Solved Browser redirects and gernic host process terminates

Status
Not open for further replies.
ok did as you instructed, copy and pasted the above script into combofix, every thing went fine until reboot. it is running in normal mode up for about 20 mins now, but combofix seems to be hung. cursor is hung and no keyboard. should i just wait or should i do a hard reset from the front switch?
 
hi crunch,
so i have let it run for about an hour now. I am sure it is just hung and not working.
I guess i have to do a hard reset now, is that right?
 
ok, will do
seems that the last combofix stopped the reboots and now i can run in normal mode. but i did not get a log file from combo fix. i will try to do the above steps. i will let you know soon..
 
tdsskiller log

2010/10/28 21:16:00.0937 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 21:16:00.0937 ================================================================================
2010/10/28 21:16:00.0937 SystemInfo:
2010/10/28 21:16:00.0937
2010/10/28 21:16:00.0937 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/28 21:16:00.0937 Product type: Workstation
2010/10/28 21:16:00.0937 ComputerName: OFFICE
2010/10/28 21:16:00.0937 UserName: Brian & Kim
2010/10/28 21:16:00.0937 Windows directory: C:\WINDOWS
2010/10/28 21:16:00.0937 System windows directory: C:\WINDOWS
2010/10/28 21:16:00.0937 Processor architecture: Intel x86
2010/10/28 21:16:00.0937 Number of processors: 1
2010/10/28 21:16:00.0937 Page size: 0x1000
2010/10/28 21:16:00.0937 Boot type: Normal boot
2010/10/28 21:16:00.0937 ================================================================================
2010/10/28 21:16:01.0187 Initialize success
2010/10/28 21:16:17.0515 ================================================================================
2010/10/28 21:16:17.0515 Scan started
2010/10/28 21:16:17.0515 Mode: Manual;
2010/10/28 21:16:17.0515 ================================================================================
2010/10/28 21:16:18.0046 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/28 21:16:18.0187 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/28 21:16:18.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/28 21:16:18.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/28 21:16:19.0187 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2010/10/28 21:16:19.0453 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/28 21:16:19.0921 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/28 21:16:20.0078 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/28 21:16:20.0406 ati2mtag (07ac9a98ea70b5a6655a5797174bd282) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/28 21:16:20.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/28 21:16:20.0703 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/28 21:16:20.0875 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/28 21:16:21.0031 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/28 21:16:21.0171 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/28 21:16:21.0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/28 21:16:21.0484 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2010/10/28 21:16:21.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/28 21:16:21.0937 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/28 21:16:22.0078 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/28 21:16:22.0234 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/28 21:16:22.0656 COMMONFX (8ed4497e4cc0c030eac8e2ffa1dd9679) C:\WINDOWS\system32\drivers\COMMONFX.SYS
2010/10/28 21:16:22.0890 COMMONFX.SYS (8ed4497e4cc0c030eac8e2ffa1dd9679) C:\WINDOWS\System32\drivers\COMMONFX.SYS
2010/10/28 21:16:23.0156 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
2010/10/28 21:16:23.0328 ctac32k (c1e3b24ca4871bd2a8c3b95110e78721) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/10/28 21:16:23.0500 ctaud2k (13e797253ea98c2574c878de78ca691e) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/10/28 21:16:23.0671 CTAUDFX (ab3456984b59d1425befc0d457d41dd4) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
2010/10/28 21:16:23.0906 CTAUDFX.SYS (ab3456984b59d1425befc0d457d41dd4) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
2010/10/28 21:16:24.0093 ctdvda2k (d5e38c394787c1fbfc70e0c50345c25c) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/10/28 21:16:24.0281 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
2010/10/28 21:16:24.0421 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
2010/10/28 21:16:24.0562 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
2010/10/28 21:16:24.0718 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
2010/10/28 21:16:24.0875 CTERFXFX (b4297863e9fce34c0493fca66f0970a2) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
2010/10/28 21:16:25.0093 CTERFXFX.SYS (b4297863e9fce34c0493fca66f0970a2) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
2010/10/28 21:16:25.0281 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
2010/10/28 21:16:25.0484 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
2010/10/28 21:16:25.0640 ctprxy2k (d19ab3a7df104250429000f26e0d4049) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/10/28 21:16:25.0796 CTSBLFX (d665da6b6aea45b9db090096f2aef023) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
2010/10/28 21:16:26.0031 CTSBLFX.SYS (d665da6b6aea45b9db090096f2aef023) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
2010/10/28 21:16:26.0187 ctsfm2k (27c23069325acdc27021671424f11bc1) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/10/28 21:16:26.0562 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/28 21:16:26.0750 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/28 21:16:26.0953 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/28 21:16:27.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/28 21:16:27.0265 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/28 21:16:27.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/28 21:16:27.0687 emupia (d03a26d94f3a24cc6c32d70bd63baeaa) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/10/28 21:16:27.0859 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/28 21:16:28.0031 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/28 21:16:28.0187 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/28 21:16:28.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/28 21:16:28.0531 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/28 21:16:28.0656 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/10/28 21:16:28.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/28 21:16:28.0984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/28 21:16:29.0156 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/10/28 21:16:29.0312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/28 21:16:29.0484 ha10kx2k (f5f17b523e467fa3dda7d9a40d296961) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2010/10/28 21:16:29.0656 hap16v2k (42c81f4691681ded6e1fc639aabed570) C:\WINDOWS\system32\drivers\hap16v2k.sys
2010/10/28 21:16:29.0843 hap17v2k (29ee8f6fcd5e9b206c0d91923e882f6a) C:\WINDOWS\system32\drivers\hap17v2k.sys
2010/10/28 21:16:30.0015 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/28 21:16:30.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/28 21:16:30.0562 hwmobilehsn (9a47eb8f3eac3643f5d7fe407874b301) C:\WINDOWS\system32\DRIVERS\hwmob01.sys
