS2_32.dll!gethostbyname 76BC62D4 5 Bytes JMP 71A60022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] ntdll.dll!KiUserApcDispatcher 777C5B48 5 Bytes JMP 00414DA0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] kernel32.dll!LoadLibraryExW + 173 755A93EF 4 Bytes JMP 71AA000A
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!getaddrinfo 76BB418A 5 Bytes JMP 71A40022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1304] WS2_32.dll!gethostbyname 76BC62D4 5 Bytes JMP 71AD0022

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    ---- Processes - GMER 1.0.15 ----

    Library C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (*** hidden *** ) @ C:\Program Files\AVG Secure Search\vprot.exe [1544] 0x6F130000

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Megan\AppData\Local\Trusteer\Rapport\user\store\user\rapport_var_1.cfg.data 0 bytes

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19154
    Run by Megan at 19:41:43 on 2012-05-20
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1790.1081 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Sound Clips for Messenger\SoundClips.exe
    C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Windows\twain_32\Dell\DELL1133\Scan2Pc.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Silvercrest NM1005 driver\KMConfig.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Silvercrest NM1005 driver\KMProcess.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uSearch Bar =
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    EB: {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - No File
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [way math bike enc] "c:\programdata\Mags license web.oj9l3"
    uRun: [SpamKind] "c:\programdata\mapi less less.ghrjxid"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SoundClips] c:\program files\sound clips for messenger\SoundClips.exe
    mRun: [KMCONFIG] c:\program files\silvercrest nm1005 driver\StartAutorun.exe KMConfig.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [1133 Scan2PC] "c:\windows\twain_32\dell\dell1133\Scan2Pc.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{99EFDAB9-8E39-429E-9FC4-86AD3CC0F8F7} : DhcpNameServer = 192.168.1.254
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2012-5-19 228208]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\silvercrest nm1005 driver\KMWDSrv.exe [2008-5-30 208896]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-10-28 5120]
    R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-20 932736]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
    R3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-19 257696]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-05-20 16:22:08 -------- d-----w- c:\users\megan\appdata\roaming\OpenOffice.org
    2012-05-20 11:57:57 -------- d-----w- c:\program files\OpenOffice.org 3
    2012-05-20 08:56:13 -------- d-----w- c:\users\megan\appdata\local\AVG Secure Search
    2012-05-20 08:55:47 -------- d-----w- c:\programdata\AVG Secure Search
    2012-05-20 08:55:39 -------- d-----w- c:\program files\AVG Secure Search
    2012-05-20 01:02:39 -------- d-----w- c:\users\megan\appdata\roaming\OpenCandy
    2012-05-19 20:00:38 -------- d-----w- c:\users\megan\appdata\roaming\Malwarebytes
    2012-05-19 20:00:15 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-19 20:00:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-19 20:00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-19 19:47:00 -------- d-----w- c:\windows\pss
    2012-05-19 19:29:47 -------- d-----w- c:\users\megan\appdata\local\ElevatedDiagnostics
    2012-05-19 19:19:13 -------- d-----w- c:\program files\CCleaner
    2012-05-19 18:44:42 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-19 17:36:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-19 17:36:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ==================== Find3M ====================
    .
    2012-05-19 18:44:16 472864 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-03-11 12:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    .
    ============= FINISH: 19:43:06.60 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume1
    Install Date: 19/03/2009 17:23:08
    System Uptime: 20/05/2012 19:35:13 (0 hours ago)
    .
    Motherboard: Wistron | | 303C
    Processor: AMD Sempron(tm) SI-42 | Socket A | 1050/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 156.718 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.751 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9
    Adobe Shockwave Player
    Atheros Driver Installation Program
    AVG 2012
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CyberLink YouCam
    Dell 1133 Laser MFP
    ESU for Microsoft Vista
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Doc Viewer
    HP User Guides 0118
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    Java Auto Updater
    Java(TM) 6 Update 32
    Java(TM) 6 Update 7
    LabelPrint
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetWaiting
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.4
    PVSonyDll
    Rapport
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Silvercrest NM1005 driver
    SmarThru 4
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/05/2012 19:37:26, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    20/05/2012 19:37:26, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    20/05/2012 19:36:11, Error: EventLog [6008] - The previous system shutdown at 19:32:13 on 20/05/2012 was unexpected.
    20/05/2012 12:24:07, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    20/05/2012 12:24:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    20/05/2012 11:19:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Recovery Service for Windows service to connect.
    20/05/2012 11:19:39, Error: Service Control Manager [7000] - The Recovery Service for Windows service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    20/05/2012 10:29:45, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaSP1OnlyUpdate (Update) into Resolving(Resolving) state
    20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaPlusUpdate (Update) into Resolving(Resolving) state
    20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-Package-Package-en-us-MiniLP (Feature Pack) into Resolved Invalid(Resolved Invalid) state
    20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB982861 (Update) into Resolved Invalid(Resolved Invalid) state
    20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Internet Explorer_en-US (Language Pack) into Resolving(Resolving) state
    20/05/2012 02:07:07, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package 982861 (Update) into Resolved Invalid(Resolved Invalid) state
    20/05/2012 02:07:06, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-x86 from package VistaSP1OnlyUpdate(Update) into Resolving(Resolving) state
    20/05/2012 02:07:06, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-x86 from package VistaPlusUpdate(Update) into Resolving(Resolving) state
    20/05/2012 02:07:06, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Internet-Explorer-x86 from package Internet Explorer_en-US(Language Pack) into Resolving(Resolving) state
    19/05/2012 19:19:01, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
    19/05/2012 16:19:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    19/05/2012 16:19:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    19/05/2012 16:19:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    19/05/2012 16:19:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    19/05/2012 16:16:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
    19/05/2012 16:16:31, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    19/05/2012 16:15:32, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    19/05/2012 16:15:08, Error: EventLog [6008] - The previous system shutdown at 16:05:19 on 19/05/2012 was unexpected.
    19/05/2012 15:54:19, Error: EventLog [6008] - The previous system shutdown at 15:55:21 on 28/12/2011 was unexpected.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,170   +264

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. dalewoody

    dalewoody TS Rookie Topic Starter

    Broni,

    Many thanks for your help and sorry for the late reply, I unfortunately was away from my computer for a couple of days with work. The two logs requested are as follows. Just to make you aware that an automatic scan started when running Bootkit remover, I stopped it as soon as I noticed. Also there is now a noticeable delay between a keystroke and it being executed.

    Kind regards,

    dalewoody
     
  4. dalewoody

    dalewoody TS Rookie Topic Starter

    .\debug.cpp(238) : Debug log started at 23.05.2012 - 18:58:39
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 6002), 32-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x82a0d000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x82dc7000 0x00033000 "\SystemRoot\system32\hal.dll"
    .\debug.cpp(256) : 0x8040d000 0x00007000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x80414000 0x00011000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x80425000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0x8042d000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x8046e000 0x000e0000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x8054e000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys"
    .\debug.cpp(256) : 0x805ca000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
    .\debug.cpp(256) : 0x80602000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
    .\debug.cpp(256) : 0x80648000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
    .\debug.cpp(256) : 0x80651000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
    .\debug.cpp(256) : 0x80659000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
    .\debug.cpp(256) : 0x80680000 0x0000f000 "\SystemRoot\system32\drivers\isapnp.sys"
    .\debug.cpp(256) : 0x8068f000 0x0001c000 "\SystemRoot\system32\drivers\mpio.sys"
    .\debug.cpp(256) : 0x806ab000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x806ba000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
    .\debug.cpp(256) : 0x806bd000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
    .\debug.cpp(256) : 0x806c7000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
    .\debug.cpp(256) : 0x806d6000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x80720000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys"
    .\debug.cpp(256) : 0x80727000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x80735000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
    .\debug.cpp(256) : 0x8073c000 0x00007000 "\SystemRoot\system32\drivers\aliide.sys"
    .\debug.cpp(256) : 0x80743000 0x00007000 "\SystemRoot\system32\drivers\amdide.sys"
    .\debug.cpp(256) : 0x8074a000 0x00008000 "\SystemRoot\system32\drivers\cmdide.sys"
    .\debug.cpp(256) : 0x80752000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x80762000 0x0001a000 "\SystemRoot\system32\drivers\msdsm.sys"
    .\debug.cpp(256) : 0x8077c000 0x0001b000 "\SystemRoot\system32\drivers\nvraid.sys"
    .\debug.cpp(256) : 0x80797000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x807b8000 0x00008000 "\SystemRoot\system32\drivers\viaide.sys"
    .\debug.cpp(256) : 0x88203000 0x000a1000 "\SystemRoot\system32\drivers\iastorv.sys"
    .\debug.cpp(256) : 0x882a4000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
    .\debug.cpp(256) : 0x882ac000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
    .\debug.cpp(256) : 0x882ca000 0x0001a000 "\SystemRoot\system32\drivers\lsi_scsi.sys"
    .\debug.cpp(256) : 0x882e4000 0x00041000 "\SystemRoot\system32\drivers\storport.sys"
    .\debug.cpp(256) : 0x88325000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys"
    .\debug.cpp(256) : 0x8832f000 0x0000b000 "\SystemRoot\system32\drivers\hpcisss.sys"
    .\debug.cpp(256) : 0x8833a000 0x0006a000 "\SystemRoot\system32\drivers\adp94xx.sys"
    .\debug.cpp(256) : 0x883a4000 0x0004c000 "\SystemRoot\system32\drivers\adpahci.sys"
    .\debug.cpp(256) : 0x807c0000 0x0001b000 "\SystemRoot\system32\drivers\adpu160m.sys"
    .\debug.cpp(256) : 0x805d7000 0x00026000 "\SystemRoot\system32\drivers\SCSIPORT.SYS"
    .\debug.cpp(256) : 0x88404000 0x00026000 "\SystemRoot\system32\drivers\adpu320.sys"
    .\debug.cpp(256) : 0x8842a000 0x00014000 "\SystemRoot\system32\drivers\djsvs.sys"
    .\debug.cpp(256) : 0x8843e000 0x00016000 "\SystemRoot\system32\drivers\arc.sys"
    .\debug.cpp(256) : 0x88454000 0x00016000 "\SystemRoot\system32\drivers\arcsas.sys"
    .\debug.cpp(256) : 0x8846a000 0x00094000 "\SystemRoot\system32\drivers\elxstor.sys"
    .\debug.cpp(256) : 0x884fe000 0x0000a000 "\SystemRoot\system32\drivers\i2omp.sys"
    .\debug.cpp(256) : 0x88508000 0x00010000 "\SystemRoot\system32\drivers\iirsp.sys"
    .\debug.cpp(256) : 0x88518000 0x0000c000 "\SystemRoot\system32\drivers\iteatapi.sys"
    .\debug.cpp(256) : 0x88524000 0x0000c000 "\SystemRoot\system32\drivers\iteraid.sys"
    .\debug.cpp(256) : 0x88530000 0x0001a000 "\SystemRoot\system32\drivers\lsi_fc.sys"
    .\debug.cpp(256) : 0x8854a000 0x00018000 "\SystemRoot\system32\drivers\lsi_sas.sys"
    .\debug.cpp(256) : 0x88562000 0x0000a000 "\SystemRoot\system32\drivers\megasas.sys"
    .\debug.cpp(256) : 0x88609000 0x000b7000 "\SystemRoot\system32\drivers\megasr.sys"
    .\debug.cpp(256) : 0x886c0000 0x0000b000 "\SystemRoot\system32\drivers\mraid35x.sys"
    .\debug.cpp(256) : 0x886cb000 0x0000e000 "\SystemRoot\system32\drivers\nfrd960.sys"