2010/10/28 21:16:30.0968 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/28 21:16:31.0140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/28 21:16:31.0531 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/28 21:16:31.0671 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/28 21:16:31.0812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/28 21:16:31.0953 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/28 21:16:32.0109 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
2010/10/28 21:16:32.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/28 21:16:32.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/28 21:16:32.0593 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/28 21:16:32.0890 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/28 21:16:33.0062 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/28 21:16:33.0234 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/28 21:16:33.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/28 21:16:33.0656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/28 21:16:33.0796 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/10/28 21:16:33.0937 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/28 21:16:34.0093 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/28 21:16:34.0234 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/28 21:16:34.0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/28 21:16:34.0718 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/28 21:16:34.0921 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/28 21:16:35.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/28 21:16:35.0218 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/28 21:16:35.0359 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/28 21:16:35.0515 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/28 21:16:35.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/28 21:16:35.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/28 21:16:36.0015 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/28 21:16:36.0171 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/28 21:16:36.0312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/28 21:16:36.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/28 21:16:36.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/28 21:16:36.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/28 21:16:36.0937 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/28 21:16:37.0093 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/28 21:16:37.0265 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/28 21:16:37.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/28 21:16:37.0593 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2010/10/28 21:16:37.0765 NVENET (1cf77b30dee5c75dea1eee697281802c) C:\WINDOWS\system32\DRIVERS\NVENET.sys
2010/10/28 21:16:37.0921 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2010/10/28 21:16:38.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/28 21:16:38.0218 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/28 21:16:38.0406 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/28 21:16:38.0562 ossrv (4b8aabb697ae81a61395a19ce4447d49) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/10/28 21:16:38.0734 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/28 21:16:38.0875 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/28 21:16:39.0062 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/28 21:16:39.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/28 21:16:39.0609 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/28 21:16:39.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/28 21:16:40.0515 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/28 21:16:40.0656 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/28 21:16:40.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/28 21:16:40.0937 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/28 21:16:41.0593 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/28 21:16:41.0734 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/28 21:16:41.0859 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/28 21:16:42.0000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/28 21:16:42.0171 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/28 21:16:42.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/28 21:16:42.0468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/28 21:16:42.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/28 21:16:42.0781 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/28 21:16:42.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/28 21:16:43.0140 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/28 21:16:43.0312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/28 21:16:43.0453 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/28 21:16:43.0828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/28 21:16:43.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/28 21:16:44.0156 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/28 21:16:44.0312 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/28 21:16:44.0437 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/28 21:16:44.0578 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/28 21:16:45.0125 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/28 21:16:45.0312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/28 21:16:45.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/28 21:16:45.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/28 21:16:45.0734 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/28 21:16:46.0015 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/28 21:16:46.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/28 21:16:46.0453 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/28 21:16:46.0609 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/28 21:16:46.0750 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/28 21:16:46.0890 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/28 21:16:47.0046 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/28 21:16:47.0187 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/28 21:16:47.0343 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/28 21:16:47.0484 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/28 21:16:47.0625 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/28 21:16:47.0890 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/28 21:16:48.0031 vulfnths (c9a8ba443f809b70bccccd60cc73fa5c) C:\WINDOWS\System32\Drivers\vulfnth.sys
2010/10/28 21:16:48.0187 vulfntrs (2d8c55889616f7767e9fb8adee37a02a) C:\WINDOWS\System32\Drivers\vulfntr.sys
2010/10/28 21:16:48.0375 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/28 21:16:48.0515 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2010/10/28 21:16:48.0671 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/28 21:16:48.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/28 21:16:49.0171 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/28 21:16:49.0328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/28 21:16:49.0468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/28 21:16:49.0656 ================================================================================
2010/10/28 21:16:49.0656 Scan finished
2010/10/28 21:16:49.0656 ================================================================================
 