    .\debug.cpp(256) : 0x886d9000 0x0000d000 "\SystemRoot\system32\drivers\nvstor.sys"
    .\debug.cpp(256) : 0x88803000 0x00138000 "\SystemRoot\system32\drivers\ql2300.sys"
    .\debug.cpp(256) : 0x8893b000 0x00055000 "\SystemRoot\system32\drivers\ql40xx.sys"
    .\debug.cpp(256) : 0x88990000 0x0000d000 "\SystemRoot\system32\drivers\sisraid2.sys"
    .\debug.cpp(256) : 0x8899d000 0x00015000 "\SystemRoot\system32\drivers\sisraid4.sys"
    .\debug.cpp(256) : 0x889b2000 0x0000c000 "\SystemRoot\system32\drivers\symc8xx.sys"
    .\debug.cpp(256) : 0x889be000 0x0000b000 "\SystemRoot\system32\drivers\sym_hi.sys"
    .\debug.cpp(256) : 0x889c9000 0x0000b000 "\SystemRoot\system32\drivers\sym_u3.sys"
    .\debug.cpp(256) : 0x886e6000 0x0003c000 "\SystemRoot\system32\drivers\uliahci.sys"
    .\debug.cpp(256) : 0x889d4000 0x00021000 "\SystemRoot\system32\drivers\ulsata.sys"
    .\debug.cpp(256) : 0x88722000 0x0002c000 "\SystemRoot\system32\drivers\ulsata2.sys"
    .\debug.cpp(256) : 0x8874e000 0x00021000 "\SystemRoot\system32\drivers\vsmraid.sys"
    .\debug.cpp(256) : 0x8876f000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x887a1000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x8856c000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x88a01000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x88b0c000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
    .\debug.cpp(256) : 0x88b37000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x88c09000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x88cf3000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x88e04000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x88f14000 0x00008000 "\SystemRoot\system32\drivers\wd.sys"
    .\debug.cpp(256) : 0x88f1c000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
    .\debug.cpp(256) : 0x88f55000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
    .\debug.cpp(256) : 0x88f5d000 0x00015000 "\SystemRoot\system32\drivers\sbp2port.sys"
    .\debug.cpp(256) : 0x88f72000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x88f81000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
    .\debug.cpp(256) : 0x88fa8000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
    .\debug.cpp(256) : 0x88fb9000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
    .\debug.cpp(256) : 0x88fc2000 0x00007000 "\SystemRoot\system32\DRIVERS\avgrkx86.sys"
    .\debug.cpp(256) : 0x88fc9000 0x00004000 "\SystemRoot\system32\DRIVERS\avgidshx.sys"
    .\debug.cpp(256) : 0x88fed000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
    .\debug.cpp(256) : 0x88d0e000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
    .\debug.cpp(256) : 0x88d17000 0x0000f000 "\SystemRoot\system32\DRIVERS\processr.sys"
    .\debug.cpp(256) : 0x88d26000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
    .\debug.cpp(256) : 0x88d2f000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
    .\debug.cpp(256) : 0x88d42000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0x88d4d000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0x88ff8000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
    .\debug.cpp(256) : 0x88d58000 0x00008000 "\SystemRoot\system32\DRIVERS\nvsmu.sys"
    .\debug.cpp(256) : 0x88d60000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
    .\debug.cpp(256) : 0x88d6a000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0x88da8000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0x88b72000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
    .\debug.cpp(256) : 0x88db7000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0x8c807000 0x000fd000 "\SystemRoot\system32\DRIVERS\nvmfdx32.sys"
    .\debug.cpp(256) : 0x8ca0f000 0x00957000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
    .\debug.cpp(256) : 0x8d366000 0x00002000 "\SystemRoot\system32\DRIVERS\nvBridge.kmd"
    .\debug.cpp(256) : 0x8c904000 0x000a0000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
    .\debug.cpp(256) : 0x8d368000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x8d409000 0x000e4000 "\SystemRoot\system32\DRIVERS\athr.sys"
    .\debug.cpp(256) : 0x8d4ed000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
    .\debug.cpp(256) : 0x8d51c000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x8d527000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
    .\debug.cpp(256) : 0x8d53e000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
    .\debug.cpp(256) : 0x8d549000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
    .\debug.cpp(256) : 0x8d56c000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
    .\debug.cpp(256) : 0x8d57b000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
    .\debug.cpp(256) : 0x8d58f000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
    .\debug.cpp(256) : 0x8d5a4000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0x8d5b4000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0x8d5b6000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0x8d5e0000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0x8d5ea000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
    .\debug.cpp(256) : 0x8d374000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0x8d3a9000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
    .\debug.cpp(256) : 0x8d3ba000 0x0003b000 "\SystemRoot\system32\drivers\CHDRT32.sys"
    .\debug.cpp(256) : 0x8c9a4000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
    .\debug.cpp(256) : 0x8c9d1000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
    .\debug.cpp(256) : 0x887b1000 0x0003e000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys"
    .\debug.cpp(256) : 0x8d80c000 0x00103000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys"
    .\debug.cpp(256) : 0x8d90f000 0x000b5000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys"
    .\debug.cpp(256) : 0x8d9c4000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
    .\debug.cpp(256) : 0x8d9d1000 0x0000e000 "\SystemRoot\system32\drivers\nvhda32v.sys"
    .\debug.cpp(256) : 0x8d9df000 0x00013000 "\SystemRoot\system32\drivers\RTSTOR.SYS"
    .\debug.cpp(256) : 0x8d9f2000 0x00002000 "\SystemRoot\system32\drivers\USBD.SYS"
    .\debug.cpp(256) : 0x88dcf000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0x885dd000 0x00021000 "\SystemRoot\System32\Drivers\usbvideo.sys"
    .\debug.cpp(256) : 0x8ca00000 0x0000e000 "\SystemRoot\system32\DRIVERS\avgmfx86.sys"
    .\debug.cpp(256) : 0x8dc02000 0x00036000 "\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys"
    .\debug.cpp(256) : 0x8dc38000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0x8dc41000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x8dc48000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x8dc58000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0x8dc5f000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x8dc6b000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x8dc8c000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
    .\debug.cpp(256) : 0x8dc94000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
    .\debug.cpp(256) : 0x8dc9c000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x8dca7000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x8dcb5000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
    .\debug.cpp(256) : 0x8dcbe000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
    .\debug.cpp(256) : 0x8dcd4000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
    .\debug.cpp(256) : 0x8dce8000 0x00048000 "\SystemRoot\system32\DRIVERS\avgtdix.sys"
    .\debug.cpp(256) : 0x8dd30000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
    .\debug.cpp(256) : 0x8dd62000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
    .\debug.cpp(256) : 0x8ddaa000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
    .\debug.cpp(256) : 0x8ddb3000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
    .\debug.cpp(256) : 0x8ddc9000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
    .\debug.cpp(256) : 0x8ddd7000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
    .\debug.cpp(256) : 0x8e200000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
    .\debug.cpp(256) : 0x8e23c000 0x00010000 "\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys"
    .\debug.cpp(256) : 0x8e24c000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
    .\debug.cpp(256) : 0x8e256000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
    .\debug.cpp(256) : 0x8e26d000 0x00038000 "\SystemRoot\system32\DRIVERS\avgldx86.sys"
    .\debug.cpp(256) : 0x8e2a5000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
    .\debug.cpp(256) : 0x8e2bb000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0x8e2c8000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
    .\debug.cpp(256) : 0x8e2d3000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
    .\debug.cpp(256) : 0x94040000 0x00204000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0x8e2db000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0x94260000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0x94280000 0x0000e000 "\SystemRoot\System32\cdd.dll"
    .\debug.cpp(256) : 0x8e2f4000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
    .\debug.cpp(256) : 0x8e30f000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
    .\debug.cpp(256) : 0x8e31f000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
    .\debug.cpp(256) : 0x8e349000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
    .\debug.cpp(256) : 0x8e353000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
    .\debug.cpp(256) : 0x9a806000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys"
    .\debug.cpp(256) : 0x9a8b6000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys"
    .\debug.cpp(256) : 0x9a923000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
    .\debug.cpp(256) : 0x9a940000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
    .\debug.cpp(256) : 0x9a959000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
    .\debug.cpp(256) : 0x9a96e000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys"
    .\debug.cpp(256) : 0x9a98f000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
    .\debug.cpp(256) : 0x9a9ae000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
    .\debug.cpp(256) : 0x9a9e7000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
    .\debug.cpp(256) : 0x8e366000 0x00028000 "\SystemRoot\System32\DRIVERS\srv2.sys"
    .\debug.cpp(256) : 0x8e38e000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv.sys"
    .\debug.cpp(256) : 0x9a800000 0x00003000 "\SystemRoot\system32\DRIVERS\avgidsshimx.sys"
    .\debug.cpp(256) : 0x8e3eb000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
    .\debug.cpp(256) : 0xa160c000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
    .\debug.cpp(256) : 0xa16ea000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
    .\debug.cpp(256) : 0xa16f4000 0x00007000 "\??\C:\Windows\system32\Drivers\SSPORT.sys"
    .\debug.cpp(256) : 0xa16fb000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys"