Please download FileFind from Atribune:
http://www.atribune.org/downloads/FileFind.zip

Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Enter the directory to search"
  • Enter Drive eg.. C:\
  • In the box labeled "Enter the file to search"
  • Enter the file ucwfs
  • Now click on the "Find" button
  • Once the utility has found the files click on "Export"
  • This will save a text file to your C:\ drive as "Export.txt"
  • Double click on Export.txt, copy and paste this information in your next post.
 
ran file find as requested, no files were found. therefore the log is empty.. I am hoping this is a good thing
 
Still getting re-directed?

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
SPTI_Read(): DeviceIoControl() ERROR 1
ERROR: DISK_READ() fails for \\.\PhysicalDrive0
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
also noticed this log on my desktop as well


.\debug.cpp(238) : Debug log started at 29.10.2010 - 06:19:11
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00216a80 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x806ee000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf75a8000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7597000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf75f7000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7607000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf7617000 0x0000e000 "\WINDOWS\System32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf7a4f000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf7627000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf74d8000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf798b000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf74b2000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf7637000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf749a000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf7486000 0x00014000 "nvatabus.sys"
.\debug.cpp(256) : 0xf7647000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf7657000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf7466000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf7454000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf743d000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf7b52000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf7410000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf7717000 0x00006000 "nv_agp.sys"
.\debug.cpp(256) : 0xf787d000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba748000 0x00010000 "\SystemRoot\System32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xba738000 0x0000a000 "\SystemRoot\System32\DRIVERS\amdk7.sys"
.\debug.cpp(256) : 0xb8be4000 0x00005000 "\SystemRoot\System32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xb8528000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xb8bdc000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb8511000 0x00017000 "\SystemRoot\system32\DRIVERS\NVENET.sys"
.\debug.cpp(256) : 0xb8bd4000 0x00006000 "\SystemRoot\System32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb8491000 0x00080000 "\SystemRoot\system32\drivers\ctaud2k.sys"
.\debug.cpp(256) : 0xb846d000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf7687000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xb844a000 0x00023000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0xb8416000 0x00034000 "\SystemRoot\system32\drivers\ctoss2k.sys"
.\debug.cpp(256) : 0xb8bcc000 0x00008000 "\SystemRoot\system32\drivers\ctprxy2k.sys"
.\debug.cpp(256) : 0xf7937000 0x00003000 "\SystemRoot\system32\DRIVERS\gameenum.sys"
.\debug.cpp(256) : 0xf7697000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf76a7000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf76b7000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb8298000 0x0017e000 "\SystemRoot\System32\DRIVERS\ati2mtag.sys"
.\debug.cpp(256) : 0xb8284000 0x00014000 "\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb8bc4000 0x00007000 "\SystemRoot\System32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xf76c7000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xf7943000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xb8270000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf76d7000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xb8b5c000 0x00006000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf7a8d000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf76e7000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf7947000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8259000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf76f7000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf7587000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xb8b54000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb8248000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf7577000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xb8b4c000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xb8b44000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb8218000 0x00030000 "\SystemRoot\System32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf7567000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xb8b3c000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf79c3000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb81ba000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb8c24000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xb89bf000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xb89af000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf79cd000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xb9ce0000 0x00003000 "\SystemRoot\System32\Drivers\vulfntr.sys"
.\debug.cpp(256) : 0xb6664000 0x0010a000 "\SystemRoot\system32\drivers\ha10kx2k.sys"
.\debug.cpp(256) : 0xb6635000 0x0002f000 "\SystemRoot\system32\drivers\emupia2k.sys"
.\debug.cpp(256) : 0xb660c000 0x00029000 "\SystemRoot\system32\drivers\ctsfm2k.sys"
.\debug.cpp(256) : 0xb6570000 0x0009c000 "\SystemRoot\system32\drivers\ctac32k.sys"
.\debug.cpp(256) : 0xb6555000 0x0001b000 "\SystemRoot\System32\drivers\COMMONFX.SYS"
.\debug.cpp(256) : 0xb64ca000 0x0008b000 "\SystemRoot\System32\drivers\CTAUDFX.SYS"
.\debug.cpp(256) : 0xb643c000 0x0008e000 "\SystemRoot\System32\drivers\CTSBLFX.SYS"
.\debug.cpp(256) : 0xf7807000 0x00005000 "\SystemRoot\System32\DRIVERS\flpydisk.sys"