    .\debug.cpp(256) : 0xa1707000 0x00008000 "\SystemRoot\system32\DRIVERS\xaudio.sys"
    .\debug.cpp(256) : 0xa170f000 0x00005000 "\SystemRoot\system32\DRIVERS\avgidsfilterx.sys"
    .\debug.cpp(256) : 0xa1714000 0x00021000 "\SystemRoot\system32\DRIVERS\avgidsdriverx.sys"
    .\debug.cpp(256) : 0xa1760000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
    .\debug.cpp(256) : 0xa17c2000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
    .\debug.cpp(256) : 0xa17e1000 0x00004000 "\??\c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys"
    .\debug.cpp(256) : 0x77200000 0x00128000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{38EEC604-EF76-450C-9583-7BACD0263055}"
    .\debug.cpp(400) : Destination "\Device\NDMP6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_077B&SUBSYS_360A103C&REV_A1#3&2411e6fe&0&10#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssportc"
    .\debug.cpp(400) : Destination "\Device\SSPORT"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\RapportIaso"
    .\debug.cpp(400) : Destination "\Device\RapportIaso"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000006a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000067"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0760&SUBSYS_360A103C&REV_A2#3&2411e6fe&0&50#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
    .\debug.cpp(400) : Destination "\Device\Video1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2892721e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&26ac2c3e&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000079"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0760&SUBSYS_360A103C&REV_A2#3&2411e6fe&0&50#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0158#4&86ef4a8&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000088"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
    .\debug.cpp(400) : Destination "\Device\Video2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{368ABA44-F30B-4B9B-B006-B5A2DB131DBF}"
    .\debug.cpp(400) : Destination "\Device\NDMP13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E34CD445-D9B5-45AC-8C30-61A9E6C9AE11}"
    .\debug.cpp(400) : Destination "\Device\NDMP12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2E7DC6EB-7B63-4D83-97F0-171E65F0AE51}"
    .\debug.cpp(400) : Destination "\Device\NDMP15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000068"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
    .\debug.cpp(400) : Destination "\Device\Video3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
    .\debug.cpp(400) : Destination "\Device\Tun0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000001"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
    .\debug.cpp(400) : Destination "\Device\Video4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
    .\debug.cpp(400) : Destination "\Device\RaidPort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{601A5F35-E01E-4A22-A307-3541312908BA}"
    .\debug.cpp(400) : Destination "\Device\NDMP11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_077D&SUBSYS_360A103C&REV_A1#3&2411e6fe&0&20#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000007b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
    .\debug.cpp(400) : Destination "\Device\0000008b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
    .\debug.cpp(400) : Destination "\Device\CompositeBattery"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
    .\debug.cpp(400) : Destination "\Device\SpDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_0158#20071114173400000#{53440e77-835c-4768-bd70-e6e87ac8ae69}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9d9024db-9895-11de-b153-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAntiRootkit"
    .\debug.cpp(400) : Destination "\Device\AvgAntiRootkit"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD01C2#5&156cf085&0&UID33554704#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
    .\debug.cpp(400) : Destination "\Device\000000a1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\XAudio"
    .\debug.cpp(400) : Destination "\Device\XAudio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
    .\debug.cpp(400) : Destination "\Device\PEAuth"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{ca89b949-d7bf-48dd-bb06-f40ebc29c5f6}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9d9024e0-9895-11de-b153-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_137B103C&REV_01#4&b224e5e&0&00A0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
    .\debug.cpp(400) : Destination "\Device\Winachsf0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&12d80bb5&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\000000a3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
    .\debug.cpp(400) : Destination "\Device\Psched"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{d038b01c-a9a3-49cb-9ec6-e35f47536a63}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{9d9024da-9895-11de-b153-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&Signature82DF4BB0Offset7E00Length37B3EF8200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgTdi"
    .\debug.cpp(400) : Destination "\Device\AvgTdi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
    .\debug.cpp(400) : Destination "\Device\Tcp"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_B091#SN0001#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
    .\debug.cpp(400) : Destination "\Device\000000a1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??
     