.\debug.cpp(256) : 0xf799f000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xacc69000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf79a1000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf7747000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf79a3000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf79a5000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xb90bb000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xb90b3000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf7923000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xaa7a9000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xaa750000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xaa728000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xaa706000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xada5a000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xb90ab000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xaa68b000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xaa5f3000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xada3a000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xaa5cd000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xada2a000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xacf30000 0x0000f000 "\SystemRoot\System32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xb90a3000 0x00007000 "\SystemRoot\System32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xad32c000 0x00003000 "\SystemRoot\system32\DRIVERS\wdcsam.sys"
.\debug.cpp(256) : 0xa61ac000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xa8b77000 0x00002000 "\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xa9449000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xa65c3000 0x00003000 "\SystemRoot\System32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xa9429000 0x00009000 "\SystemRoot\System32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xa9325000 0x00007000 "\SystemRoot\System32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xa933d000 0x00008000 "\SystemRoot\System32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xa65bf000 0x00003000 "\SystemRoot\System32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xa931d000 0x00007000 "\SystemRoot\system32\DRIVERS\usbprint.sys"
.\debug.cpp(256) : 0xa65bb000 0x00004000 "\SystemRoot\system32\DRIVERS\BrScnUsb.sys"
.\debug.cpp(256) : 0xa3e50000 0x00014000 "\SystemRoot\System32\Drivers\dump_nvatabus.sys"
.\debug.cpp(256) : 0xf79df000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xa65a7000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xa932d000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xb76b3000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00042000 "\SystemRoot\System32\ati2dvag.dll"
.\debug.cpp(256) : 0xbf054000 0x0003f000 "\SystemRoot\System32\ati2cqag.dll"
.\debug.cpp(256) : 0xbf093000 0x00036000 "\SystemRoot\System32\atikvmag.dll"
.\debug.cpp(256) : 0xbf0c9000 0x00284000 "\SystemRoot\System32\ati3duag.dll"
.\debug.cpp(256) : 0xbf34d000 0x000d3000 "\SystemRoot\System32\ativvaxx.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xa1e3b000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xaa67b000 0x00004000 "\SystemRoot\System32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa1dae000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xa9128000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa1c07000 0x00011000 "\SystemRoot\System32\Drivers\Udfs.SYS"
.\debug.cpp(256) : 0xa1bda000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xab478000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xa1b71000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xf781f000 0x00008000 "\??\C:\WINDOWS\system32\drivers\iPodDrv.sys"
.\debug.cpp(256) : 0xa1a51000 0x00058000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa13f2000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bcf3c81f-2e00-11df-b1c1-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskQUANTUM_FIREBALLP_AS20.5________________A1Y.1500#3931313235303330393132312020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000076"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_62#4&3b1d9ab8&0&4140#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0016"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6B84BED4-1C6E-4AF1-8F42-5CB52EB0B357}"
.\debug.cpp(400) : Destination "\Device\{6B84BED4-1C6E-4AF1-8F42-5CB52EB0B357}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination "\Device\DmControl\DmIoDaemon"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\BrUscan0"
.\debug.cpp(400) : Destination "\Device\BrUscan0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW__DVR-108_________________1.18____#4400444A3143353233385737204C202020202020#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#5&39e669da&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CC136973-41E5-44C0-B654-3EE2A99721BC}"
.\debug.cpp(400) : Destination "\Device\{CC136973-41E5-44C0-B654-3EE2A99721BC}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526S___________________YS0N____#4&17bd413c&0&1.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_00511102&REV_03#4&3b1d9ab8&0&4840#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTSBLFX.SYS"
.\debug.cpp(400) : Destination "\Device\CTSBLFX.SYS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#5&246dc21a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0066&SUBSYS_1C00147B&REV_A1#3&13c0b0c5&0&20#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination "\Device\RdpDrDvMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature9D38396EOffset7E00Length4C8AE0600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FDC#GENERIC_FLOPPY_DRIVE#4&33bc18fa&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\FloppyPDO0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMAXTOR_6L060J3__________________________A93.0500#3636323333313133333735352020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000075"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2bca0ac8&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04f9&Pid_01ea&MI_00#7&3a74fdf8&0&0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}"
.\debug.cpp(400) : Destination "\Device\00000089"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_4001&SUBSYS_00101102&REV_00#4&3b1d9ab8&0&4A40#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2CCF4F9E-78A5-4EA2-98C3-71FC0CF1258D}"
.\debug.cpp(400) : Destination "\Device\{2CCF4F9E-78A5-4EA2-98C3-71FC0CF1258D}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_31041106&REV_65#4&3b1d9ab8&0&4240#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0067&SUBSYS_1C00147B&REV_A3#3&13c0b0c5&0&10#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureD958D958Offset7E00LengthDF9F38600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#3&13c0b0c5&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_7003&SUBSYS_00401102&REV_03#4&3b1d9ab8&0&4940#{cae56030-684a-11d0-d6f6-00a0c90f57da}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0019"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{71A8BE27-22EE-4C8A-8F8F-80066F8410E8}"