  5. dalewoody

    dalewoody TS Rookie Topic Starter

    \STORAGE#Volume#1&19f7e59c&0&Signature82DF4BB0Offset37B3F00000Length284900000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\rapport_service_early_injection"
    .\debug.cpp(400) : Destination "\Device\rapport_service_early_injection"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Avg7Rs"
    .\debug.cpp(400) : Destination "\Device\Avg7Rs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0002&SUBSYS_10DE0101&REV_1000#4&7cc389&0&0301#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000094"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
    .\debug.cpp(400) : Destination "\Device\ConexantDiagnosticsServer"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
    .\debug.cpp(400) : Destination "\Device\USBFDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D20047BC-EB12-4479-9742-D8F6EA7FBDF2}"
    .\debug.cpp(400) : Destination "\Device\NDMP1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_001C&SUBSYS_137B103C&REV_01#4&b224e5e&0&00A0#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\00000071"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
    .\debug.cpp(400) : Destination "\Device\FsWrap"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0002#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
    .\debug.cpp(400) : Destination "\Device\00000093"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
    .\debug.cpp(400) : Destination "\Device\USBFDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000006b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000009f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3817b2fc&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000072"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000067"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&86ef4a8&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000087"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000007"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS1#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000075"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAviLdr"
    .\debug.cpp(400) : Destination "\Device\AvgAviLdr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000006c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Dbg"
    .\debug.cpp(400) : Destination "\Device\AVGIDS_Dbg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F6A55F5C-3B9C-475C-BB45-FB9D3BA86409}"
    .\debug.cpp(400) : Destination "\Device\NDMP4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
    .\debug.cpp(400) : Destination "\Device\Secdrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_0BDA&PID_0158#20071114173400000#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000078"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000074"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{54c9343c-2a17-42e8-b4fd-9f9da27b94d6}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0002#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
    .\debug.cpp(400) : Destination "\Device\00000093"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
    .\debug.cpp(400) : Destination "\Device\HSF_MDMDevice0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\rapport_cerberus"
    .\debug.cpp(400) : Destination "\Device\rapport_cerberus_v2_34302"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\000000a3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000006a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
    .\debug.cpp(400) : Destination "\Device\nativewifip"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{99EFDAB9-8E39-429E-9FC4-86AD3CC0F8F7}"
    .\debug.cpp(400) : Destination "\Device\NDMP5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\0000006c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ack"
    .\debug.cpp(400) : Destination "\Device\AVGIDS_Ack"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000066"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000068"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO Soft Data Fax Modem with SmartCP"
    .\debug.cpp(400) : Destination "\Device\00000093"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
    .\debug.cpp(400) : Destination "\Device\Nsi"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
    .\debug.cpp(400) : Destination "\Device\WANARP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy23"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy23"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{44865dfa-774d-4b2d-a8e4-43c6765a9bdb}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0845&SUBSYS_360A103C&REV_A2#4&105d929e&0&0058#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MPIOControl"
    .\debug.cpp(400) : Destination "\Device\MPIOControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0753&SUBSYS_360A103C&REV_A2#3&2411e6fe&0&0B#{8ad261ed-6aec-4b95-b844-552766d76ef9}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_17_Model_3#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
    .\debug.cpp(400) : Destination "\Device\00000076"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
    .\debug.cpp(400) : Destination "\Device\00000066"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{850EA409-FC82-49A7-9DEB-BABC66146CA7}"
    .\debug.cpp(400) : Destination "\Device\NDMP7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy30"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy30"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy24"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy24"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy31"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy31"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSShim"
    .\debug.cpp(400) : Destination "\Device\AVGIDSShim"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{8b648350-27dd-47af-82da-203c6a3e6f8c}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
    .\debug.cpp(400) : Destination "\Device\NDMP9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy25"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy25"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_B091&MI_00#6&3addb5c5&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000009a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
    .\debug.cpp(400) : Destination "\Device\WANARPV6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0845&SUBSYS_360A103C&REV_A2#4&105d929e&0&0058#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy26"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy26"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&3#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000007d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD01C2#5&156cf085&0&UID33554704#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
    .\debug.cpp(400) : Destination "\Device\000000a1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
    .\debug.cpp(400) : Destination "\Device\0000009c"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&266f08a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy27"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy27"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\0000006b"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633M________________0200____#5&1ba4db8c&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\0000006f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSErHr"
    .\debug.cpp(400) : Destination "\Device\AVGIDSErHr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy28"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy28"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
    .\debug.cpp(400) : Destination "\Device\NdisWan"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
    .\debug.cpp(400) : Destination "\Device\AscKmd"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
    .\debug.cpp(400) : Destination "\Device\MICH_AZ0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
    .\debug.cpp(400) : Destination "\Device\NDMP8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy29"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy29"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&26ac2c3e&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde1Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
    .\debug.cpp(400) : Destination "\Device\MPS"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_077C&SUBSYS_360A103C&REV_A1#3&2411e6fe&0&11#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04F2&PID_B091&MI_00#6&3addb5c5&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\0000009a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0002&SUBSYS_10DE0101&REV_1000#4&7cc389&0&0301#{dda54a40-1e4c-11d1-a050-405705c10000}"
    .\debug.cpp(400) : Destination "\Device\00000094"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_14F1&DEV_5051&SUBSYS_103C360A&REV_1000#4&7cc389&0&0001#{9c12192f-815f-4229-9fdf-87019132fc38}"
    .\debug.cpp(400) : Destination "\Device\00000092"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10DE&DEV_0002&SUBSYS_10DE0101&REV_1000#4&7cc389&0&0301#{9ff3b516-cd99-4eaf-8373-f2caf87ed26b}"
    .\debug.cpp(400) : Destination "\Device\00000094"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
    .\debug.cpp(400) : Destination "\Device\NDMP10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&86ef4a8&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000087"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CDDVDW_TS-L633M________________0200____#5&1ba4db8c&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP2T0L0-4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
    .\debug.cpp(400) : Destination "\Device\SstpDrv"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ctl"
    .\debug.cpp(400) : Destination "\Device\AVGIDS_Ctl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
    .\debug.cpp(400) : Destination "\Device\Ndisuio"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000006e"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EF5EE2B7-E1F9-44BC-9C58-2B0EAB6BA5FE}"
    .\debug.cpp(400) : Destination "\Device\NDMP3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000006d"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&3b437083&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000069"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskTOSHIBA_MK2555GSX_______________________FG002C__#5&8eb2ae7&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP3T0L0-5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Evt"
    .\debug.cpp(400) : Destination "\Device\AVGIDS_Evt"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_077E&SUBSYS_360A103C&REV_A1#3&2411e6fe&0&21#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&12d80bb5&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: b23e5cbb74b4fcefd775b490fc8131e6
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 232 GB \\.\PhysicalDrive0 Unknown boot code
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1119) : Unknown boot code has been found on some of your physical disks.
    .\boot_cleaner.cpp(1121) : To inspect the boot code manually, dump the master boot sector:
    .\boot_cleaner.cpp(1122) : remover.exe dump <device_name> [output_file]
    .\boot_cleaner.cpp(1126) : To disinfect the master boot sector, use the following command:
    .\boot_cleaner.cpp(1127) : remover.exe fix <device_name>
    .\boot_cleaner.cpp(1130) :
    .\boot_cleaner.cpp(1152) : Done;
     
  6. dalewoody

    dalewoody TS Rookie Topic Starter

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-23 20:13:38
    -----------------------------
    20:13:38.299 OS Version: Windows 6.0.6002 Service Pack 2
    20:13:38.300 Number of processors: 1 586 0x301
    20:13:38.302 ComputerName: MEGAN-PC UserName: Megan
    20:14:40.628 Initialize success
    20:20:36.745 AVAST engine defs: 12051401
    20:21:29.220 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
    20:21:29.251 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 3
    20:21:29.276 Disk 0 MBR read successfully
    20:21:29.312 Disk 0 MBR scan
    20:21:29.329 Disk 0 unknown MBR code
    20:21:29.339 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228158 MB offset 63
    20:21:29.422 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10313 MB offset 467269632
    20:21:29.447 Disk 0 scanning sectors +488390656
    20:21:29.569 Disk 0 scanning C:\Windows\system32\drivers
    20:21:50.957 Service scanning
    20:22:45.781 Modules scanning
    20:23:02.644 Disk 0 trace - called modules:
    20:23:02.905 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ndis.sys nvmfdx32.sys dxgkrnl.sys nvlddmkm.sys athr.sys tcpip.sys NETIO.SYS pacer.sys
    20:23:02.918 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8629fac8]
    20:23:02.936 3 CLASSPNP.SYS[8079c8b3] -> nt!IofCallDriver -> [0x85a25918]
    20:23:03.984 AVAST engine scan C:\Windows
    20:23:09.763 AVAST engine scan C:\Windows\system32
    20:30:34.405 AVAST engine scan C:\Windows\system32\drivers
    20:31:26.946 AVAST engine scan C:\Users\Megan
    20:32:07.563 Disk 0 MBR has been saved successfully to "C:\Users\Megan\Desktop\MBR.dat"
    20:32:07.580 The log file has been saved successfully to "C:\Users\Megan\Desktop\aswMBR.txt"
     