.\debug.cpp(400) : Destination "\Device\{71A8BE27-22EE-4C8A-8F8F-80066F8410E8}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\EMUPIA"
.\debug.cpp(400) : Destination "\Device\EMUPIA"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Other&Ven_WD&Prod_SES_Device&Rev_2003#574341563531383335313038&2#{57edcd85-0281-4893-a224-6719f892b1a4}"
.\debug.cpp(400) : Destination "\Device\00000086"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{b23e6b74-321c-11df-a0fe-00508dfb5174}"
.\debug.cpp(400) : Destination "\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) : Destination "\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_62#4&3b1d9ab8&0&4040#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0015"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_6_Model_10#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DR4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination "\Device\USBFDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{241ee7c6-2e5a-11df-a0e9-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&13c0b0c5&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000066"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2"
.\debug.cpp(400) : Destination "\Device\CdRom2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4E48&SUBSYS_00021002&REV_00#4&102ac5bc&0&00F0#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination "\Device\USBFDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C679BAA4-197C-4C0F-BF97-046A4ADAD93C}"
.\debug.cpp(400) : Destination "\Device\{C679BAA4-197C-4C0F-BF97-046A4ADAD93C}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_00511102&REV_03#4&3b1d9ab8&0&4840#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\iPodDrv"
.\debug.cpp(400) : Destination "\Device\iPodDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_00511102&REV_03#4&3b1d9ab8&0&4840#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTAUDFX.SYS"
.\debug.cpp(400) : Destination "\Device\CTAUDFX.SYS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&19105a23&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{900D2E89-79AE-4592-BAB4-C5548668449B}"
.\debug.cpp(400) : Destination "\Device\{900D2E89-79AE-4592-BAB4-C5548668449B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_4E68&SUBSYS_00031002&REV_00#4&102ac5bc&0&01F0#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0022"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination "\Device\DmControl\DmConfig"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_WD&Prod_My_Book_1110&Rev_2003#574341563531383335313038&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000084"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bcf3c818-2e00-11df-b1c1-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{241ee7c7-2e5a-11df-a0e9-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{572763a4-2e4f-11df-a73a-cb09e5df215d}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#5&16e4c77d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTPROXY"
.\debug.cpp(400) : Destination "\Device\CTPROXY"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITEON_CD-ROM_LTN526S___________________YS0N____#4&17bd413c&0&1.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination "\Device\DmControl\DmTrace"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{bcf3c81d-2e00-11df-b1c1-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\A:"
.\debug.cpp(400) : Destination "\Device\Floppy0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\NvAta0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VIAVulfntr"
.\debug.cpp(400) : Destination "\Device\VIA_Vulfntr_Driver"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2e7fa296&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0067&SUBSYS_1C00147B&REV_A3#3&13c0b0c5&0&11#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04f9&Pid_01ea&MI_01#7&3a74fdf8&0&0001#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\0000008a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureBBC00DEFOffset100000LengthE8B6E00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HA10KX2K"
.\debug.cpp(400) : Destination "\Device\HA10KX2K"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination "\Device\DmLoader"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#CdRom&Ven_WD&Prod_Virtual_CD_1110&Rev_2003#574341563531383335313038&1#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_00511102&REV_03#4&3b1d9ab8&0&4840#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_04f9&Pid_01ea#000B0N795999#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COMMONFX.SYS"
.\debug.cpp(400) : Destination "\Device\COMMONFX.SYS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C9112303-ADEB-420A-A1F4-EFA5F49DF9A2}"
.\debug.cpp(400) : Destination "\Device\{C9112303-ADEB-420A-A1F4-EFA5F49DF9A2}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_0023#6&1520ba51&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\00000088"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1102&DEV_0004&SUBSYS_00511102&REV_03#4&3b1d9ab8&0&4840#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&14ab428d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#CdRom&Ven_WD&Prod_Virtual_CD_1110&Rev_2003#574341563531383335313038&1#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000085"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW__DVR-108_________________1.18____#4400444A3143353233385737204C202020202020#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0068&SUBSYS_1C00147B&REV_A3#3&13c0b0c5&0&12#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPIONEER_DVD-RW__DVR-108_________________1.18____#4400444A3143353233385737204C202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000077"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_045e&Pid_0023#6&1520ba51&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000088"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_045e&Pid_0023#5&16ac72b8&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTAC32K"
.\debug.cpp(400) : Destination "\Device\CTAC32K"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2FE8E57A-5A11-4A5D-8933-6B0AF319C92C}"
.\debug.cpp(400) : Destination "\Device\{2FE8E57A-5A11-4A5D-8933-6B0AF319C92C}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_1058&Pid_1110#574341563531383335313038#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CTSFM2K"
.\debug.cpp(400) : Destination "\Device\CTSFM2K"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination "\Device\DmControl\DmInfo"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
.\diskio.cpp(67) : SPTI_Read(): DeviceIoControl() ERROR 1
.\boot_cleaner.cpp(236) : ERROR: DISK_READ() fails for \\.\PhysicalDrive0
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 55 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1151) : Done;
 