  7. Broni

    Broni Malware Annihilator Posts: 47,170   +264

    Those look good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. dalewoody

    dalewoody TS Rookie Topic Starter

    Hi Broni,

    ComboFix log as requested,

    Kind regards,

    dalewoody


    ComboFix 12-05-23.06 - Megan 24/05/2012 10:47:49.1.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1790.988 [GMT 1:00]
    Running from: c:\users\Megan\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-24 10:02 . 2012-05-24 10:03 -------- d-----w- c:\users\Megan\AppData\Local\temp
    2012-05-24 10:02 . 2012-05-24 10:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-21 08:59 . 2012-05-21 08:59 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2012-05-21 08:59 . 2012-05-21 08:59 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2012-05-21 08:59 . 2012-05-21 08:59 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2012-05-21 08:59 . 2012-05-21 08:59 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2012-05-21 08:59 . 2012-05-21 08:59 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2012-05-21 08:59 . 2012-05-21 08:59 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2012-05-21 08:58 . 2012-05-21 08:58 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2012-05-21 08:58 . 2012-05-21 08:58 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2012-05-21 08:58 . 2012-05-21 08:58 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2012-05-21 08:58 . 2012-05-21 08:58 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2012-05-21 08:58 . 2012-05-21 08:58 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2012-05-21 08:58 . 2012-05-21 08:58 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2012-05-21 08:58 . 2012-05-21 08:58 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2012-05-21 08:58 . 2012-05-21 08:58 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2012-05-21 08:58 . 2012-05-21 08:58 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2012-05-21 08:58 . 2012-05-21 08:58 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2012-05-21 08:58 . 2012-05-21 08:58 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2012-05-20 16:22 . 2012-05-20 16:22 -------- d-----w- c:\users\Megan\AppData\Roaming\OpenOffice.org
    2012-05-20 11:57 . 2012-05-20 11:58 -------- d-----w- c:\program files\OpenOffice.org 3
    2012-05-20 08:56 . 2012-05-20 08:56 -------- d-----w- c:\users\Megan\AppData\Local\AVG Secure Search
    2012-05-20 08:55 . 2012-05-20 08:56 -------- d-----w- c:\programdata\AVG Secure Search
    2012-05-20 08:55 . 2012-05-20 08:56 -------- d-----w- c:\program files\AVG Secure Search
    2012-05-20 01:02 . 2012-05-20 01:02 -------- d-----w- c:\users\Megan\AppData\Roaming\OpenCandy
    2012-05-19 20:00 . 2012-05-19 20:00 -------- d-----w- c:\users\Megan\AppData\Roaming\Malwarebytes
    2012-05-19 20:00 . 2012-05-19 20:00 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-19 20:00 . 2012-05-19 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-19 20:00 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-19 19:29 . 2012-05-19 19:29 -------- d-----w- c:\users\Megan\AppData\Local\ElevatedDiagnostics
    2012-05-19 19:19 . 2012-05-19 19:19 -------- d-----w- c:\program files\CCleaner
    2012-05-19 18:44 . 2012-05-19 18:44 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-19 17:36 . 2012-05-19 17:36 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-19 17:36 . 2012-05-19 17:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-20 19:19 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2012-05-20 19:19 . 2009-08-18 10:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-05-19 18:44 . 2010-08-11 16:31 472864 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-03-19 04:17 . 2012-03-19 04:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-05-20 08:55 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-20 2067328]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "way math bike enc"="c:\programdata\Mags license web.oj9l3" [X]
    "SpamKind"="c:\programdata\mapi less less.ghrjxid" [X]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-20 1116544]
    "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "SoundClips"="c:\program files\Sound Clips for Messenger\SoundClips.exe" [2006-07-16 165376]
    "KMCONFIG"="c:\program files\Silvercrest NM1005 driver\StartAutorun.exe" [2008-05-30 212992]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "1133 Scan2PC"="c:\windows\twain_32\Dell\DELL1133\Scan2Pc.exe" [2009-12-24 1978880]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 257696]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 17:36]
    .
    2012-05-24 c:\windows\Tasks\User_Feed_Synchronization-{D9275A99-0065-423C-92E3-A94E66807D44}.job
    - c:\windows\system32\msfeedssync.exe [2011-10-20 21:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
    IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
    LSP: c:\windows\system32\wpclsp.dll
    TCP: DhcpNameServer = 192.168.1.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-24 11:03
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-05-24 11:11:53
    ComboFix-quarantined-files.txt 2012-05-24 10:11
    .
    Pre-Run: 170,559,954,944 bytes free
    Post-Run: 170,052,182,016 bytes free
    .
    - - End Of File - - BAC5B344EDA5A68B172A0E89F865A4A2
     
  9. Broni

    Broni Malware Annihilator Posts: 47,170   +264

    I don't see anything malicious there.
    Reinstall AVG and create new topic in Windows forum.
     
  10. dalewoody

    dalewoody TS Rookie Topic Starter

    Broni,

    Will do. Many thanks for your help...

    dalewoody
     
  11. Broni

    Broni Malware Annihilator Posts: 47,170   +264

    You're very welcome [​IMG]
     
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.