That log is ok.

Reckon you can try an on-line scan?

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

 
ok will do, i just want to think you for hanging in there with me through this. I have cleaned a few puters before, but never to this extent. You are awsome!!!!!!!!!
I will post the logs after the scan finishes. may be tomorrow because it is almost midnight here on the west coast of Canada.
cheers
 
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ucwfs.sys.vir a variant of Win32/Bubnix.BD trojan
I:\D Back_up\Nero 7.10.1.0 By M3ZKAL\Nero 7.10.1.0.exe Win32/Toolbar.AskSBar application
I:\WD_SmartWare\454102407082441594CD0E4641CCB98B\C_\LimeWire\dirty dancer newkidsontheblock.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
I:\WD_SmartWare\454102407082441594CD0E4641CCB98B\C_\LimeWire\numb linkin park.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
I:\WD_SmartWare\454102407082441594CD0E4641CCB98B\C_\LimeWire\tatoo jordan sparks.mp3 WMA/TrojanDownloader.GetCodec.C trojan
 
log.txt, from ESE online scanner, the above was what it found. just thought i would post that to..


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f37d17896316d148ae8be1a7d695bb9e
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-29 07:50:12
# local_time=2010-10-29 12:50:12 (-0800, Pacific Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775145 100 93 0 47311005 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88375
# found=5
# cleaned=0
# scan_time=1900
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ucwfs.sys.vir a variant of Win32/Bubnix.BD trojan 00000000000000000000000000000000 I
I:\D Back_up\Nero 7.10.1.0 By M3ZKAL\Nero 7.10.1.0.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
I:\WD_SmartWare\454102407082441594CD0E4641CCB98B\C_\LimeWire\dirty dancer newkidsontheblock.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
I:\WD_SmartWare\454102407082441594CD0E4641CCB98B\C_\LimeWire\numb linkin park.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
I:\WD_SmartWare\454102407082441594CD0E4641CCB98B\C_\LimeWire\tatoo jordan sparks.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I
 
You can have Eset remove them by rescanning and selecting the remove option.

How is the PC at the moment?
 
All is well!!!!

Well I have been at work all day but the wife has been on the PC, she said that there has been no re-directing or host process's stopping. So I would say it is running very well at the moment. Again thank you for your help. Now if I can remember everything that you and I did I should be able to fix my kids pc as well. hey are having the same type of problems..
 
ok will do. do i need to remove any of the software that you had me install or is it ok to just leave it on the pc
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
406
Fastturtle
F
D
New LogoFAIL exploit leaves Windows and Linux users vulnerable to remote attacks
Replies
1
Views
286
Gezzer
G
Daniel Sims
Microsoft and Intel nail down what an "AI PC" is
Replies
18
Views
276
hwertz
hwertz

Latest posts

Back